Privacy Policy for Jakttider

Last updated: 25 May 2026

This Privacy Policy explains how Robert Sandberg IT AB (“we”, “us”, or “our”) collects, uses, stores, and protects personal data when you use the mobile application Jakttider (“the App”). We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection law.

Jakttider is a mobile application that provides hunting season information for different animals in Sweden. It also allows users to create hunting grounds with borders and points of interest, and to invite other users to shared hunts where all participants can see each other on a live map during an ongoing hunt.

1. Data Controller

The data controller responsible for your personal data is:

• Company: Robert Sandberg IT AB
• Organisation number: 559286-7674
• Address: Fornvägen 6, 589 51 Linköping, Sweden
• Privacy & data protection contact: gdpr@sandbergit.se

2. Age Restriction

The App is intended for users who are 16 years of age or older. We do not knowingly collect personal data from children under the age of 16. If you are under 16, you must not use the App or provide any personal data to us. If we become aware that a user is under 16, we will promptly delete their account and associated data. If you believe we have inadvertently collected data from a child under 16, please contact us at gdpr@sandbergit.se.

3. What Personal Data We Collect and Why

Use of the App’s basic features (hunting season information) does not require an account and no personal data is collected for that use. An account is required to access social features such as creating hunting grounds and participating in shared hunts.

3.1 Account Data

• Data collected: Display name and e-mail address.
• Purpose: To create and manage your user account and to identify you to other users you have invited to a hunt.
• Legal basis: Your consent, given when you register an account (GDPR Article 6(1)(a)).
• Stored in: Firebase Authentication and Cloud Firestore (Google LLC).

3.2 Password

• Data collected: Your password, if you sign in with e-mail and password.
• Purpose: Authentication.
• Legal basis: Consent (GDPR Article 6(1)(a)).
• Stored in: Firebase Authentication only. Passwords are hashed and salted by Google’s infrastructure; we never have access to your plaintext password.

3.3 Precise GPS Location

• Data collected: Your precise device location (latitude and longitude).
• Purpose: To display your position — and the positions of other participants in the same hunt — on a live map during an ongoing hunt. Location data is visible only to participants of the same active hunt session.
• Legal basis: Consent (GDPR Article 6(1)(a)). Location sharing begins only when you explicitly start or join a hunt session, and stops when the session ends.
• Retention: Location data is stored in the database only for the duration of the active hunt session. It is permanently deleted from the database as soon as the hunt session ends. No location history is stored or accessible after a hunt.

3.4 Hunting Ground and Point-of-Interest Data

• Data collected: Map data you create: hunting ground boundaries, names, descriptions, and points of interest (including any photos you upload).
• Purpose: To save and display your hunting grounds and share them with users you invite.
• Legal basis: Consent (GDPR Article 6(1)(a)).
• Stored in: Cloud Firestore and Firebase Storage (Google LLC).

3.5 Push Notification Token

• Data collected: A device-specific token issued by Firebase Cloud Messaging.
• Purpose: To send you push notifications such as hunt invitations.
• Legal basis: Consent (GDPR Article 6(1)(a)). You are asked for permission before the App sends notifications, and you may revoke this in your device settings at any time.
• Stored in: Cloud Firestore and Firebase Cloud Messaging (Google LLC).

3.6 In-App Feedback

• Data collected: Your e-mail address and the message you write when submitting feedback through the App.
• Purpose: To receive, review, and respond to user feedback, bug reports, and feature requests.
• Legal basis: Consent (GDPR Article 6(1)(a)). Submission is entirely voluntary; you choose to provide your e-mail address and message.
• Stored in: Cloud Firestore (Google LLC).
• Retention: Feedback is retained for as long as it is relevant for development or support purposes. You may request deletion of your submitted feedback at any time by contacting gdpr@sandbergit.se.

3.7 Crash Reports and Diagnostic Data

• Data collected: Anonymised crash logs, stack traces, device model and OS version, and App version.
• Purpose: To detect, diagnose, and fix technical problems in the App.
• Legal basis: Our legitimate interest in maintaining a stable and secure application (GDPR Article 6(1)(f)).
• Processed by: Firebase Crashlytics (Google LLC). No directly identifying information (name, e-mail) is included in crash reports.

3.8 App Usage Analytics

• Data collected: Aggregated, pseudonymised usage events such as which screens are visited, feature usage, and session duration.
• Purpose: To understand how the App is used and to improve its features and user experience.
• Legal basis: Our legitimate interest in improving the App (GDPR Article 6(1)(f)).
• Processed by: Google Analytics for Firebase (Google LLC). Please be aware that Google may process this data in accordance with Google’s Privacy Policy. We do not share any directly identifying data with Google Analytics. We do not use analytics data for advertising purposes.

4. Third-Party Data Processors

We use the following Google services to operate the App. Google LLC acts as our data processor under a Data Processing Agreement. All services are operated under Google’s GDPR commitments: https://cloud.google.com/security/gdpr.

• Firebase Authentication – Account management and login
• Cloud Firestore – Storage of user and application data
• Firebase Storage – Storage of uploaded images and files
• Firebase Cloud Messaging (FCM) – Push notifications
• Firebase Crashlytics – Crash reporting
• Google Analytics for Firebase – App usage analytics

We do not use any advertising networks, sell your personal data to third parties, or share your data with any party not listed above, except where required by law.

5. International Data Transfers

Google LLC is headquartered in the United States. Data processed by Google Firebase services may be stored and processed outside the European Economic Area (EEA). Google provides appropriate safeguards for such transfers through the EU Standard Contractual Clauses (SCCs) and by adhering to the EU–U.S. Data Privacy Framework. For more information, see Google Cloud GDPR.

6. Data Retention

• Account data (name, e-mail): retained for as long as your account is active. If your account has been inactive for more than 3 years and you have not requested deletion, we reserve the right to delete it.
• Hunting ground and POI data: retained until you delete it within the App or request account deletion.
• GPS location: stored in the database only during an active hunt session; permanently deleted from the database as soon as the session ends. No location history is ever retained.
• Push notification token: retained while your account is active; deleted on account deletion.
• Crash reports: retained by Crashlytics for up to 90 days.
• Analytics data: retained by Google Analytics per Google’s default retention settings (up to 14 months for user-level data).

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:

• All data in transit is encrypted using TLS.
• Data at rest is encrypted by Google Firebase infrastructure.
• Access to data stores is restricted by Firebase Security Rules.
• Passwords are never stored in plaintext.

No method of transmission or storage over the internet is 100% secure. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by GDPR.

8. Your Rights Under GDPR

As a data subject in the EU/EEA you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request correction of inaccurate data.
• Right to erasure (“right to be forgotten”): You may request deletion of your personal data. You may also delete your account directly within the App.
• Right to restriction of processing: You may request that we limit the processing of your data in certain circumstances.
• Right to data portability: You may request a copy of your data in a structured, machine-readable format.
• Right to object: You may object to processing based on our legitimate interests.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at gdpr@sandbergit.se. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish supervisory authority, Integritetsskyddsmyndigheten (IMY): www.imy.se.

9. Cookies and Similar Technologies

The App itself does not use cookies. Firebase and Google Analytics may use locally stored identifiers (analogous to cookies) on your device for analytics and crash-reporting purposes. These identifiers do not directly identify you by name or e-mail address.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page and, where appropriate, by sending a notification through the App. Your continued use of the App after the effective date of changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact:

• Robert Sandberg IT AB
• Fornvägen 6, 589 51 Linköping, Sweden
• Organisation number: 559286-7674
• E-mail: gdpr@sandbergit.se