Privacy Policy
24 April 2026
Overview
This Privacy Policy describes how Firesoft Oy ("Firesoft") processes personal data. This Privacy Policy applies to our website, marketing and customer relationship management, and the end products and services provided by Firesoft ("Services").
We comply with all applicable data protection legislation, including the EU General Data Protection Regulation (2016/679) ("GDPR") and other applicable national legislation, in all processing of personal data.
The Services and our website may also contain links to external websites and services operated by other organisations which are not controlled by us. This Privacy Policy is not applicable to their use, so please refer to their privacy policies. We are not responsible for the privacy practices of other websites or external services (even if you access them by using links on our website). Firesoft may also act as the technical administrator for a service provided to its customer, in which case that customer will act as the data controller of the service.
"Personal Data" means any information relating to a natural person ("Data subject") from which he or she can be directly or indirectly identified, as further defined in the Data Protection Regulation.
Controller
Firesoft Oy
Business ID (Y-tunnus): 3290636-8
Address: Mankkaanmalmi 16 B 2, 02180 Espoo
Email: info@minimapper.app
Website: https://minimapper.app/
Purposes and legal basis for the processing of personal data
The services provided by the Controller ("Services") are available to individuals and legal entities and require registration for both. The Services are available in accordance with the Terms of Service.
As the controller, we will only process personal data that is necessary for each purpose of use. We process personal data in accordance with the law mainly for the following purposes:
- Customer service and communication.
- Provision, monitoring and development of services
- Marketing, including market research, other marketing promotion and analysis, and the production of statistics and measurement of marketing effectiveness
- Improving the user experience of our services and website and monitoring user traffic
- Complying with legal obligations (e.g. accounting and other specific legislation) and reporting obligations
- Preventing abuses
The legal basis for processing personal data is mainly the performance of a contract between the data subject and Firesoft and the legitimate interests of Firesoft. Our legitimate interests include, for example, the administration and development of the Services and customer service and communication, marketing and monitoring the effectiveness of marketing activities. When we process personal data on the basis of legitimate interests, we weigh the benefits of the processing against the potential harm to the data subject and have assessed that the rights and interests of data subjects do not override the legitimate interests.
Where we process personal data to comply with legal requirements or to fulfil our reporting obligations, the legal basis for the processing is primarily a legal obligation.
Processed personal data and data sources
| Data group | Examples of data and use |
|---|---|
| User identification and contact details | The customer's email address, such as the one provided when entering into a contract and/or registering for the Service. |
| Information relating to marketing and events and the data subject's consents and prohibitions | Information provided, for example, when registering for an event or collected from public sources. |
| Information about your use of the services and website | IP address, electronic communication identification data, browser and operating system data and registration data. |
Consent Management
We collect and process personal data based on consent in the following situations:
- When you subscribe to our newsletter or marketing communications
- When you voluntarily provide personal data through forms or surveys
How Consent is Obtained
Consent is obtained through clear affirmative action, such as checking a box, clicking an "accept" button. We do not use pre-ticked boxes or implicit consent mechanisms.
Withdrawal of Consent
You can withdraw your consent at any time. For example:
- To opt out of marketing, use the "unsubscribe" link in any marketing email.
For other purposes, contact us at: info@minimapper.app
Withdrawal does not affect processing that occurred prior to the withdrawal.
Joint controllership with a social media service provider
Where we operate a social media business page hosted by Firesoft, that social media service provider and Firesoft are joint data controllers for the purposes of data protection legislation, where applicable, in relation to the personal data of visitors to that social media service provider's page. The social media service provider and Firesoft are also joint data controllers, where applicable, in relation to the social media service provider's social plug-in services (including Facebook's Share function, which allows you to share content on the website via social media).
These social media service providers process personal data in accordance with their own privacy policies, which can be found on the relevant social media service provider's website. The social media service provider in question is mainly responsible for complying with the obligations of data protection legislation and for enforcing the rights of the data subject on its service. Firesoft, for its part, is responsible for complying with its obligations under data protection legislation and processes visitor data on company websites in accordance with this Privacy Policy, for example for the purpose of targeting advertising.
For more information on the processing of personal data by social media service providers and the website operator, as well as on the division of responsibilities between the joint controllers, please visit the social media service providers' websites, such as the Facebook Controller-Addendum.
You can manage the privacy settings of social media service providers on their websites, and you can also contact them if you wish to exercise your data subject rights. You can find contact details in the privacy policy of these service providers.
Google Analytics
We use Google Analytics to collect information about how users interact with our app (not on our website). This includes your IP address (in anonymized form), device/browser details, and interaction data. Google may store this information on servers outside the EU/EEA. We use IP anonymization and ensure that necessary safeguards (e.g., Standard Contractual Clauses) are in place for any data transfers.
YouTube videos
We embed YouTube videos on our website using YouTube's privacy-enhanced mode (youtube-nocookie.com). This means YouTube may collect data about your interaction with the video (e.g., when you click Play), but does not use cookies to track you before interaction. See YouTube's Privacy Policy for more information.
PayPal's payment methods
In order to offer you PayPal's payment methods your personal data is processed in line with PayPal's own privacy notice.
Image Editing Service
This section only applies to the Image Editing Service by Firesoft Oy, not the Minimapper app.
We are committed to keeping your photos secure. We do not give, sell, or transfer access to your original or edited photos to any third parties without your consent. Your photos are stored in a secure manner, and access is strictly limited to authorized personnel who require it for the purpose of editing your photos.
