Pilvi

Pilvi legal

Privacy Policy

What we collect, why, and how you stay in control.

Last updated July 8, 2026 · Version 2026-07-08

_Last updated: July 8, 2026 · Version 2026-07-08_

Who we are

Pilvi is operated by Johannes Salovaara, based in Finland (EU). Contact: hello@cannahealth.dev. We act as the data controller for personal data processed through the Pilvi application.

What we collect

  • Account data: email address, authentication identifiers, display name.
  • Self-tracking data: cannabis sessions you log (strain, dose, method, notes, timestamps), baselines, mood/sleep/anxiety/energy ratings, weekly and monthly check-ins, personal goals.
  • AI conversations: the messages you send to Ricky and the responses shown to you.
  • Subscription data: plan status, Stripe customer/subscription identifiers, records of any manual (MobilePay) payment requests you submit.
  • Consent records: your cookie and privacy preferences, and the version of the terms you accepted.
  • Technical data: minimal logs needed to keep the service running (error reports, request metadata).

Why we process it

  • To provide the app's core self-tracking features (contract necessity).
  • To generate personalised insights and dose estimates (legitimate interest + your explicit consent for AI processing of your logs).
  • To operate subscriptions and process payments (contract necessity).
  • To keep the service secure and debug issues (legitimate interest).
  • To send optional product emails only if you opt in (consent).

Legal bases (GDPR)

Contract (Art. 6(1)(b)), consent (Art. 6(1)(a)), legitimate interest (Art. 6(1)(f)), and — because self-reported cannabis use may be treated as health / special-category data — your explicit consent (Art. 9(2)(a)) when you create your account.

How your data is stored

Data is stored in our managed database (Supabase, EU region). Row-level security ensures that you can only read your own rows. Backups are encrypted at rest and access to production systems is limited to the operator.

Retention

  • Session logs, check-ins, baselines, goals, photos: kept until you delete them or delete your account.
  • AI conversation history: rolling window used to personalise Ricky; you can delete it from Settings → Privacy.
  • Subscription and invoicing records: kept for the period required by Finnish tax and accounting law (currently 6 years after the end of the accounting period) after the last transaction.
  • Manual payment requests: kept until resolved plus a 12-month audit window.
  • Backups: rolled off within 30 days of live deletion.

Your rights

Under GDPR you can request access, rectification, erasure, restriction, portability, and objection. You may withdraw consent at any time and lodge a complaint with your local supervisory authority (in Finland, the Data Protection Ombudsman — tietosuoja.fi).

Data export & deletion

Export your data any time from Settings → Export data. Delete your account from Settings → Delete account; see the Account Deletion Policy for details. Deletion removes your profile, sessions, check-ins, Ricky messages, feedback, photos, and subscription records.

Analytics & tracking

The app uses only strictly-necessary storage by default. Optional analytics and performance cookies are disabled until you opt in via the cookie banner. Analytics events never include your notes, chat content, or strain names — only enums and counters used to understand how features are used in aggregate.

AI processing

Messages you send to Ricky are transmitted to our AI provider(s) to generate a response. We do not sell your data and we never send your account email, payment details, or identity to the AI provider. Providers may retain requests briefly for abuse-prevention under their own policies (typically 30 days).

International transfers

Where data leaves the EEA (for example when an AI provider processes a request), we rely on Standard Contractual Clauses and any additional safeguards the provider offers.

Security

We use TLS in transit, encryption at rest, principle-of-least-privilege access, and audited third-party subprocessors. Stripe and the AI provider(s) never receive your cannabis logs, mood data, sleep data, journal notes, Ricky chats, photos, or strain history. No system is perfectly secure — please use a strong password.

Children

Pilvi is not intended for anyone under the age of 18 and we do not knowingly collect data from minors.

Contact

Questions about this document? Email hello@cannahealth.dev.