Privacy Policy

Last updated: 28 March 2026

1. Introduction

Welcome to Has the Dog Pooped? ("the Service", "we", "us", or "our"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Service, in accordance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and applicable Finnish data protection legislation.

The Service is operated by a private individual established in Finland. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is the operator of the Service, a private individual based in Finland. For questions or requests regarding your personal data, please contact us at support@jontzi.com.

3. Personal Data We Collect

We collect and process the following categories of personal data:

  • Account information: name, email address, and profile picture provided by Google when you sign in using Google OAuth;
  • User content: notes and event data you submit when logging your dog's bathroom breaks and feeding events;
  • Session data: session tokens used to keep you signed in.

4. Purpose and Legal Basis for Processing

We process your personal data for the following purposes and on the following legal bases:

  • Providing the Service: to authenticate you, maintain your session, and store your event data (legal basis: performance of a contract, Art. 6(1)(b) GDPR);
  • Improving the Service: to diagnose technical issues and understand usage patterns in order to improve reliability (legal basis: legitimate interest, Art. 6(1)(f) GDPR). We have assessed that this interest does not override your fundamental rights. You have the right to object to this processing at any time by contacting us;
  • Legal obligations: to comply with applicable laws and regulations (legal basis: legal obligation, Art. 6(1)(c) GDPR).

5. Data Sharing and Transfers

We do not sell your personal data. We may share your data with the following categories of recipients only as necessary to provide the Service:

  • Authentication provider: Google, for the purpose of authenticating your identity;
  • Hosting providers: third-party infrastructure services that host the Service and store your data.

Some of our hosting and authentication providers (such as Google) may process data outside the European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or an adequacy decision by the Commission, to protect your data in accordance with Chapter V of the GDPR.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, unless we are required by law to retain it for a longer period. Session data is deleted automatically when your session expires.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you;
  • Right to rectification: request correction of inaccurate or incomplete data;
  • Right to erasure: request deletion of your personal data ("right to be forgotten");
  • Right to restrict processing: request that we limit how we use your data;
  • Right to data portability: receive your data in a structured, commonly used, machine-readable format;
  • Right to object: object to processing based on legitimate interests;
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@jontzi.com. We will respond to your request within one month, as required by the GDPR.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

9. Cookies and Session Storage

The Service uses a session cookie (htdp_session) that is essential for keeping you signed in. This cookie is strictly necessary for the operation of the Service and does not require consent under the ePrivacy Directive. We do not use any analytics or advertising cookies.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you become aware that a child under 13 has provided us with personal data, please contact us and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by reasonable means (such as updating the "Last updated" date at the top of this page or notifying you via the Service) at least 30 days before the changes take effect. We encourage you to review this Privacy Policy periodically. Continued use of the Service after changes take effect constitutes your acceptance of the updated Privacy Policy.

12. Supervisory Authority

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) at tietosuoja.fi, or with the supervisory authority in the EU member state where you reside.

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at support@jontzi.com.