We retain your photos for as long as necessary to provide you with optimal user experience and to ensure the quality of our services. Additionally, we may retain your photos for internal training purposes, as it allows us to continuously improve our editing processes and provide you with the best possible results.
Please note that while we take all reasonable measures to protect your photos, no method of transmission or storage is completely secure. Therefore, we cannot guarantee absolute security. However, we continuously update our security measures to ensure the highest level of protection for your photos.
Retention of personal data
We will retain personal data for as long as necessary for the purposes set out in this Privacy Policy, but always for as long as required by law (for example, in relation to accounting or reporting responsibilities and obligations), or for the purposes of litigation or similar dispute resolution. After the end of the purpose, the personal data will be deleted within a reasonable period of time or rendered anonymous.
The necessity of storing personal data, as well as their accuracy, will be regularly verified. Upon request, we will provide further information on our personal data retention practices.
Data relating to an account created by a user of the Service will be retained by the Service until the data subject personally requests the deletion of the data.
Recipients of personal data
Personal data may be transferred to service providers and partners used by Firesoft, such as providers of technical solutions or server hosting, accounting, and financial service providers. We have contractual arrangements in place to ensure that personal data is processed in accordance with applicable data protection legislation and otherwise appropriately. We will provide additional information on recipients upon request.
Personal data may be disclosed to third parties in situations required by law or governmental authority or to investigate misuse of our Services and to ensure security. In addition, personal data may need to be disclosed in connection with legal proceedings or similar legal proceedings.
If Firesoft is involved in a merger, acquisition or other business arrangement, personal data may be disclosed to other parties to the arrangement or to those assisting in the arrangement.
Transfer of personal data outside the EU/EEA
Where personal data is transferred outside the EU/EEA, we will ensure an adequate level of protection of personal data, including by agreeing on the processing of personal data as required by data protection legislation, such as by using standard contractual clauses adopted by the European Commission.
For the transfer of personal data related to the use of social media, we follow the instructions of the relevant social media service providers in accordance with their privacy policies.
Protection of personal data
We use appropriate technical and organisational safeguards to protect personal data. We also ensure that our systems are fault-tolerant, and that data can be recovered.
Access to personal data is limited to specifically authorised parties. We ensure that our service providers meet the required security standards.
All parties processing personal data are bound by a duty of confidentiality in relation to the processing of personal data. Access to personal data is limited to those employees who need it to perform their duties.
Rights of data subjects
Data subjects have rights under the GDPR:
- The right of access to data. The data subject has the right to obtain confirmation as to whether personal data concerning him or her are being processed, as well as other information on the processing of personal data. The data subject has the right of access to personal data and to obtain a copy of the personal data.
- Right to rectification and erasure of personal data. The data subject has the right to request the correction or deletion of inaccurate or incorrect data. The data subject also has the right to request the erasure of his or her personal data. For example, where personal data are necessary for the performance of a contractual obligation, to comply with a legal obligation or to settle a legal dispute, a request for erasure cannot always be implemented.
- Right to restriction of processing. The data subject has the right to request restriction of the processing of personal data. In addition, where the personal data suspected of being inaccurate cannot be corrected or deleted, or where there is uncertainty about a request for deletion, the Company will restrict access to the personal data.
- Right to data portability. The data subject has the right to request the transfer of personal data that he or she has provided, and which are processed automatically to another controller, where the processing is based on the data subject's consent or on a contract.
- Right to object to processing. The data subject has the right to object to certain types of processing of personal data, such as profiling based on legitimate interests. Data subjects also have the right to object to the processing of their personal data for direct marketing purposes.
- Right to withdraw consent. Where the processing of personal data is based on the data subject's consent, the data subject has the right to withdraw his or her consent. Withdrawal of consent does not affect the processing carried out previously. In addition, you can withdraw your consent to direct marketing by following the instructions included in the marketing communication (e.g. unsubscribe function included in an email or SMS).
Exercising rights
The data subject may send a request by letter or e-mail using the contact details provided. We may request additional information as necessary to fulfil the above requests.
We will process your request once we have received all the necessary information relating to your request (including verification of your identity). We will respond to your request within a reasonable time, usually no later than one month from the date of the request and verification of your identity. If the request cannot be granted, the refusal will be notified separately. We may refuse to process requests that are disproportionately repetitive, unreasonable, or manifestly unfounded.
Children's Privacy
Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If we become aware that personal data of a child has been collected without such consent, we will delete the information as soon as possible.
Parents or guardians who believe that we may have collected data from a child can contact us at info@minimapper.app.
Data Protection Officer (DPO)
Firesoft Oy has evaluated its obligations under the GDPR and has determined that a formal Data Protection Officer is not required under Article 37. However, we have appointed a designated contact person for data protection matters. You can reach us for privacy-related inquiries at:
Email: info@minimapper.app
Mail: Mankkaanmalmi 16 B 2, 02180, Espoo, Finland
Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with the competent data protection authority if the data subject considers that his or her personal data have been processed in breach of the applicable legal provisions.
Changes to the privacy statement
This Privacy Policy may need to be amended from time to time. Changes may also be based on changes in data protection legislation. We therefore encourage you to regularly check this privacy statement to identify any changes.
Questions about the Privacy Policy?
If you have any questions about this Privacy Policy, please contact us by email at info@minimapper.app.