User Safety and Protection Policy

1. Purpose of this document

This User Safety and Protection Policy describes the measures applied in OnlyDay to:

• protect users,
• moderate user-generated content,
• prevent abuse and fraud,
• comply with Apple App Store, Google Play, GDPR, and the Digital Services Act (DSA).

This document is intended for Platform users and for app-store review and publication purposes.

2. General security principles

We follow these security principles:

• user safety is a priority, including protection from fraud, abuse, and illegal content;
• reasonable and proportionate technical and organisational security measures are applied, considering the scale and nature of the service;
• zero tolerance for content or behaviour that threatens users or violates the law;
• transparent moderation rules and the ability to report violations;
• minimisation of personal data processing and protection of data in accordance with GDPR.

3. Age restrictions and protection of minors

The app is not intended for children.

Provider registration is allowed only for individuals aged 18+.

If a minor account is detected, the Platform may request age verification or block the account.

Child sexual exploitation content is prohibited and will be removed immediately, with escalation to competent authorities where legally required.

4. User-generated content (UGC)

4.1 Types of user-generated content

The app may include the following user-generated content:

• Customer requests;
• Provider fixed services;
• Listings/ads (if enabled);
• Reviews and ratings;
• Chat messages and attachments;
• Images and files.

4.2 Limits and technical restrictions

All upload areas have a limit of up to 5 files per upload.

File types and sizes are restricted by product settings.

Key actions are logged to prevent abuse.

The Platform applies additional technical measures to protect against abuse, including:

• limits on posting and reporting frequency;
• file and content checks;
• temporary restrictions or suspension of functions when suspicious activity is detected.

5. Prohibited content and behaviour (Acceptable Use)

It is prohibited to post:

• illegal services or content;
• fraud, fake profiles, or misleading information;
• threats, harassment, discrimination, or hate speech;
• sexual content, especially involving minors;
• third-party personal data without a lawful basis;
• malicious files, phishing, or spam;
• attempts to bypass the Platform's payment rules (including bypassing Stage 2 via Stripe).

Violations may result in content removal, feature restrictions, or account suspension.

6. Moderation and reporting mechanism (Notice & Action, DSA)

6.1 Submitting a report (Notice)

Users can submit a report:

• via the "Report" button in the app (content, profile, review, message);
• by email: support@onlyday.fi.

Reports should include a description of the issue and a link or identifier of the content.

6.2 Handling reports (Action)

The report handling process includes:

• registering the report in the moderation system;
• initial review of the report;
• assessing user risk and content legality;
• taking a decision: no change, limit visibility, hide, remove content, restrict features, or suspend the account;
• requesting additional information from the parties if needed.

The Platform aims to handle reports within reasonable timeframes, prioritising cases related to user safety or potentially illegal content.

6.3 Statement of reasons and appeals

Following moderation, the user receives an explanation of the decision ("statement of reasons").

Decisions may be appealed via support@onlyday.fi within a reasonable period.

Finland's national Digital Services Coordinator is Traficom.

7. Reviews and ratings

Review window: N days after order completion (default 10).

Until the window ends, reviews are hidden from the other party.

After publication, editing is not allowed.

All reviews are moderated.

Insults, personal data, defamation, and spam are prohibited.

8. Support and disputes

Support channels: website form, email support@onlyday.fi, in-app tickets.

An order dispute can be opened from deal confirmation until completion.

When a dispute is opened, the Platform may freeze auto-completion timers until a moderator or administrator resolves the case.

Recommended SLAs:

• first response: 24–48 hours on business days;
• critical cases (payments, safety): prioritised.

The Platform acts as an intermediary and coordinator for dispute resolution and does not assume the role of a court or arbitration body.

Moderator/admin decisions aim to reduce risks and restore safe interaction between Users.

9. Payments and financial security

Payments are processed via Stripe. Stripe complies with industry security standards, including PCI DSS requirements.

The Platform does not receive or store full payment card details.

Critical payment events are logged.

Order logic is split into Stage 1 and Stage 2 depending on Provider type.

Decisions on disputed transactions are handled via support with auditability preserved.

10. Authentication and account protection

Authentication is provided via Firebase Auth (Email / Google / Apple).

Abuse-prevention measures are used (rate limits, activity monitoring).

Access to administrative functions is restricted by roles and the principle of least privilege.

11. Data protection and privacy

Data is transmitted over secure channels (TLS).

Only data necessary for the service is collected.

Users have GDPR rights (access, deletion, portability, etc.).

Current policies are available at:

• Privacy Policy: https://api.onlyday.fi/pages/privacy
• Terms of Service: https://api.onlyday.fi/pages/licence

12. Incident response and vulnerabilities

Security issues and vulnerability reports are accepted at support@onlyday.fi.

The Platform reviews such reports and, if necessary, may:

• temporarily restrict specific functions;
• suspend access for specific users;
• take other reasonable measures to prevent harm to users and the Platform.

13. Accessibility

We aim to comply with WCAG 2.1 AA accessibility requirements.

Accessibility feedback: support@onlyday.fi.

14. Legal information and contacts

• Operator: OnlyDay Oy, 3554909-5
• Address: Haarajoenkatu 9, 04480, Haarajoki
• Support: support@onlyday.fi
• Privacy: support@onlyday.fi
• Moderation / DSA: support@onlyday.fi