Legal

Privacy Policy

Effective date: 3 June 2026 · Last updated: 3 June 2026

1. Who we are

Olakino Oy (the data controller) is responsible for the personal data described in this policy. We are a company registered in Finland.

• Company: Olakino Oy
• Business ID (Y-tunnus): 3275660-3 · EUID FI32756603
• Registered address: [REG_ADDRESS], Helsinki, Finland
• Privacy contact: pauliina@olakino.fi

2. What this policy covers

This policy applies to our website at olakino.fi (including the waitlist and contact forms) and to the Olakino mobile and web application and related services (together, the "App" and "Services"). Where a section applies only once you use the App, we say so.

Today, if you only visit the website and join the waitlist, the only personal data we hold about you is your email address and basic technical information. The health-data sections below describe processing that begins when you create an account and connect a device in the App.

3. Data we collect

Information you give us

• Waitlist & contact: your email address (and any message or company details you submit).
• Account (App): name, email, password credentials, and profile details such as age range, goals or preferences you choose to provide.
• Support: the contents of messages you send us.

Information from connected devices and services (App)

• Continuous glucose monitor (CGM) data such as glucose readings and trends.
• Wearable and sensor data such as heart-rate variability (HRV), sleep, activity and similar biometric signals you choose to connect.
• Lifestyle inputs you log, such as meals, notes or symptoms.

Information collected automatically

• Technical data: IP address, device and browser type, and similar log information, used to operate the site securely and prevent abuse.
• Usage data: how you interact with the site or App. [ANALYTICS - confirm whether any analytics tools are used.]

4. Health data - special category

Glucose, HRV and similar measurements are data concerning health, a special category of personal data under Article 9 GDPR. We only process this data on the basis of your explicit consent, which you give when you connect a device or enable a feature that uses it. You can withdraw that consent at any time - see Your rights. Withdrawing consent stops future processing but does not affect anything done before you withdrew it.

Olakino provides wellness guidance. It is not a medical device and does not provide medical diagnosis or treatment. See our Terms of Service for the full health disclaimer.

5. Why we use your data and our legal bases

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without human involvement.

6. Who we share your data with

We do not sell your personal data. We share it only with:

• Service providers (processors) who work on our behalf under data-processing agreements, for example hosting, content delivery, form handling and email. These currently include [PROCESSORS - e.g. Cloudflare (hosting/CDN), Formspree (form submissions), Google Workspace (email)].
• Research and clinical partners where you have consented or where data has been anonymised, for example in validation work with our clinical partners. [ODL_SHARING - confirm exact terms.]
• Authorities or advisors where required by law, or to establish, exercise or defend legal claims.
• A successor if Olakino is involved in a merger, acquisition or sale of assets, subject to this policy.

7. International transfers

We aim to keep your data within the European Economic Area (EEA). Where a provider processes data outside the EEA, we rely on appropriate safeguards such as European Commission adequacy decisions or Standard Contractual Clauses. You can ask us for details of the safeguards in place. [PROCESSORS - note any US-based providers and the safeguard relied on.]

8. How long we keep your data

We keep personal data only as long as needed for the purposes above, then delete or anonymise it.

• Waitlist email: until you ask us to remove you or we launch and you decline to continue. [RETENTION]
• Account and health data: for as long as your account is active, then deleted within [RETENTION] after closure, unless we must keep records longer by law.
• Accounting records: as required by Finnish law.

9. Your rights

Under the GDPR you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data erased;
• restrict or object to our processing;
• receive your data in a portable format;
• withdraw consent at any time, where we rely on consent.

To exercise any of these, email pauliina@olakino.fi. You also have the right to lodge a complaint with the Finnish supervisory authority, the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto, tietosuoja.fi).

10. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls and limiting who can see health data. No system is perfectly secure, but we work to protect your information and will notify you and the authorities of a personal-data breach where the law requires.

11. Cookies

Our website uses cookies and similar technologies that are strictly necessary to operate and secure the site. [ANALYTICS - if you add analytics or marketing cookies, we must ask for consent first and list them here.]

12. Children

Olakino is not directed at children. You must be at least 16 years old (or the age of digital consent in your country) to use the Services. We do not knowingly collect data from children below that age.

13. Changes to this policy

We may update this policy from time to time. We will post the updated version here and change the "last updated" date. If changes are significant, we will let you know by email or in the App.

14. Contact

Questions about this policy or your data? Email pauliina@olakino.fi or write to Olakino Oy, [REG_ADDRESS], Helsinki, Finland.