Last updated: 5 April 2026
This Privacy Policy explains how Naruskan Palvelut (“we”, “our”, or “us”) collects, uses, stores, and protects your personal data when you use our mobile application (“Reflect”). We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Finnish data protection legislation.
The data controller responsible for your personal data is:
Naruskan Palvelut
Email: info@naruska.com
For all data protection inquiries, please contact us at the email address above.
Although the App is designed to minimise personal data collection, the following data is processed when you use the App:
When you sign in using Google Sign-In or Sign in with Apple, we receive an authentication identifier (user ID) provided by the respective identity provider. This identifier is used solely to link your app data to your account. Depending on the identity provider and your settings, we may also receive your email address.
The App collects daily check-in responses you provide, which may include:
This data is stored in association with your authentication identifier and is therefore considered personal data under GDPR.
Text content you provide during check-ins is sent to an AI language model (Claude, provided by Anthropic, Inc.) for the purpose of generating personalised feedback. This means your input text is transmitted to Anthropic’s servers for processing.
We process your personal data on the following legal bases under GDPR Article 6:
We use your personal data exclusively for the following purposes:
We do not use your personal data for advertising, profiling for third-party purposes, or any purpose incompatible with those listed above.
We share your data with the following third-party service providers acting as data processors on our behalf:
Your user ID, check-in data, and AI feedback are stored in a Supabase-managed PostgreSQL database. Our Supabase instance is hosted within the European Union. Supabase acts as a data processor and processes data only in accordance with our instructions.
For more information: https://supabase.com/privacy
Text content you submit during check-ins is sent to Anthropic’s Claude API for AI-generated feedback. Anthropic is based in the United States. Data transfers to Anthropic are conducted under Standard Contractual Clauses (SCCs) as the appropriate data transfer mechanism pursuant to GDPR Chapter V. Anthropic processes this data only to provide the AI response and does not use it to train its models by default.
For more information: https://www.anthropic.com/privacy
If you choose to sign in with Google, Google processes your authentication in accordance with its own privacy policy. We receive only the authentication identifier (and potentially email) that Google provides upon successful sign-in.
For more information: https://policies.google.com/privacy
If you choose to Sign in with Apple, Apple processes your authentication in accordance with its own privacy policy. Apple may provide a relayed or anonymised email address.
For more information: https://www.apple.com/legal/privacy/
Subscription and purchase management is handled by RevenueCat. RevenueCat processes transaction data necessary to verify and manage your subscription. Payment details are handled directly by the App Store or Google Play and are never seen or stored by us or RevenueCat.
For more information: https://www.revenuecat.com/privacy
We retain your personal data for as long as your account is active or as necessary to provide you with the service. If you request deletion of your account, your personal data will be deleted within 30 days, except where we are required to retain certain data to comply with legal obligations.
Anonymised and aggregated statistical data, which cannot be linked back to you, may be retained indefinitely for service improvement purposes.
As a data subject, you have the following rights regarding your personal data:
To exercise any of these rights, please contact us at: info@naruska.com
We will respond to your request within 30 days. We may need to verify your identity before fulfilling your request.
You have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) if you believe that we have processed your personal data in violation of applicable data protection law.
Finnish Data Protection Ombudsman:
Website: https://tietosuoja.fi/en
Email: tietosuoja@om.fi
Address: P.O. Box 800, FI-00531 Helsinki, Finland
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration. These measures include:
However, no method of transmission or storage is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.
The App is not intended for use by persons under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at info@naruska.com and we will take steps to delete such data.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of significant changes through the App or by email. The date of the most recent update is shown at the top of this document. We encourage you to review this policy periodically.
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:
Naruskan Palvelut
Email: info@naruska.com
We aim to respond to all inquiries within 5 business days.