Helmet App Privacy Policy

Last updated: 16 May, 2026

Overview

Helmet is an independent mobile application for browsing the Helsinki Metropolitan Area Libraries (Helmet) catalog and managing your library account. This app is not affiliated with, endorsed by, or officially connected to the Helmet library consortium, the Helsinki City Library, or any member municipality’s library system.

Your privacy is important. This policy explains what data the app accesses, how it is stored, and what is shared.

Data collection and storage

Data stored on your device only

All personal data is stored exclusively on your device. The app does not operate any servers, databases, or cloud services. Specifically:

• Library session cookies — Stored in the iOS Keychain (encrypted, hardware-backed) to maintain your login session with helmet.finna.fi.
• Library card number — Stored in the iOS Keychain for displaying your library card barcode.
• Search history — Stored locally using SwiftData. You can clear these at any time from within the app.
• Cached account data — Loan, hold, and fine information cached locally using SwiftData. Refreshed on login, cleared on logout.
• Language preference — Stored in UserDefaults on your device.

Data NOT collected

The app does not:

• Collect, transmit, or store any personal data on external servers
• Use analytics, crash reporting, or telemetry services
• Use advertising or ad tracking
• Share any data with third parties
• Access your contacts, photos, location, microphone, or camera
• Create user accounts or profiles beyond your existing library account

Network communication

The app communicates exclusively with the following services operated by the Finnish library system:

• api.finna.fi — The Finna public API, for catalog searches and item details. No authentication required. No personal data sent.
• helmet.finna.fi — The Helmet library web portal, for login and account data. Uses HTTPS with standard session management.
• api.kirjastot.fi — The Finnish Libraries public API, for library hours and locations. No authentication required. No personal data sent.

All network communication uses HTTPS encryption.

Authentication

When you log in, the app opens the official helmet.finna.fi login page in an embedded web view. Your credentials are entered directly on the library’s website — the app never sees, intercepts, or stores your username or password. Only the resulting session cookies are stored.

Notifications

If you grant notification permission, the app schedules local notifications for upcoming loan due dates. These are generated entirely on your device — no push notification server is involved.

Data deletion

• Log out: Tap Settings → Log Out to clear all session data, cached account data, and your library card number.
• Search history: Tap “Clear” on the search screen to remove all saved queries.
• Uninstall: Removing the app deletes all stored data, including Keychain entries.

Children’s privacy

The app does not knowingly collect personal information from children. Library account access requires credentials issued by the Helmet library system.

Changes to this policy

This privacy policy may be updated to reflect changes in the app. The “Last updated” date at the top indicates the most recent revision.

Contact

If you have questions about this privacy policy, you can reach the developer at apps@mla.run.

Helmet — Your library, your pocket is an independent project and is not affiliated with, endorsed by, or officially connected to the Helsinki Metropolitan Area Libraries (Helmet), the Helsinki City Library, Espoo City Library, Vantaa City Library, or Kauniainen City Library.