Floreza

Floreza

Privacy Policy

Introduction

Codebowl Oy (Business ID 2928570-8) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our Next.js web application (“the Service"). The Service is a login-only application (accessible to everyone) that allows you to input and track general data of your choosing (e.g. daily ratings of your day, personal tags, trackable entries over time). The purpose of the Service is to help you visualize and analyze your own inputs over time. We process all personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable laws. Users under 18 are not allowed to use the Service, and we do not knowingly collect data from children under 18. By using the Service, you confirm that you are at least 18 years old.

Data Controller and Contact

The data controller responsible for your personal data is Codebowl Oy (Y-tunnus: 2928570-8), a company based in Finland. If you have any questions about this Privacy Policy or wish to exercise your data rights (explained below), please contact us at privacy@floreza.app. We will be happy to assist with any privacy-related inquiries.

Personal Data We Collect

We only collect personal data that is necessary to operate the Service and provide you with a secure, personalized experience. This includes:

How We Use Your Data

We use the collected personal data only for the following purposes:

We want to emphasize that we do not use your personal data for any form of advertising, profiling, or selling of data. All processing of your data is strictly limited to what is necessary for the Service that you have signed up for and expect from us.

Legal Bases for Processing

Under the GDPR, we must have a valid legal basis to process your personal data. We rely on the following legal grounds, corresponding to the uses outlined above:

Cookies and Local Storage

Cookies are small text files stored on your device to keep track of certain information. When you use our app, we set a session cookie (and related cookies as needed) that are strictly necessary for the Service to function. For example, after you log in, a secure session cookie keeps you authenticated as you move between pages, so you don't have to log in again on every click. These cookies are considered "strictly necessary cookies" because they enable core functionality (access to the secure, login-only areas of the Service). According to EU privacy rules, such cookies do not require prior consent, though we must still inform you about them gdpr.eu. We do not use any non-essential cookies that track you for analytics or advertising. This means we do not display a cookie consent banner, since we are not using any cookies beyond what is essential for providing the service (in line with the ePrivacy Directive's consent exemption for necessary cookies gdpr.eu). We still want you to know what cookies we use and why:

You can control cookies through your browser settings (for instance, you can delete or block cookies). However, please be aware that if you block necessary cookies like our session cookie, the Service will not function properly (you won't be able to log in or maintain a session).

Local Storage: In addition to cookies, the app may use your browser's local storage for storing data on your device. Local storage is used for purposes such as caching some of your data or saving user interface preferences to improve your experience (for example, storing a setting for how you view data, or temporarily saving input until it's submitted). Like cookies, any data stored in local storage is only used to support the functionality you request; for example, caching your input data locally so the app can quickly show it to you without always pulling from the server. We do not use local storage to store any information that is not strictly necessary for your use of the Service. Data in local storage stays on your device and is not automatically transmitted to us (unless needed for the app's function when you sync it). You are free to clear your browser's local storage at any time, though doing so might reset some settings or cached data in the app.

In summary, we only use essential cookies and local storage, and no personal data is collected through cookies beyond what's needed for login and core functionality. Because we have no advertising or analytics cookies, no separate cookie consent is required under law for our Service's usage of cookies. We still maintain transparency by explaining our use of these technologies here.

Data Sharing and Transfers

We treat your personal data as confidential and do not share it with third parties except in the limited circumstances described below, which are all tied to operating the Service or complying with the law. We never sell your data or disclose it for independent commercial purposes. The cases in which we might share data are:

Aside from the instances above, no third parties have any access to your personal data. We do not share, rent, or sell user data to data brokers or advertisers. Within Codebowl Oy, access to personal data is restricted to the personnel who need to process it (in this case, Codebowl is a small company, and only authorized staff/developers have access, bound by confidentiality). Your data remains your own, and we use it solely to provide the service back to you.

Data Storage and Security

Storage Locations: We use Vercel's infrastructure and Neon database services, both specifically configured for the Frankfurt, Germany region to ensure European data residency. All user data is stored within the European Union, specifically in Frankfurt, Germany. This includes both application data processed by Vercel Functions and database information stored in Neon. We do not transfer personal data outside the European Economic Area (EEA) for processing or storage, ensuring full compliance with GDPR data residency requirements. Both Vercel and Neon maintain comprehensive security measures and GDPR compliance certifications to protect your data.

