Visma Enterprise Oy Mobile app Privacy

Visma Enterprise takes security and privacy very seriously. We are ISO 27001 certified and run a private Bug Bounty program on The collected data is used solely for the intended purpose and for improving the service, via statistics and usage analysis, no personal data is sold to any third party.

What data we collect

The collected data includes the pictures you take or pick from gallery and PDF attachments that you want to attach to travel claims as receipts. The pictures that you have taken or files selected as attachments will not be sent to our service until you click the “send attachments” button. Camera is also used to handle QR code reading which can be used to login the mobile app.

While using the “Journeys” function, your device collects data about your phone location and route. When you send data to the M2 server, only the journey’s time, length as well as starting- and endpoints of the route, location of the stops and their addresses are shown on the kilometre claim. All data is treated according to Finnish law and used only accordance with the agreement made with your employer.

Force to follow roads feature

By enabling the “Force to follow roads” -setting in the app, you consent to send your route information anonymously to Google Snap to Road API. Google returns the enhanced route back to the App. You may turn the setting off whenever you want, if you want to use only GPS raw data without enhancing it with Google Snap to Road API.

By using the Force to follow roads feature you are bound by Google’s Terms of Service and Google Privacy Policy

You are, at any time, able to disable the location data or camera access from the application settings in iOS and Android 6.0 or later, thus disabling “Journeys” function or camera functions.

Android specific permissions


IOS specific permissions

Privacy - Location, Location Always, Location When In Use, Camera, PhotoLibraryAddUsage, PhotoLibraryUsage, MotionUsage

Camera is used to handle QR code and barcode reading which can be used to read stamp data (if used by your organisation).

If you permit the collection of tracking information, this information can be saved with the stamps. The administrator can set the saving of tracking information with stamps as mandatory. In this case, stamping without tracking information will not be possible. All data will be processed in compliance with Finnish laws and only used for the purposes agreed upon in the agreement with your employer.

You can disable the location tracking function in the Android app’s settings at any time. In iOS and Android 6.0 or later you can at any time disable the location data or camera access from the application settings thus disabling location tracking or camera functions.

Visma Tiima and TiimaNumeron

Camera is used to handle QR code and barcode reading which can be used to read stamp data (if used by your organisation).

Android specific permissions


Visma Tiima: android.permission.INTERNET, CAMERA, VIBRATE


IOS specific permissions

TIIMA: Privacy - Location, Location When In Use, Camera

Visma Tiima: Privacy - Media Library, Calendars, Motion, Bluetooth Peripheral, Location Always, Location When In Use, Camera, Bluetooth Always, Speech Recognition

TiimaNumeron: Privacy - Camera

TIIMA Notifications

Tiima uses Amazon Simple Notification Service (Amazon SNS) to send notifications to users. At the moment it's only used to send notifications of offered work shifts (if these are used in your organisation).

If you give Tiima a permission to send notifications, then UUID given by GMC (Android) or APN (iOS) is stored in Tiima's database. If Tiima ever tries to send you a notification then Amazon Simple Notification Service is called with this UUID and SNS endpoint for sending notifications to this device is created. We use AWS services in Ireland (EU).


We do not sell your personal information to anyone, ever.



Our app security measures include but are not limited to:

HTTPS -protocol using TLS with the most secure algorithms
Network encryption
Secure authentication
Data centre location

All your data will be stored in Finland and Finland only. No data will be sent outside of EU/ETA. Anonymous location information is sent to Google Snap to road API from M2 App if “Force to follow roads” setting is enabled in the App. Very limited information is stored in Amazon AWS in Ireland (EU) and only for Tiima in case notifications are used.


Third party libraries

Android apps use a third party library called Zxing, under Apache 2.0 license.

TIIMA iOS app uses a third party library called Kal, under MIT license.

Detailed up to date list of used libraries is listed in the Apps.