Last updated: April 7, 2026
1. Data Controller
Sheep Meadow Road Games Oy
Helsinki, Finland
info@polle.fi
2. What Data We Collect
Account data
Email address and password (stored as a cryptographic hash). If you sign in with Google, we receive your name and email from Google.
Profile and vendor data
First and last name, phone number, address, city, postcode, and country. Vendors additionally provide a company name, business ID, and IBAN for payouts.
Transaction data
Order history, payment references, invoice details, and related information needed to process marketplace purchases.
Content
Posts, comments, messages, and media you upload to the platform.
Technical data
Audit logs of key actions performed on your account for security purposes.
3. How We Collect Data
We collect data that you provide directly when you create an account, update your settings, list products, place orders, or communicate through the platform. If you sign in with Google, we receive basic profile information from Google's OAuth service.
4. Why We Process Your Data
- To create and manage your account
- To enable marketplace transactions between buyers and vendors
- To facilitate messaging and notifications
- To manage horse syndicate memberships, votes, events, and payments
- To send transactional emails (order confirmations, password resets, etc.)
- To prevent fraud and maintain platform security
The legal basis for processing is the performance of the contract between you and Polle (GDPR Article 6(1)(b)), and our legitimate interest in maintaining platform security (GDPR Article 6(1)(f)).
5. Third-Party Services
| Service | Purpose |
|---|---|
| Stripe | Payment processing and vendor payouts |
| OAuth sign-in | |
| Hetzner | Server hosting (Germany/Finland) |
| Scaleway | Transactional email delivery and file storage (France) |
| Umami Analytics | Privacy-friendly, cookieless website analytics — no personal data is collected |
6. Cookies
| Cookie | Purpose | Duration |
|---|---|---|
| session | Keeps you signed in | 24 hours |
| locale | Remembers your language preference | 1 year |
| google_oauth_* | Temporary tokens during Google sign-in | ~10 minutes |
We do not use tracking or advertising cookies.
7. Data Storage and Security
Your data is stored on servers located in the EU (Hetzner, Germany/Finland). Passwords are stored using industry-standard cryptographic hashing and are never stored in plain text. All connections use HTTPS. Session cookies are HttpOnly and SameSite to prevent cross-site attacks.
8. Data Transfers Outside the EU
Stripe may process payment data outside the EU in accordance with their own Data Processing Agreement and Standard Contractual Clauses. All other services we use operate within the EU.
9. Your Rights
Under the General Data Protection Regulation (GDPR), you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Restrict or object to processing
- Receive your data in a portable format
- Lodge a complaint with a supervisory authority (in Finland: the Office of the Data Protection Ombudsman, tietosuoja.fi)
10. Data Deletion
To request deletion of your account and all associated personal data, send an email to info@polle.fi with the subject line "Data deletion request." Please include the email address associated with your account.
We will process your request within 30 days. Some data may be retained where required by law (e.g. accounting records under Finnish bookkeeping obligations).
11. Changes to This Policy
We may update this privacy policy from time to time. The "Last updated" date at the top of the page reflects the most recent revision. Continued use of the service after changes constitutes acceptance of the updated policy.