← Kloks

Privacy Policy

Last updated: April 2026

1. Who We Are

Kloks is a family and community platform operated from Finland. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018).

Data controller: Kloks · Finland
Contact: privacy@kloks.fi

2. What Personal Data We Collect

We collect only the minimum data necessary to operate the service:

  • Email address — required for authentication (password login or magic-link sign-in) and to send essential service notifications.
  • Display name (optional) — used to identify you within your groups. You can change or remove this at any time.
  • Group membership data — records of which groups you belong to and your role (admin / editor / viewer).
  • Account activity timestamps — date of account creation and acceptance of these terms, for legal compliance.

We do not collect location data, device identifiers, or behavioural analytics.

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

  • Performance of a contract (Art. 6(1)(b)) — processing your email and membership data to provide the core service you signed up for.
  • Legal obligation (Art. 6(1)(c)) — retaining certain records as required by Finnish law.
  • Consent (Art. 6(1)(a)) — for any optional features or communications beyond what is strictly necessary to operate the service.

4. How We Use Your Data

  • Authenticating you when you log in.
  • Displaying your name and profile to other members of your groups.
  • Sending transactional emails (e.g. magic-link codes, group invitations).
  • Maintaining the security and integrity of the platform.

We do not sell your data, use it for advertising, or share it with third parties except as necessary to operate the service (e.g. our email delivery provider).

5. Data Retention

We retain your personal data for as long as your account is active. When you delete your account, your personal data (email, name) is immediately anonymised and your account is deactivated. Certain anonymised records may be retained for legal or operational purposes for up to 12 months after deletion.

6. Your Rights Under GDPR

As a data subject you have the following rights, which you can exercise by contacting us at privacy@kloks.fi or through your profile settings:

  • Right of access (Art. 15) — request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data. You can update your name directly in your profile.
  • Right to erasure (Art. 17) — delete your account and all associated personal data. Available directly from your profile settings.
  • Right to restriction (Art. 18) — ask us to limit processing of your data in certain circumstances.
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

We will respond to requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu) tietosuoja.fi.

7. Data Storage & Security

All data is stored on servers located within the European Union. We use encryption in transit (TLS 1.2+) and at rest. Access to production systems is restricted to authorised personnel only. We regularly review our security practices.

8. Cookies & Local Storage

Kloks uses only technically necessary cookies and browser local storage for session management and authentication tokens. We do not use tracking cookies, third-party analytics, or any cookies that require explicit consent under the EU ePrivacy Directive / Finnish law.

9. Third-Party Services

We use a limited number of carefully selected processors, all of which are GDPR-compliant and operate under data processing agreements:

  • Email delivery provider — to send authentication codes and service notifications. Only your email address is shared.

No data is transferred outside the EU/EEA without appropriate safeguards.

10. Children

The service is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notification at least 30 days before taking effect. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

For any privacy-related questions or to exercise your rights:
Kloks · Finland
privacy@kloks.fi

→ View Terms of Service