Privacy Policy
Last updated: 10 July 2026
This privacy policy explains how Middle Of It processes personal data when you buy our digital products (such as the Pink Again app bundle or the Pink Again Meditation), sign in to use them, or visit our websites at middleofit.com and its subdomains.
1. Controller
- Name: [LEGAL ENTITY NAME] (trading as Middle Of It)
- Business ID: [BUSINESS ID / Y-tunnus]
- Address: [REGISTERED ADDRESS]
- Email: [CONTACT EMAIL]
- Website: middleofit.com
You can send any questions about privacy and personal data to the email address above.
2. What data we process
We process the following data about our customers:
- Email address — the key identifier: it is the address you buy with and sign in with.
- Name, if you provide one at checkout.
- Order and payment records — what you bought, when, and the payment status. Card details are processed by our payment provider Stripe; we never receive or store your full card number.
- Product-access records — which products your account is entitled to access.
- Sign-in and security logs — technical data such as IP address, browser type, and timestamps generated when you sign in to or use the gated services.
- Customer-support correspondence — messages you send us.
We do not collect analytics or behavioural-tracking data on our own websites: there are no analytics scripts, advertising pixels, or tracking cookies on middleofit.com, app.pinkagain.middleofit.com, or download.middleofit.com.
3. Purposes and legal bases of processing
We process personal data for the following purposes:
- Delivering your order: provisioning access to the app and download files and sending order and delivery emails. Legal basis: performance of a contract.
- Sign-in and access control: authenticating you by email and one-time code and keeping you signed in on the gated services. Legal basis: performance of a contract.
- Customer support: answering your questions and resolving delivery or access problems. Legal basis: performance of a contract and our legitimate interest in serving customers.
- Security and fraud prevention: protecting accounts, purchases, and our services against misuse. Legal basis: our legitimate interest.
- Email newsletters and marketing: sent only to those who have given their consent. Every message includes an easy way to unsubscribe, and you can withdraw your consent at any time. Legal basis: consent.
- Legal obligations: bookkeeping and taxation. Legal basis: legal obligation.
4. Where the data comes from
We receive personal data:
- directly from you when you place an order, sign in, subscribe to emails, or contact us
- from our service providers as a necessary part of processing your order, payment, and sign-in (systeme.io, Stripe, WorkOS)
5. How long we keep the data
We keep personal data only as long as needed for the purposes above:
- Customer and order data is deleted no later than 5 years after your last purchase or contact.
- Email-list data is kept until you unsubscribe.
- Bookkeeping material is kept as required by the Finnish Accounting Act (as a rule, 6 years for vouchers and 10 years for accounting books, counted from the end of the financial year).
We remove outdated or unnecessary data regularly as part of our data-security practices.
6. Recipients and processors
We use trusted service providers to run our services:
- systeme.io (Systeme.io SAS, France) — the checkout and sales funnels at get.middleofit.com, order emails, and email lists.
- Stripe (Stripe Payments Europe Ltd / Stripe, Inc.) — payment processing.
- WorkOS (WorkOS, Inc., USA) — sign-in (email + one-time code) and session management for the gated services.
- Netlify (Netlify, Inc., USA) — website hosting.
These providers process data under GDPR-compliant data-processing agreements. We do not sell personal data, and we do not share it with advertising networks.
7. Transfers outside the EU/EEA
Some of our providers (for example Stripe, WorkOS, and Netlify) may process data in the United States. In these cases the transfer is protected by safeguards required by the GDPR, such as the EU–US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses.
8. How we protect the data
All traffic to our services is encrypted (TLS). Access to personal data is limited to the people who need it, behind personal credentials. The gated services require authentication, and we never store payment-card details ourselves.
9. Your rights
Under the GDPR you have the right to:
- access the data we hold about you
- have inaccurate data rectified and unnecessary data erased
- restrict the processing of your data in the situations defined by law
- object to processing based on legitimate interest — and to direct marketing at any time
- receive the data you have provided in a machine-readable format (data portability)
- withdraw your consent at any time, for example by unsubscribing from emails
To use these rights, contact [CONTACT EMAIL]. If you consider that your data has been processed unlawfully, you can lodge a complaint with the Office of the Data Protection Ombudsman in Finland (tietosuoja.fi).
10. Cookies
Our own websites set only strictly necessary cookies (sign-in session and product access) — no analytics or advertising cookies. The checkout at get.middleofit.com runs on systeme.io and uses systeme.io's and Stripe's cookies. See the Cookie Policy for details.
11. Changes to this policy
We may update this policy when our services or legal requirements change. The date of the latest update is shown at the top of the page.
12. Contact
- [LEGAL ENTITY NAME] (trading as Middle Of It)
- Business ID: [BUSINESS ID / Y-tunnus]
- Email: [CONTACT EMAIL]
- Website: middleofit.com