Security Measures: We take data security very seriously. Codebowl Oy implements appropriate technical and organizational measures to safeguard your personal data against loss, theft, misuse, and unauthorized access. Some of the security measures in place include: encryption, access control, and network security practices. In particular, our hosting provider Vercel encrypts data at rest and in transit. Your data is encrypted when stored on disk using strong encryption standards (AES-256) and transmitted over the internet via secure TLS connections vercel.com. This means that whether your data is in the database or moving between our server and your browser, it's protected from eavesdropping. Additionally, we restrict access to production databases and servers to authorized personnel only, and we monitor for any suspicious activity. We also regularly update our software dependencies and apply security patches to address potential vulnerabilities promptly. While no system can guarantee 100% security, we strive to follow best practices and industry standards (such as OWASP guidelines and cloud security benchmarks) to minimize risks. In the unlikely event of a data breach that affects your personal data, we will follow all applicable breach notification laws, including informing you and authorities as required.

Data Retention: We retain your personal data only for as long as necessary to fulfill the purposes described in this policy. In practice, this means we keep your account information and user-provided data for as long as you maintain an account with us and use the Service. If you decide to cancel your account or if your access expires, we will either delete your personal data or anonymize it after a reasonable period, unless we are required to keep it longer for legal reasons. For example, if you request account deletion, we will remove or anonymize all your entries and personal identifiers in our production systems within a short timeframe (we will inform you of the completion of this process). Some data may persist in secure backups for a limited duration (our backups are kept for disaster recovery purposes for a fixed retention period, after which they are automatically deleted). We will not use your data in backups for any active purpose, and backups are encrypted and protected. If we must retain certain information to comply with legal obligations (such as financial records or logs), we will store that information securely and isolate it from active use. Once the retention period expires, we ensure the data is permanently deleted or anonymized.

Your Rights Under GDPR

As a user of our Service and a data subject under the GDPR (if you are in the EU/EEA or where similar laws apply), you have certain rights regarding your personal data. We are committed to honoring these rights. You may exercise these rights at any time by contacting us (see Data Controller and Contact above). These rights include:

We will respond to requests regarding these rights as soon as possible, and in any case within the timeframe required by law (generally within one month, extendable if the request is complex – we will inform you if an extension is needed). Exercising your rights is free of charge. If you make a request electronically, we will attempt to provide the information in a commonly used electronic form as well.

Additionally, if you believe our processing of your personal data infringes the GDPR or other applicable data protection laws, you have the right to lodge a complaint with a supervisory data protection authority. For example, in Finland you can contact the Office of the Data Protection Ombudsman. If you are in another EU country, you may contact your local Data Protection Authority. We would, however, appreciate the chance to address your concerns directly first, so we encourage you to reach out to us with any issue so we can try to resolve it.

Children's Privacy

As stated in the introduction, our Service is not intended for children under the age of 18. We do not knowingly solicit or collect personal information from anyone under 18 years old. If you are under 18, you are not permitted to use this Service or provide any personal data to us. If we learn that we have inadvertently collected personal data from a child under 18 (for instance, if a child misrepresents their age to gain access), we will take prompt action to delete that information from our records. If you are a parent or guardian and discover that your child under 18 has an account or has provided personal data to us, please contact us immediately. We will work with you to remove the data and terminate the child's account. We abide by the age limitations set by GDPR and relevant local laws for data processing consent, and since we do not obtain verifiable parental consent, we choose to simply disallow any use by minors under 18 to ensure compliance and protect children's privacy.

Changes to This Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make significant changes, we will notify you by appropriate means – for example, by emailing you at the address associated with your account or by displaying a prominent notice within the Service. The "last updated" date at the bottom of this Policy will always indicate when the latest changes were made. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any modifications to the Policy will signify your acknowledgment of the updated terms. If changes require your consent (for example, if we were to introduce new processing that requires consent), we will obtain that consent as needed.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. The quickest way to reach us is by emailing privacy@floreza.app. You can also reach out to us through any contact form or details provided on our official website. We will address your inquiry as soon as possible and do our best to resolve any issues to your satisfaction.

Thank you for trusting Codebowl Oy with your data. We are dedicated to maintaining that trust by keeping your data secure and private.

Last updated: July 20, 2025