Privacy Policy

1. Overview

Your privacy matters. At GoFindOut, we keep things simple: we collect as little data as possible and protect it carefully.

This Privacy Policy explains how GoFindOut (operated by Magna Products Oy, Business ID: 3465100-4) collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller: Magna Products Oy, Business ID: 3465100-4. For any questions about this policy or your data rights, contact us at hello@gofindout.io.

2. What We Collect

When you use GoFindOut, we may collect:

  • Account Information: If you create an account on app.gofindout.io, you can register either with Google OAuth or with email/password. When registering with Google, we receive your email address and basic profile information from Google. When registering with email/password, we collect your email address and a securely hashed password. You can change your email and password at any time. User data is stored securely on Supabase.
  • User Preferences: You can set optional preferences such as opting in to our newsletter. These preferences are stored in your account profile.
  • Event Submissions: If you submit an event proposal through our TALLY form, we collect the information you provide in the form. Submissions are manually reviewed and may be approved or rejected based on our criteria. Approved submissions may be paid listings, and you may be contacted regarding payment.
  • Event Interactions: We track which events you click on to improve our service and understand user preferences. This data is stored securely in our database (Supabase).
  • Contact Information: If you contact us via email, we collect your email address and any information you provide in your message.
  • Usage Data: Basic information about how you use the app (pages viewed, device type) to improve functionality.
  • Geolocation Data: The web app at app.gofindout.io may ask you to enable geolocation permissions. Location access is optional and handled entirely by your device/browser APIs. Coordinates are used only client-side to show nearby events on the map and in the Explorer page. We do not store geolocation data on our servers, and we do not share it with third parties.

3. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you accept our internal tracking, optional third-party analytics cookies, or subscribe to our newsletter, we process your data based on your consent. You can withdraw consent at any time.
  • Contract Performance: When you create an account, we process your data to provide the service (showing events for 5 days instead of 2) as part of our contract with you. By registering, you automatically accept our Terms of Service and Privacy Policy.
  • Legitimate Interest: We process event interaction data to improve our service and understand user preferences. This is in our legitimate interest to provide a better service, and we believe it does not override your privacy rights.
  • Legal Obligation: We may process data to comply with legal requirements.

4. How We Use Your Data

  • Account Management: To create and manage your account, authenticate you, and allow you to change your email or password. We also support password reset functionality.
  • Service Improvement: To understand which events users find interesting and to improve our event recommendations.
  • Feature Access: Registered users can see events for the next 5 days, while non-registered users see events for the next 2 days.
  • Communication: If you opt in to our newsletter, we may contact you via email to share updates, news, and information about our service. We may also occasionally contact you via email to share important updates, such as the launch of a mobile app or significant service changes. You can unsubscribe from marketing emails at any time through your account preferences or by contacting us.
  • Event Submission Processing: To process event proposals submitted through our TALLY form, including reviewing, approving, or rejecting submissions, and contacting you regarding paid listings if applicable.
  • Security: To keep your account and our service secure.
  • Legal Compliance: To comply with applicable laws and regulations.

5. Data Storage and Security

We use Supabase to securely store and manage your account data and event interactions. Supabase provides enterprise-grade security and encryption. Your password is never stored in plain text, it's securely hashed using industry-standard methods.

Data Location: Your data is stored in Supabase data centers, which are located in the European Union (EU). We do not transfer your personal data outside the EU/EEA without adequate safeguards.

Data Retention: We retain your account data and event interactions for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes (e.g., tax records, which we retain for up to 7 years as required by Finnish law).

While we take security seriously, no system is 100% secure. Please use a strong, unique password and let us know if you suspect any unauthorized access to your account.

Data Breach Notification: In the unlikely event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant data protection authority (the Office of the Data Protection Ombudsman in Finland) without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible. We will provide clear information about the nature of the breach, the likely consequences, and the measures we are taking to address it.

6. Analytics & Cookies

We use Umami Analytics to understand app usage. It's 100% cookieless and privacy-friendly. No personal data is tracked or shared.

Internal Tracking: We offer an optional internal tracking mechanism that helps us improve our service by analyzing user interactions and behavior patterns. This tracking is performed using our own systems, and data is stored securely in our database (Supabase) within the EU. You can accept or decline this internal tracking directly from the cookie banner. If you accept, we may collect anonymized data about how you interact with our service, including page views, timestamps, and user interactions (such as button clicks, icon interactions, etc.) to improve user experience and service quality. This data is processed based on your explicit consent (GDPR Art. 6(1)(a)) and you can withdraw your consent at any time.

Third-Party Analytics: We also offer optional third-party analytics cookies (Google Analytics, Amplitude, MouseFlow) that you can choose to accept or decline independently from our internal tracking. See our Cookie Policy for more details.

7. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of all personal data we hold about you. Contact us at hello@gofindout.io to make a request.
  • Right to Rectification: You can update your email address or password at any time from your account settings. If you need to correct other data, contact us.
  • Right to Erasure ("Right to be Forgotten"): You can delete your account at any time, which will remove your personal information and event interaction data. You can also request deletion of specific data by contacting us.
  • Right to Data Portability: You can request your data in a structured, commonly used, and machine-readable format. Contact us to make a request.
  • Right to Object: You can object to processing of your data based on legitimate interests. You can also unsubscribe from marketing emails at any time.
  • Right to Restrict Processing: You can request that we limit how we process your data in certain circumstances.
  • Right to Withdraw Consent: If we process your data based on consent (e.g., optional cookies), you can withdraw consent at any time. See our Cookie Policy for details.

To exercise any of these rights, contact us at hello@gofindout.io. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Finland, this is the Office of the Data Protection Ombudsman.

8. Third-Party Services

We use the following third-party services to provide our service:

  • Supabase: For authentication (including Google OAuth), data storage, and email delivery via Brevo. Supabase processes your data according to their privacy policy and security standards. Data is stored in the EU.
  • Google: For Google OAuth authentication and Google Places API (New) for geolocation data. When you register with Google, Google processes your data according to their Privacy Policy.
  • Mapbox: For map functionality on our website. Mapbox may process location data according to their Privacy Policy.
  • Brevo: For sending emails through Supabase. Brevo processes email data according to their Privacy Policy.
  • TALLY: For event proposal submissions. TALLY processes form submission data according to their Privacy Policy.

We do not share your personal information with other third parties except as necessary to provide our service or as required by law.

In-App Browser: Some pages may open in an in-app browser (e.g., external forms or legal pages) to keep you within the app interface. No data is tracked or stored from the in-app browser. For external event detail lookups, we open the system browser instead, as many sites block in-app views.

9. Children's Privacy

GoFindOut is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

10. Updates to This Policy

We may update this Privacy Policy from time to time. We'll notify you of significant changes by updating this page and, when appropriate, sending you an email notification.

11. Contact Us

Have questions? Email us at hello@gofindout.io

Magna Products Oy, Business ID: 3465100-4