MIMIR Travel
Privacy Policy
Effective Date: October 6, 2025
1. Introduction and Scope
MIMIR Travel Oy ("MIMIR," "we," "us," or "our") is committed to protecting the privacy of individuals who use the MIMIR Travel mobile application and related services (collectively, the "Service"). This Privacy Policy details our practices concerning the collection, utilization, and disclosure of your Personal Data and outlines your choices regarding that data.
This Policy applies to all users of the Service, which leverages Augmented Reality (AR) and persistent geolocation services to deliver gamified travel experiences.
2. Data Controller and Contact Information
The data controller responsible for the processing of your Personal Data is:
MIMIR TravelEstablished in: Vantaa, Finland
Contact Email: support@mimir.fi
3. Data Processing Principles and Legal Basis
We collect and process your Personal Data only when we have a legitimate legal basis to do so, which primarily includes:
Contractual Necessity: Processing data required to fulfill our contractual obligation to provide the Service to you (e.g., account management, game functionality).
Consent: Processing data where you have provided explicit, informed consent (e.g., enabling precise location tracking).
Legitimate Interests: Processing data necessary for our legitimate business interests, provided those interests do not override your rights and freedoms (e.g., improving security, internal analytics).
Legal Obligation: Processing data necessary to comply with applicable laws and regulations (e.g., European Union General Data Protection Regulation - GDPR).
4. Categories of Data Collected
We collect the following categories of information:
4.1. Identity and Account Data (Personal Data)
Identifiers: Email address (if provided for registration), username, and profile image (optional).
Authentication: Encrypted passwords or device authentication tokens.
4.2. Device and Technical Data (Automatically Collected)
Device Information: Device model, operating system, unique device identifiers (e.g., IDFA, Android ID), browser type, and time zone settings.
Network Data: IP address, mobile carrier, and connectivity type.
4.3. Usage, Gamification, and Interactive Data
Activity Metrics: Details regarding your interaction with the Service, including pages viewed, features accessed, session duration, date of last activity, and crash reports.
Game Progress: Scores, achievements, challenge completion rates, inventory of in-app items/currency, and leaderboard placement.
Statistical Data: Counts of countries and cities visited, and the number of stories listened for gamification and progress tracking.
User-Generated Content (UGC) Metadata: Timestamps, device identifiers, and location of UGC creation.
4.4. Sensitive and Specific Permissions Data (Requires Explicit Consent)
Precise Geolocation Data: We collect your precise location data (GPS coordinates) to facilitate AR placement, location-based challenges, and real-time guidance.
Foreground Use: When the app is actively open, this data is used in real-time for immediate AR functionality.
Background Use: With your separate and explicit consent, we may collect and use your precise location data when the app is closed or running in the background to trigger relevant, proximity-based notifications (e.g., motivational check-ins, nearby challenge alerts) and to update location-dependent progress.
Retention Limit: Any precise location data collected is used only for the immediate purpose it serves and is not retained as a history or travel log. Precise location data is retained for a maximum of 24 hours as a temporary geofence coordinate to trigger a notification, after which it is promptly deleted or anonymized. Aggregated, anonymized location data may be retained for service analytics.
Camera and AR Data: We access your device's camera only to render augmented reality overlays. We do not transmit or store the live camera feed, but we may process the device motion and sensor data to correctly place virtual objects.
5. Purpose of Data Utilization
We utilize the collected data for the following essential business functions:
Provision of Core Services: To operate, deliver, maintain, and enhance the AR, gamification, and geolocation features of the Service, including showing your statistical progress. (Legal Basis: Contractual Necessity).
Account Management: To verify your identity, maintain security, and manage your subscriptions and game progress. (Legal Basis: Contractual Necessity).
Performance and Analytics: To monitor the usage and effectiveness of the Service, identify technical issues, and optimize resource allocation. (Legal Basis: Legitimate Interests).
Communication: To send essential administrative messages, security alerts, and customer support responses. (Legal Basis: Contractual Necessity/Legitimate Interests).
Compliance: To satisfy legal and regulatory obligations, and to prevent, detect, and investigate illegal activities. (Legal Basis: Legal Obligation).
6. Data Retention Policy
We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.
Account Data: Retained indefinitely while your account remains active, regardless of periods of inactivity, to preserve your game progress, achievements, and virtual items.
User-Initiated Account Closure: Upon your formal request to close your account, we will delete or anonymize all Personal Data within 180 days, except where required to retain transactional records for legal or regulatory compliance (e.g., receipts, tax records).
Geolocation Data: Precise, real-time geolocation is deleted immediately upon the conclusion of a session or after 24 hours of retention for background notification purposes. Aggregated usage data derived from location is retained for analytical purposes indefinitely.
Usage/Gamification Data: Retained for the duration necessary for ongoing trend analysis and service improvement.
7. Third-Party Data Disclosure and Service Providers
We engage third-party processors and use third-party technologies to perform essential functions on our behalf. We only share the minimum necessary Personal Data with these service providers. Categories of recipients include:
Cloud Hosting Providers: For secure data storage and operational backend services.
Analytics & Mapping Providers: Including Google Firebase Analytics and the Google Maps SDK for crash reporting, usage monitoring, and delivering location-based services.
Generative AI Providers: Including Google Gemini and other large language models (LLMs) used to generate dynamic content narratives and audio components within the Service.
Legal and Regulatory Authorities: When required to do so by court order or applicable law.
