Whesuli Privacy Policy

Last updated: 12 May 2026

Whesuli is a mobile application for Android and iOS that helps users identify their closest public transport stops and vehicles in the Helsinki region and retrieve related route and disruption information.

1. Data Controller

Dinador Oy
Business ID (Y-tunnus): 2670720-7
Email: [email protected]

2. What Data the App Uses

The application does not require a user account and does not directly collect personal identity information such as name, email address, phone number or home address.

The app may process the following technical and location-related data:

Precise location — used to find nearby public transport stops and to plan routes from the user's current location.
Bluetooth beacon scan results — used locally to detect nearby bluetooth beacons of Helsinki Regional Transport and determine relevant stops or vehicles.
Route and search queries — such as stop identifiers, route identifiers, coordinates and destination searches sent to Digitransit services.
Crash diagnostics — if separately enabled by the user, technical crash reports may be sent to Firebase Crashlytics.
Advertising data — Google AdMob may process advertising and device-related data according to the user's consent choices.

3. How Data Is Used

To identify nearby stops, platforms and vehicles
To retrieve route and disruption information
To plan journeys
To send context-specific feedback to transport service provider
To maintain application stability and diagnose crashes
To display advertisements

4. Legal Basis for Processing

Under the EU General Data Protection Regulation (GDPR), processing is based on:

Performance of the requested service for location and Bluetooth processing required for automatic stop and vehicle detection.
User consent for optional crash diagnostics and for personalised advertising where applicable.
Legitimate interest in maintaining application security, reliability and preventing misuse.

Location and Bluetooth permissions are optional. If denied, some automatic features become unavailable, but manual route searches can still be used.

5. Third-Party Services

The application uses the following third-party services:

HSL / Digitransit — public transport routing, geocoding, stop and disruption information
Google Firebase Crashlytics — optional crash reporting
Google AdMob — advertising

These third parties may process technical information such as IP addresses, request metadata and device information according to their own privacy policies.

6. Advertising and Consent

The app uses Google AdMob for advertising.

Users in the European Economic Area are shown a consent dialog compliant with the IAB Transparency and Consent Framework (TCF) before personalised advertising requests are made.

If personalised advertising consent is declined, non-personalised ads may still be shown.

7. Crash Diagnostics

Crash reporting is disabled by default until the user explicitly enables it.

If enabled, Firebase Crashlytics may receive technical diagnostic information such as:

device model
operating system version
application version
stack traces and error logs

The application is designed not to send precise location, destination addresses or similar sensitive travel information to crash logs.

8. Data Retention

The application itself does not maintain a backend server or permanent user database.

Some data may be temporarily cached on the device to improve performance. Third-party services may retain logs according to their own retention policies.

9. International Transfers

Some third-party providers used by the application may process data outside the European Economic Area. Such transfers are handled under applicable GDPR safeguards, such as the European Commission's Standard Contractual Clauses (SCCs), where required.

10. Your Rights

Under GDPR, users may have the right to:

request access to personal data
request correction or deletion of data
withdraw consent
object to certain processing
lodge a complaint with a supervisory authority

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman.

11. Managing Permissions and Consent

Users can:

change device permissions in operating system settings
reopen the advertising consent dialog from app settings
enable or disable crash reporting from app settings

12. Changes to This Policy

This privacy policy may be updated to reflect legal, technical or operational changes. The latest version will always be available at the published privacy policy URL.