Privacy Policy

This Privacy Policy explains how suomikuvat.fi (the “Service”) collects, uses, and shares personal information. By using the Service, you agree to the practices described here.

1. Who we are & Contact

We operate suomikuvat.fi. If you have questions about this Policy or your data, please contact us via the contact page.

2. What we collect

• Account data: username, email address, password (stored as a one‑way hash).
• Profile & content: images you upload, titles, descriptions, tags, and other information you provide.
• Direct communications: messages you send through the Service (e.g., contact form).
• Technical data: IP address, browser user agent, basic device info, and timestamps. We use these for security (e.g., abuse prevention, session protection) and to operate the Service.
• Cookies and local storage: strictly necessary cookies for login/session and optional preferences (see “Cookies” below).

3. How we use your information

• Provide, maintain, and improve the Service (including authentication and core features).
• Protect the Service and users (e.g., rate‑limiting, fraud/abuse prevention, session security, moderation).
• Communicate with you (e.g., password resets, service notices, replies to contact requests).
• Comply with legal obligations and enforce our Terms of Service.

4. Legal bases (EU/EEA)

If you are in the EU/EEA, our processing is based on: (a) performance of a contract (operating your account and the Service), (b) our legitimate interests (security, moderation, improvement), (c) your consent (where applicable, e.g., non‑essential storage), and (d) legal obligations.

5. Sharing and disclosure

• Service providers: We may use hosting, email, or infrastructure providers to deliver the Service. They process data on our behalf under appropriate safeguards.
• Legal and safety: We may disclose information if required by law or to protect rights, safety, and the integrity of the Service.
• Public content: Content you post publicly (e.g., uploads) may be viewable by others worldwide.

6. International transfers

Your content may be accessible globally. Where data is processed outside your jurisdiction, we rely on appropriate safeguards provided by our service providers when applicable.

7. Data retention

• Account data is kept for as long as your account exists. You can request deletion (see “Your rights”).
• Content you publish is retained until you remove it or your account is deleted, subject to backups and moderation requirements.
• Security logs and technical records are retained for a limited time necessary for security, debugging, and compliance.

8. Your rights

Depending on your location, you may have the right to access, rectify, delete, restrict, or object to processing of your personal data, and to data portability. To exercise these rights, please contact us via the contact page. You may also have the right to lodge a complaint with your local data protection authority.

9. Security

We implement technical and organizational measures to protect your data (e.g., HTTPS/TLS in transit, secure session handling, CSRF protection, and periodic session rotation). However, no online service can guarantee absolute security.

10. Children

The Service is not directed to children under 13. If you believe we hold data about a child under 13, please contact us so we can take appropriate action.

11. Cookies & local storage

• Strictly necessary cookies (required):
  • PHPSESSID — session cookie for login and security (HttpOnly, SameSite=Lax, Secure over HTTPS).
  • remember_me — optional persistent login token (HttpOnly, SameSite=Lax, Secure over HTTPS).
• Preferences: We may store your cookie choice or minor UI preferences in your browser storage.
• Analytics: We do not use third‑party analytics by default. If we enable analytics in the future, we will update this Policy and our consent banner accordingly.
• Your choices: You can control cookies in your browser settings. Disabling strictly necessary cookies may break core features like login.

12. Changes to this Policy

We may update this Policy from time to time. If changes are material, we will provide notice (for example, by posting an announcement on the Service). Your continued use after updates take effect means you accept the revised Policy.