8. International Data Transfers
MIMIR Travel Oy is based in the European Union (Finland). Your information, including Personal Data, may be processed both within the European Economic Area (EEA) and transferred to — and maintained on — computers located outside of your state, province, or country where the data protection laws may differ from those in your jurisdiction. By using the Service, you acknowledge and consent to this transfer, provided we take all reasonably necessary steps (such as utilizing Standard Contractual Clauses) to ensure your data is treated securely and in accordance with this Privacy Policy and the GDPR.
9. Your Data Protection Rights (GDPR/CCPA)
Depending on your jurisdiction, you may have the following rights concerning your Personal Data:
Right of Access: The right to request copies of the Personal Data we hold about you.
Right to Rectification: The right to request correction of inaccurate or incomplete data.
Right to Erasure ('Right to be Forgotten'): The right to request the deletion of your Personal Data, subject to our legal obligations.
Right to Object/Opt-Out: The right to object to the processing of your data for certain purposes, such as direct marketing. (For CCPA users, the right to opt-out of the "sale" or "sharing" of personal information).
Right to Restrict Processing: The right to request that we limit the way we use your data.
Right to Data Portability: The right to receive your Personal Data in a structured, commonly used, machine-readable format.
To exercise any of these rights, please submit a request to the Contact Email address listed in Section 2.
10. Policy Amendments
MIMIR reserves the right to modify this Privacy Policy at any time. We will provide notice of significant material changes through the Service or via email, and by updating the "Effective Date" at the top of this document. Your continued use of the Service after any modification constitutes your acceptance of the updated Policy.
MIMIR Travel
Terms of Service
Effective Date: October 6, 2025
Welcome to MIMIR Travel! These Terms of Service ("Terms") govern your use of the MIMIR Travel mobile application (the "Service"). Please read them carefully before using the Service.
1. Acceptance of Terms
By accessing or using the Service, you confirm that you have read, understood, and agree to be bound by these Terms and the MIMIR Travel Privacy Policy. If you do not agree, you must not use the Service.
2. User Accounts
Registration: You must be at least 13 years old to use the Service.
Account Responsibility: You are responsible for all activities that occur under your account. You must keep your password secure.
Termination: We reserve the right to suspend or terminate your account at our sole discretion, without notice, for conduct that violates these Terms, harms other users, or is detrimental to our business.
3. License to Use the Service
MIMIR grants you a limited, non-exclusive, non-transferable, revocable license to use the Service solely for your personal, non-commercial use, subject to these Terms.
4. Prohibited Uses
You agree not to use the Service for any purpose that is prohibited by these Terms or applicable law. Prohibited activities include:
Hacking/Reverse Engineering: Attempting to decompile, reverse engineer, or extract the source code of the Service.
Cheating/Exploitation: Using exploits, cheats, or unauthorized third-party software to gain an unfair advantage in the game, including attempts to falsify your geolocation.
Abuse: Harassing, threatening, or impersonating other users or MIMIR personnel.
Unlawful Activity: Using the Service for any unlawful purpose.
5. User-Generated Content (UGC)
Responsibility for UGC: You are solely responsible for any content you create, submit, post, or transmit through the Service (e.g., in-app messages, custom challenge descriptions).
License to MIMIR: By submitting UGC, you grant MIMIR a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and display such UGC for the purpose of operating and improving the Service.
Content Standards: UGC must not be illegal, obscene, defamatory, threatening, infringing on intellectual property rights, or otherwise injurious or objectionable. We reserve the right, but not the obligation, to remove or edit any UGC.
6. Intellectual Property
All rights, title, and interest in and to the Service (including all content, code, data, and materials contained therein) are and will remain the exclusive property of MIMIR Travel Oy and its licensors. Your use of the Service grants you no right or license to use any of our intellectual property except as expressly authorized by these Terms.
7. Disclaimers and Limitation of Liability
The Service is provided "AS IS" and "AS AVAILABLE."
Geographic Risk: MIMIR involves real-world location interaction. We are not responsible for your safety while using the Service. You assume all risks associated with your use of the Service and travel to landmarks. Always exercise caution, obey traffic laws, and comply with all local laws and regulations.
Disclaimer: MIMIR makes no warranties, express or implied, regarding the accuracy, completeness, or reliability of the Service.
Limitation of Liability: To the maximum extent permitted by law, MIMIR shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting from (a) your use or inability to use the Service; (b) any conduct or content of any third party on the Service; or (c) unauthorized access, use, or alteration of your transmissions or content.
8. Indemnification
You agree to defend, indemnify, and hold harmless MIMIR Travel Oy and its employees, contractors, agents, officers, and directors from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney's fees) arising from: (i) your use of and access to the Service, including any data or content transmitted or received by you; (ii) your violation of any term of these Terms, including without limitation your breach of any of the representations and warranties above; (iii) your violation of any third-party right, including without limitation any right of privacy or intellectual property rights; (iv) your violation of any applicable law, rule, or regulation; or (v) any claim or damages that arise as a result of any UGC or other content that is submitted via your account.
9. Governing Law and Dispute Resolution
Governing Law: These Terms shall be governed by the laws of Finland, without regard to its conflict of laws principles.
Dispute Resolution: Any dispute arising out of or relating to these Terms or the Service shall be subject to the exclusive jurisdiction of the courts of Helsinki, Finland.
10. Changes to Terms
We reserve the right to modify these Terms at any time. If we make material changes, we will notify you by updating the date at the top of these Terms and by providing notice through the Service. Your continued use of the Service after such changes constitutes your acceptance of the new Terms.
11. Contact Information
MIMIR Travel Oy
Email: support@mimir.fi