Privacy Policy

Last updated: June 2026

This Privacy Policy explains how Righthere Oy ("Righthere", "we", "us") processes personal data when you use the Righthere mobile app, the righthere.fi website, and the online booking calendar at book.righthere.fi.

Finnish version: Tietosuojaseloste

1. Data controller

Righthere Oy
Erkki Koiso-Kanttilan katu 1
90014 University of Oulu, Finland
Business ID: 2893031-4

Contact: Petri Ahokangas (petri@righthere.fi)
Support: tuki@righthere.fi

2. Scope

This policy applies to:

Righthere mobile app (Android and iOS) for service providers and customers
righthere.fi marketing and information website
book.righthere.fi public booking calendar linked from shops

3. Personal data we collect

We collect only data needed to provide and improve our services. Categories include:

Account and profile

Data	Examples
Identity & contact	Name, email address, phone number
Authentication	Firebase user ID, account credentials (password stored in hashed form)
Account type	Provider or customer role
Preferences	App language and locale settings

Shop and business profile (providers)

Data	Examples
Business details	Shop name, description, contact phone, website URL
Location	Address, city, postal code, country, latitude/longitude
Services & products	Service names, descriptions, prices, durations, availability schedules
Staff	Provider names linked to a shop

Bookings and reservations

Data	Examples
Reservation details	Date, time, service or product, status, participant count
Customer link	Customer account ID or guest booking details
Additional info	Notes or messages provided with a booking

Booking calendar guests (book.righthere.fi)

When someone books without a Righthere account, we may collect:

Name, email address, and phone number
Booking selections and timestamps
Session identifiers needed to complete the booking flow

Device and notifications

Push notification tokens (Firebase Cloud Messaging) to deliver booking alerts and service messages
Device and app identifiers used by Firebase for messaging and analytics

Subscriptions and payments

Paid subscriptions for providers are processed through Apple App Store or Google Play, with subscription status managed via RevenueCat. We receive subscription status and product identifiers; we do not receive or store full payment card details.

Technical and usage data

Firebase Authentication, Firestore sync, and Cloud Messaging logs
Firebase Analytics events from the mobile app (where enabled)
Google Analytics on righthere.fi (website usage statistics)
Server and error logs for security and troubleshooting

4. Purposes and legal bases

Purpose	Legal basis (GDPR Art. 6)
Creating and managing user accounts	Performance of a contract
Providing booking, calendar, and shop management features	Performance of a contract
Processing and displaying reservations	Performance of a contract
Sending booking confirmations and service notifications (email, push)	Performance of a contract; legitimate interest
Managing paid subscriptions	Performance of a contract
Securing services, preventing abuse, and fixing errors	Legitimate interest
Understanding how our website and booking calendar are used	Consent (analytics cookies on book.righthere.fi); legitimate interest (aggregated app analytics)
Complying with legal obligations	Legal obligation

We do not use your personal data for direct marketing unless you have given separate consent or applicable law otherwise permits it.

5. Third-party processors

We use trusted service providers to operate Righthere. They process data on our instructions and under appropriate agreements:

Google Firebase — Authentication, Firestore database, Cloud Messaging (push), Analytics (Google privacy)
Google Play / Apple App Store — In-app subscription billing
RevenueCat — Subscription status and entitlement management (RevenueCat privacy)
MailerSend — Transactional email (e.g. booking confirmations)
Google Analytics — Website usage on righthere.fi

Shop data may also be visible to customers who use a shop's public booking link, as required for the booking service.

6. International transfers

Our primary infrastructure uses Google Cloud / Firebase, which may store or process data in the European Economic Area and in other countries (including the United States). When data is transferred outside the EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and the provider's compliance programs. Some subprocessors (for example Google, RevenueCat, or MailerSend) may process data globally.

7. Retention

Account data — retained while your account is active and for a reasonable period afterward if needed for legal claims or backup integrity
Shop, service, and availability data — retained while the shop uses the service; deleted or anonymised after account closure where no longer required
Reservations and guest bookings — retained as long as needed for the booking relationship, accounting, and dispute resolution
Push tokens — until you disable notifications or uninstall the app
Subscription records — retained as required for billing, tax, and legal compliance
Analytics and logs — retained according to each provider's settings, typically from a few months up to limited aggregated periods

You may request deletion of personal data subject to legal retention requirements (see Section 8).

8. Your rights

Under the EU General Data Protection Regulation (GDPR), you have the right to:

Access the personal data we hold about you
Rectify inaccurate or incomplete data
Request erasure ("right to be forgotten") where applicable
Restrict or object to certain processing
Data portability for data you provided in a structured format
Withdraw consent at any time (without affecting prior lawful processing)
Lodge a complaint with a supervisory authority

To exercise your rights, contact petri@righthere.fi or tuki@righthere.fi.

Finnish supervisory authority: Tietosuojavaltuutettu (Office of the Data Protection Ombudsman).

9. Cookies and similar technologies

righthere.fi website

We use Google Analytics cookies to understand website traffic. These are analytics cookies; you can limit tracking through your browser settings or opt-out tools provided by Google.

book.righthere.fi booking calendar

Essential cookies and local storage are used for session management, language preference, and completing bookings. Optional analytics cookies are used only if you accept them in the cookie banner. See this policy for details on data collected.

Mobile app

The app uses device identifiers and local storage for login sessions and settings. Push notifications require a device token stored with Firebase.

10. Children

Righthere is a business service for booking and providing services. It is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Security

We use industry-standard measures including encrypted connections (HTTPS/TLS), authenticated access to backend systems, and access controls limiting personal data to personnel who need it to maintain the service. No method of transmission or storage is completely secure; we work to protect your data but cannot guarantee absolute security.

12. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always published at this URL. Material changes will be noted on our website. Continued use of the services after an update constitutes acceptance of the revised policy where permitted by law.