Back to Home

Privacy Policy

Last updated: 13.2.2026

Data Controller

Sirius® Business ID: 1189124-0 Legal Representative: Susanna Vartiainen Myllyharjuntie 13, 71800 Siilinjärvi, Finland Email: info@siriusdog.fi

Purpose of Data Processing

We process personal data for the following purposes:

  • Creating and managing user accounts
  • Providing and maintaining the service
  • Processing subscriptions and payments
  • Tracking dog fitness and health data
  • Customer communication and support

Legal Basis for Processing

Personal data processing is based on:

  • Contract – to fulfill the terms of service
  • Consent – for marketing communications
  • Legitimate interest – service development and security

Data Collected

User Data

  • Email address
  • Username
  • Password (encrypted, not readable)
  • Account creation date
  • Last login time

Dog Data

  • Dog name
  • Breed
  • Birthday
  • Profile photo (optional)

Activity Data

  • Fitness path completion records
  • Functional test results
  • Weekly plans
  • Calendar entries
  • Weight tracking
  • Survey responses

Payment Data

  • Subscription status and type
  • Stripe customer identifier (payment details handled by Stripe)
  • Purchase history

We do not process or store your credit card information. All payment transactions are handled by Stripe Inc., whose privacy policy can be found at stripe.com/privacy.

Data Processing and Storage Location

Your data is processed and stored within the European Union: • Database: Stockholm, Sweden (MongoDB Atlas) • Media files: Frankfurt, Germany (Amazon S3, eu-central-1) Your data is not transferred outside the EU/EEA, except through third-party services (see below).

International Data Transfers

Stripe Inc. may process payment data outside the EU/EEA. These transfers are protected by EU Standard Contractual Clauses (SCCs) and/or EU adequacy decisions. Vercel Inc. (service hosting) uses a global CDN, but application functions are executed in Europe.

Data Sharing

We do not sell, rent, or share your personal data with third parties except in the following cases:

  • Stripe Inc. – payment processing
  • Vercel Inc. – service hosting (service provider)
  • MongoDB Inc. – data storage (cloud service, EU)
  • Amazon Web Services – media file storage (EU)
  • When required by law or requested by authorities

Cookies

We only use essential session cookies to maintain your login state. We do not use tracking or analytics cookies.

CookiePurposeDuration
sirius_sessionLogin state7 days

Data Retention

We retain your data as follows: • User data, dog data, and activity data: deleted immediately upon account deletion. • Media files (images): deleted immediately upon account deletion. • Payment history: retained for 6 years in accordance with the Finnish Accounting Act. You may request deletion of your data at any time by deleting your account from your profile settings or by contacting us via email.

Age Requirement

Our service is intended for users who are at least 16 years old. We do not knowingly collect personal data from individuals under 16. If we become aware that a person under 16 has registered, we will delete their account and data without delay.

Your Rights

Under the EU General Data Protection Regulation (GDPR), you have the following rights:

  • Right to access your data
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi)

You can exercise your rights by contacting us at: info@siriusdog.fi

Data Breach Notification

In the event of a personal data breach, we will notify affected users and the Finnish Data Protection Authority within 72 hours as required by GDPR Article 33.

Data Security

We protect your data with technical and organizational measures:

  • Passwords are encrypted with strong hashing (bcrypt)
  • Sessions are protected with encrypted cookies (HttpOnly, Secure)
  • Data transfer is encrypted (HTTPS/TLS)
  • Access to data is restricted through access controls
  • CSRF protection for state-changing requests
  • Rate limiting on API calls to prevent abuse

Do Not Track Signals

We do not track users across third-party websites and do not respond to Do Not Track (DNT) browser signals.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

Rights for California Residents

Under the California Consumer Privacy Act (CCPA/CPRA), California residents have additional rights:

  • Right to know what personal data we collect and how it is used
  • Right to request deletion of personal data
  • Right to opt out of the sale of personal data – We do not sell your personal data
  • Right to non-discrimination for exercising your rights

You can exercise your rights by contacting us at: info@siriusdog.fi. We will respond to requests within 30 days.

Changes to This Policy

We reserve the right to update this privacy policy. Significant changes will be communicated through the service.

Contact

For privacy-related questions, contact us: Sirius® Susanna Vartiainen Myllyharjuntie 13, 71800 Siilinjärvi, Finland info@siriusdog.fi