Tormel

Privacy Policy

Last updated: 2025-01-01

Lumos Invest OÜ ("we", "us", or "our") operates Tormel ("the Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Service, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Lumos Invest OÜ
Estonia
Email: siim.viisut@gmail.com

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Account Information

  • Name: To personalize your experience
  • Email address: For account authentication, communication, and password recovery
  • Password: Stored in encrypted (hashed) form for account security

2.2 User-Generated Content

  • Goals and milestones you create
  • Metric entries and tracking data
  • Notes and descriptions you add
  • Streak and habit tracking records

2.3 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Usage data and interaction with the Service

3. How We Use Your Data

We process your personal data for the following purposes:

PurposeLegal Basis (GDPR)
Providing and maintaining the ServiceContract performance
Account authentication and securityContract performance, Legitimate interest
Sending service-related emails (password reset, verification)Contract performance
Responding to support requestsContract performance, Legitimate interest
Improving and analyzing the ServiceLegitimate interest
Sending marketing communications (if opted in)Consent

4. Cookies and Analytics

We use essential cookies to maintain your session and preferences. We may also use analytics services (such as Google Analytics) to understand how users interact with our Service. These analytics tools may collect:

  • Pages visited and time spent
  • Referral sources
  • General location (country/city level)
  • Device and browser information

You can control cookie preferences through your browser settings. Disabling cookies may affect your ability to use certain features of the Service.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with:

  • Service providers: Hosting providers, email delivery services, and analytics providers who assist in operating the Service, bound by data processing agreements
  • Legal requirements: When required by law, court order, or to protect our legal rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with continued protection of your data

6. Data Storage and Security

Your data is stored on servers located in the European Union. We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encrypted password storage using industry-standard hashing
  • Regular security updates and monitoring
  • Access controls and authentication

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion:

  • Your personal data will be deleted within 30 days
  • Anonymized or aggregated data may be retained for analytical purposes
  • Backup copies may persist for up to 90 days before automatic deletion
  • We may retain data longer if required by law

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at siim.viisut@gmail.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Estonia, this is the Data Protection Inspectorate (Andmekaitse Inspektsioon).

9. Account Deletion

You can delete your account at any time through your profile settings. Upon deletion:

  • Your account will be immediately deactivated
  • Your personal data will be permanently deleted within 30 days
  • This action is irreversible

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending an email. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Lumos Invest OÜ
Email: siim.viisut@gmail.com
Website: tormel.com