EN · FI Sign In Sign Up
Privacy · Last updated [set on launch]

Privacy policy

The short version: we keep what we need to run the service, we don't sell your data, and you can delete your account at any time.

Summary

Asuntokaupat ("we", "us") operates asuntokaupat.io. This policy explains what personal data we process about you when you visit the site or hold an account, and what your rights are under the GDPR and the Finnish Data Protection Act.

What we collect

If you only browse

  • Server logs of HTTP requests for security and debugging — IP address, user agent, URL. Rotated after 14 days.
  • A first-party session cookie if you start a sign-in flow. No third-party trackers, no advertising cookies, no fingerprinting.

If you hold an account

  • Email address, name (optional), hashed password (bcrypt).
  • If you sign in with Google, the OAuth subject ID and email address Google returns. We do not receive your Google password.
  • Saved searches, watchlist entries, alert preferences.
  • Login timestamps and IP addresses for the last 30 sessions.

Why we collect it

  • To run the product (legal basis: contract). Saved searches need a user to save them to.
  • To prevent abuse (legal basis: legitimate interest). Server logs and login timestamps catch credential-stuffing attempts.
  • To send service notifications (legal basis: contract). Price-drop alerts are the whole point of saved searches; we don't send marketing without separate opt-in.
  • To generate AI property summaries on request (legal basis: contract). When you click "Generate description" on a listing, we send the property's public attributes to Anthropic's Claude API and store the result against the listing.

Retention

  • Account data: kept while your account is active. We delete it within 30 days of you closing the account.
  • Server logs: 14 days.
  • Saved searches and watchlist entries: deleted with the account.
  • Generated AI descriptions: cached against the listing, not against you, so they survive your account being deleted.

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. To exercise any of these, email privacy@asuntokaupat.io. You can also delete your account directly from your profile page; that removes everything except billing records we're legally required to keep.

If you think we're handling your data badly, you can complain to the Finnish Data Protection Ombudsman at tietosuoja.fi.

Cookies

We use a Flask session cookie to remember that you're signed in, plus a CSRF-protection token on form submissions. Both are first-party, HTTP-only, and tied to the current session. No analytics cookies, no advertising cookies, no third-party trackers.

Contact

Asuntokaupat · Helsinki, Finland
Data protection: privacy@asuntokaupat.io