Updated: February 19, 2026

This Privacy Policy applies to the Taloma mobile application and related digital service (the “Service”). The controller of personal data is Tohmoco Oy (Business ID 3387948-8), Helsinki, Finland (“Taloma”, “we”, “us”).

1. Personal Data We Collect

We collect the following categories of personal data:

Information You Provide

  • Name and email address
  • Account profile information
  • Property-related information
  • Maintenance records and reminders
  • Uploaded documents, photos and receipts
  • Customer support communications

Information Collected Automatically

  • IP address
  • Device type and operating system
  • Application version
  • Push notification identifier (FCM token)
  • Technical log data

Subscription Information

  • Subscription status and validity period
  • Store transaction identifiers
  • RevenueCat customer identifier
Taloma does not process or store payment card details. Payments are handled by Apple App Store or Google Play.

2. Purposes and Legal Bases

We process personal data for the following purposes:
  • To provide and operate the Service (GDPR Art. 6(1)(b))
  • To improve the Service and ensure security (Art. 6(1)(f))
  • To comply with legal obligations (Art. 6(1)(c))
  • For communication based on consent where applicable (Art. 6(1)(a))

3. Data Sharing and Processors

Personal data may be processed by trusted service providers:
  • Supabase (AWS EU) – database and storage
  • Google Firebase – push notifications
  • RevenueCat – subscription management
  • Google Gemini – receipt text recognition
  • MET Norway (yr.no) – weather data processing
  • Apple / Google – payment processing
These entities act as data processors or independent controllers under their own privacy policies. We do not sell personal data.

4. International Transfers

If personal data is transferred outside the EU/EEA, transfers are based on:
  • EU Commission Standard Contractual Clauses (SCC), or
  • EU–US Data Privacy Framework where applicable

5. Data Retention

We retain personal data only as long as necessary:
  • Account data: for the duration of the account
  • Technical logs: up to 12 months
  • Customer support communications: up to 12 months
  • Accounting records: 6 years

6. Your Rights

Under GDPR, you have the right to:
  • Access your personal data
  • Rectify inaccurate data
  • Erase your data
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent
You may delete your account within the application settings.

7. Data Security

We implement appropriate technical and organizational measures, including:
  • Encryption in transit (TLS/SSL)
  • Access control mechanisms
  • Secure cloud infrastructure

8. Supervisory Authority

You have the right to lodge a complaint with the Finnish Data Protection Ombudsman (www.tietosuoja.fi).

9. Changes to This Policy

We may update this Privacy Policy. The latest version is always available on our website.