Finnokas is operated by Joe, an independent developer based in the UK. When this policy says "we", "us", or "our", it means Joe operating Finnokas at
finnokas.com. For any privacy-related questions, contact
support@finnokas.com.
We collect only what's needed to run the service:
- Account data - your email address and password, stored securely using industry-standard hashing and authentication practices
- Profile data - your first name and learning goals, which you provide during onboarding
- Learning data - your word bank, grammar entries, drill sessions, and study history
- Usage data - basic session and activity data needed to deliver the service (e.g. daily study minutes, streak data)
- Payment data - if you subscribe to Pro, payments are handled by a regulated third-party payment processor. We do not store or have access to your card details
We use your data to:
- Provide and maintain your Finnokas account and learning experience
- Send transactional emails - account confirmation, password resets, and important service notices
- Process Pro subscription payments via a regulated payment processor
- Improve the service based on how it is used in aggregate
We do not use your data for advertising, and we do not sell it to third parties.
To operate Finnokas we engage a small number of third-party sub-processors. Each is used solely for the purpose described and is contractually prohibited from using your data for any other purpose:
- Database and authentication - your account credentials and learning data are stored in a managed cloud database hosted in EU data centres
- Payment processing - Pro subscription payments are handled by a PCI-DSS compliant payment processor. We never receive or store your card details
- Transactional email - a third-party email provider is used solely to send account-related messages such as confirmation and password reset emails
- Website hosting - the application is served via a third-party hosting platform. No personal data is stored at this layer
- AI processing - certain features send limited content to a third-party AI provider for processing. This data is used only to generate the requested output and is not retained or used for training
We do not share your data with any third party beyond what is strictly necessary to provide the service.
Your data is stored in EU-region infrastructure. Access controls ensure your data is only accessible to your own account - other users cannot view or interact with it. Passwords are hashed using industry-standard algorithms and are never stored in plain text. We take reasonable and appropriate technical measures to protect your data against unauthorised access, loss, or disclosure. No system is completely secure - please use a strong, unique password and keep your login details confidential.
Under UK GDPR, you have the right to:
- Access a copy of the personal data we hold about you
- Correct any inaccurate data
- Request deletion of your account and all associated data
- Object to or restrict certain processing
- Data portability - receive your data in a machine-readable format
To exercise any of these rights, email
support@finnokas.com. We will respond within 30 days.
We retain your data for as long as your account is active. If you request account deletion, we will permanently delete your data within 30 days. Anonymised aggregate data (e.g. total number of users) may be retained indefinitely as it cannot be linked back to you.
Finnokas uses only functional cookies and local storage necessary to keep you signed in and maintain your session. We do not use tracking or advertising cookies.
Finnokas is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this policy from time to time. If we make significant changes, we will notify you by email or in-app notice before they take effect. The date at the top of this page will always reflect the most recent version.