Privacy & GDPR

What we collect

• Your Microsoft account identifier, email and display name (received when you sign in).
• The places, activities, moods and durations you add yourself.
• Your language preference.
• Sign-in session data stored in cookies.

Why we collect it

To recognise you on return visits and show you only your own data. This is required for the service to function (GDPR Art. 6(1)(b) — performance of a contract).

Where it's stored

On Berg-IT's own SQL Server in Finland. The data never leaves the berg-it.fi infrastructure. No third-party analytics, no ad tracking.

Who can see it

Only you. Every row is scoped to your user identifier, and the public landing page never queries user tables when nobody is signed in.

Your rights (GDPR)

Under the EU General Data Protection Regulation, you have:

• Right of access — everything is on the /Settings page while signed in.
• Right to rectification — edit anything from Settings.
• Right to erasure — your account and all data on request, within 30 days.
• Right to portability — receive your data in a portable format.
• Right to withdraw consent — sign out and request deletion.

Requests: aki.berg@berg-it.fi.

Cookies

• .AspNetCore.Cookies — keeps you signed in (HTTPS-only, HttpOnly).
• .AspNetCore.Antiforgery.* — protects forms against CSRF.
• minidates-lang — remembers your language choice.
• Microsoft sets its own authentication cookies during sign-in — those are governed by Microsoft's privacy statement.

Data controller

Berg-IT, contact: aki.berg@berg-it.fi