Privacy Policy

1. Data Controller

The data controller for your personal data is:

2. Data We Collect

2.1 Account Data

When you create an account we collect:

• your email address
• a username you choose
• your invitation code

2.2 Content You Upload

Photos and videos you upload, along with associated metadata such as captions and timestamps. We do not read or process the EXIF location data embedded in your images.

2.3 Subscription Data

We process your subscription status through Apple App Store or Google Play. We do not store your payment card details — these are handled entirely by Apple or Google.

2.4 Usage Data

Basic technical logs necessary to operate and secure the service, including:

• device type and operating system version
• app version
• error logs and crash reports

We do not use analytics SDKs or third-party advertising trackers.

3. How We Use Your Data

We use your data solely to:

• provide and maintain the App and its features
• verify your subscription entitlement
• send you service-related communications (e.g. security alerts, policy updates)
• detect and prevent abuse or violations of our Terms of Service

We do not use your data to build advertising profiles, and we do not sell or share your data with third parties for marketing purposes.

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

• Contract performance — processing necessary to provide the App and the subscription service you have purchased (Art. 6(1)(b)).
• Legitimate interests — processing for security, fraud prevention, and service improvement, where such interests are not overridden by your rights (Art. 6(1)(f)).
• Legal obligation — where we are required to process data to comply with applicable law (Art. 6(1)(c)).

5. Data Storage and Security

All data is stored on servers located in Sweden via Supabase infrastructure hosted within the European Economic Area. We apply appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction, including:

• encryption in transit (TLS) and at rest
• access controls limiting data access to authorised personnel only
• row-level security policies on all database tables

6. Data Sharing

We do not sell your personal data. We may share data only in the following limited circumstances:

• Service providers — we use Supabase as our backend infrastructure provider, solely for storing and serving your data under a data processing agreement consistent with GDPR.
• Apple / Google — subscription management is handled by Apple App Store and Google Play. Their privacy policies apply to payment processing.
• Legal requirements — we may disclose data if required by law, court order, or governmental authority.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all your Content and personal data will be permanently erased from our servers within 60 days. You may request earlier deletion by contacting us directly.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your personal data ("right to be forgotten").
• Restriction — request that we limit processing of your data in certain circumstances.
• Data portability — receive your data in a structured, commonly used, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se.

9. Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

10. Cookies and Tracking

The App does not use cookies or cross-app tracking. We do not employ advertising SDKs, behavioural analytics, or any third-party tracking technology.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the App or by email. The updated policy will be effective from the date indicated at the top of this document.

12. Contact Us

For questions, requests, or concerns about this Privacy Policy or your personal data, please contact: