Last updated April 30, 2026
This privacy notice describes how Tjamigo ('we', 'us', or 'our') collects, uses, and shares your personal data when you use our mobile application and website (collectively, the 'Services').
Tjamigo is a community platform for offline social activities in Stockholm, Sweden. The Services are operated by Martin Nordström as the data controller for the purposes of the EU General Data Protection Regulation (GDPR) and Swedish data protection law.
If you have any questions about this privacy notice, your personal data, or how to exercise your rights, please contact us at tjamigo.app@gmail.com.
- Who we are. Tjamigo is operated by Martin Nordström, based in Stockholm, Sweden. You can reach us at tjamigo.app@gmail.com.
- What we collect. Account information you provide (name, email, profile details), content you create on the platform (events, messages, photos), and technical data your device shares automatically (IP address, device type, app usage). We do not process sensitive personal data.
- Why we process it. To provide the Services, allow you to communicate with other users, keep the platform secure, fix bugs, and understand how the Services are used so we can improve them.
- Who we share it with. A small number of trusted service providers (Firebase, Vercel, Expo, Google Analytics, Sentry) who help us run the Services. We never sell your personal data.
- Your rights. Under the GDPR you have rights of access, rectification, erasure, restriction, objection, and data portability. You can also delete your account directly in the app, which removes your data from our active databases.
- Complaints. If you believe we are mishandling your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at https://www.imy.se.
1. WHO WE ARE
2. WHAT INFORMATION DO WE COLLECT?
3. HOW DO WE USE YOUR INFORMATION?
4. WHAT LEGAL BASES DO WE RELY ON?
5. WHO DO WE SHARE YOUR INFORMATION WITH?
6. COOKIES AND SIMILAR TECHNOLOGIES
7. SOCIAL LOGINS
8. HOW LONG DO WE KEEP YOUR INFORMATION?
9. HOW DO WE KEEP YOUR INFORMATION SAFE?
10. INTERNATIONAL DATA TRANSFERS
11. CHILDREN'S PRIVACY
12. YOUR PRIVACY RIGHTS
13. UPDATES TO THIS NOTICE
14. HOW TO CONTACT US
The Services are operated by Martin Nordström, based in Stockholm, Sweden, who acts as the data controller for personal data processed through the Services. You can contact us at any time at tjamigo.app@gmail.com.
Information you provide to us
When you create an account or use the Services, you may provide us with:
- Account details: your name, email address, password (stored as a salted hash, never in plain text), username, and profile picture if you choose to upload one.
- Profile information: any optional information you add to your profile, such as a short bio or interests.
- Content you create: events you organise or attend, messages you send to other users, photos and other content you upload, comments and reviews.
- Communications with us: when you contact us by email, we will keep a record of that correspondence.
We do not process sensitive personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation). Please do not submit such data through the Services.
Information collected automatically
When you use the Services, certain information is collected automatically, including:
- Device and technical data: IP address, device model, operating system, app version, browser type, language preferences, and crash logs.
- Usage data: which features you use, which screens you view, and how often you interact with the Services. This data is aggregated and is not linked to you personally in our analytics.
- Approximate location: derived from your IP address. We use this to show you relevant local events. We do not track precise GPS location unless you explicitly grant permission for a specific feature that requires it.
Information from third parties
If you choose to sign in with Google or Apple, we receive your name, email address, and (where applicable) profile picture from that provider. We do not receive your password or access to your other account data. See section 7 for more details.
We use your personal data to:
- Create and manage your account, including authentication and password recovery.
- Operate the Services so you can find, attend, and organise events.
- Allow you to communicate with other users through the platform.
- Send you transactional notifications related to your account or to events you are involved in (for example, when an event you signed up for changes time).
- Detect and prevent fraud, abuse, and security incidents.
- Monitor the technical health of the Services, fix bugs, and improve features based on aggregated usage data.
- Comply with legal obligations.
We do not currently send marketing or promotional emails. If we introduce such communications in the future, we will only send them based on your prior consent, and you will be able to opt out at any time.
Under the GDPR, we rely on the following legal bases when we process your personal data:
- Performance of a contract (Article 6(1)(b)) — to provide the core Services you have signed up for, such as creating your account, hosting your content, and enabling communication with other users.
- Legitimate interests (Article 6(1)(f)) — to keep the Services secure and reliable, prevent abuse, fix bugs, and understand aggregated usage so we can improve the platform. We have considered your interests and rights and concluded that these activities do not unduly affect them.
- Consent (Article 6(1)(a)) — for any optional processing where we ask for your permission first, such as optional analytics cookies and (in the future) any marketing communications. You can withdraw consent at any time without affecting processing that took place before withdrawal.
- Legal obligation (Article 6(1)(c)) — where we must process data to comply with applicable law, for example to respond to a valid legal request.
We never sell your personal data. We share your data only with the following categories of recipients:
Other users of the Services
Information you choose to make public — such as your name, profile picture, events you organise, and content you post — is visible to other users of the Services. Direct messages you send are visible to the recipient.
Service providers (subprocessors)
We use a small number of trusted providers to operate the Services. These providers process your data only on our instructions, under written data processing agreements:
- Firebase / Google Cloud (Google Ireland Limited) — authentication, database (Firestore), file storage, push notifications, and cloud functions. Data is stored in Google Cloud regions within the EU.
- Vercel (Vercel Inc.) — hosting and content delivery for our website (tjamigo.com).
- Expo (650 Industries, Inc.) — mobile app infrastructure, including over-the-air updates and push notification routing.
- Google Analytics (Google Ireland Limited) — aggregated usage statistics with IP anonymisation enabled. We do not link analytics events to identifiable user accounts.
- Sentry (Functional Software, Inc., d/b/a Sentry) — error and crash reporting so we can fix bugs. We do not deliberately send personal data to Sentry, although technical error reports may incidentally contain limited identifiers such as user IDs.
Where any of these providers are based outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards approved under GDPR Article 46. See section 10 for more details.
Legal and safety disclosures
We may disclose your data if required by law, by a binding court order, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Tjamigo, our users, or the public.
We use a small number of cookies and similar technologies on our website and in connection with the mobile application. For full details — including which cookies we use, why, and how to control them — please see our Cookie Policy.
In short:
- Strictly necessary — required for the website to function (for example, to keep you signed in). These do not require your consent under EU law.
- Analytics — set by Google Analytics to help us understand aggregated usage. These are placed only where consent is required and given.
You can manage cookies through your browser settings, and you can opt out of Google Analytics tracking at any time by installing the official Google Analytics opt-out add-on at tools.google.com/dlpage/gaoptout.
You may register or sign in to the Services using your Google or Apple account. When you do, the relevant provider shares limited profile information with us (typically your name, email address, and profile picture). We do not receive your password and we do not have access to your other account data on those platforms.
Your use of the Google or Apple sign-in features is governed by their own privacy policies, which we recommend you review.
We keep your personal data only as long as necessary for the purposes set out in this notice. As a general rule:
- Account data is kept for as long as your account is active. When you delete your account through the in-app feature, we remove your personal data from our active databases.
- Content you have shared with others (such as messages you have sent, or events you have organised that other users attended) may continue to be visible to those users after your account is deleted, in line with their reasonable expectations of using the Services.
- Backups are retained for up to 30 days, after which deleted data is permanently removed from our backup systems.
- Error reports in Sentry are retained for up to 90 days.
- Aggregated analytics in Google Analytics are retained for up to 14 months and are not linked to identifiable individuals.
- Communications with us by email may be retained for up to 24 months for support and accountability purposes.
We may retain certain data for longer where we are required to do so by law (for example, accounting records) or to defend against legal claims.
We use reasonable technical and organisational security measures to protect your personal data, including encryption in transit (HTTPS), encryption at rest provided by our cloud providers, role-based access controls, and password hashing.
However, no online service can be guaranteed to be completely secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Swedish Authority for Privacy Protection (IMY) within 72 hours and inform affected users in accordance with GDPR Articles 33 and 34.
We aim to keep your personal data within the European Economic Area (EEA). Some of our service providers (such as Vercel, Expo, and Sentry) may process limited data outside the EEA, in particular in the United States. Where this happens, we rely on safeguards approved under GDPR Article 46, including the European Commission's Standard Contractual Clauses, to ensure your data continues to be protected to an equivalent standard.
The Services are not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at tjamigo.app@gmail.com and we will delete the data without undue delay.
Under the GDPR, you have the following rights in relation to your personal data:
- Right of access — to obtain a copy of the personal data we hold about you.
- Right to rectification — to have inaccurate or incomplete data corrected.
- Right to erasure ('right to be forgotten') — to have your personal data deleted in the circumstances set out in the GDPR.
- Right to restriction of processing — to ask us to limit how we use your data in certain situations.
- Right to data portability — to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
- Right to object — to object to processing based on our legitimate interests, including profiling.
- Right to withdraw consent — where processing is based on your consent, you can withdraw it at any time.
You can exercise these rights at any time by emailing us at tjamigo.app@gmail.com. We will respond within one month, as required by the GDPR. The easiest way to exercise the right to erasure is to use the in-app account deletion feature, which removes your personal data from our active databases.
If you believe we are mishandling your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at www.imy.se. We would, however, appreciate the chance to address your concerns directly first — please contact us at tjamigo.app@gmail.com.
We may update this privacy notice from time to time to reflect changes in our practices or for legal reasons. The updated notice will be indicated by a new "Last updated" date at the top of this page. If we make material changes, we will notify you through the Services or by email. We encourage you to review this notice periodically.
If you have any questions about this privacy notice, would like to exercise your rights, or have any other concerns about your personal data, please contact us:
Tjamigo
c/o Martin Nordström
Stockholm, Sweden
tjamigo.app@gmail.com