Matdags Privacy Policy - Minska matsvinn app

Last updated: December 19th, 2025

Introduction

We at Matdags Technologies AB (“Matdags”, “we”, “us”) value your privacy and are committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use and share it, and your rights in relation to your personal data. We aim to use clear and simple language in compliance with the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection laws (e.g. Dataskyddslagen). By using our mobile application or website (the “Services”), you agree to the practices described in this Policy. If you do not agree, please do not use the Services.

Who We Are

Matdags Technologies AB (org. no. 559490-9672) is the controller responsible for your personal data. We are a Swedish company with a mission to help you reduce food waste by tracking groceries and expiry dates. Our business address is Edsviksvägen 31E, 182 33 Danderyd, Sweden. If you have any questions about this Policy or how we handle your data, please contact us at info@matdags.se.

The Data We Collect

We only collect personal data that is necessary for the purposes described in this Policy. This includes:

Account Information: When you sign up as a user or tester, we collect personal details such as your name and email address. We may also collect your phone number if you provide it (e.g. optional in our tester signup form). If you register via a third-party platform (like Apple), we receive information such as your name and email from that service (subject to your consent with them). We do not collect personal identity numbers (personnummer) or national ID, our Services do not require these, and we will only process such identifiers if clearly justified and lawful.
Profile and Usage Data: This is the information you provide or generate through using the Matdags app: for example, the grocery items you add (by scanning barcodes or receipts or manual entry), their expiration dates, your saved recipes or meal plans, and any preferences or settings (like notification preferences). It also includes feedback you give us about the app (e.g. responses to surveys or follow-up questions if you’re a test user).
Images and Scans: If you use our app’s camera features (such as scanning a product barcode or photographing a receipt), the image data will be processed. Our app uses AI-based image recognition to extract the relevant information (e.g. list of purchased items and their best-before dates) from your photos. We may temporarily upload these images to our servers for text recognition and analysis, and then store the extracted data (like product names and dates) to provide the Service. We do not use these images for any purpose other than providing and improving the Service, and we delete or anonymize them after processing (unless we explicitly inform you and obtain consent to retain them longer for improving our recognition algorithm).
Technical and Device Data: When you use our Services, we collect certain technical information automatically. This includes device identifiers, operating system and app version, IP address, and cookies or similar tracking technologies (for website visitors). This data helps us ensure the app works correctly across different devices, and assists with security and analytics. For example, our website might log your IP address and browser type when you visit, and our app might record crash logs or usage analytics (if you consent) to diagnose issues.
Cookies and Website Usage Data: If you visit our website, we may use cookies or similar technologies to remember your preferences and analyze traffic. Cookies are small text files stored on your device. Some cookies are essential for site functionality (e.g. to remember that you’ve submitted a form), while others (like analytics cookies) help us improve the user experience. See Cookies and Tracking below for more details.
Communication Data: If you contact us (for example, via email, social media, or support channels), we will collect the information you provide in those communications. This may include your contact details and the content of your message. We use this data to respond to you and keep records of our correspondence (e.g. support tickets or feedback). We may also record your consent preferences (such as whether you opted-in to certain communications).

Children: Our Services are not directed to children under 13. We do not knowingly collect personal data from anyone under the age of 13. If you are between 13 and 16 years old, you should ensure that your parent or guardian has reviewed and agreed to your use of our Service if consent is required. If we learn that we have collected personal data from a child under 13 without appropriate consent, we will delete that information.

We do not collect any special categories of sensitive personal data (such as health information, racial or ethnic origin, political opinions, etc.) about you. The data we collect is generally limited to the categories listed above. If we ever need to process sensitive data, we will only do so in accordance with GDPR Article 9 and applicable law (for instance, with your explicit consent or if required by law).

How We Use Your Data (Purposes and Legal Bases)

We process personal data only for specific and legitimate purposes, and always on a legal basis under GDPR (Article 6). Below we explain the purposes for which we use your information and the corresponding legal grounds:

To Provide and Personalize the Service: We use your data to operate the Matdags app’s core features. This includes maintaining your inventory of groceries and expiration dates, sending you timely reminders before products expire, and providing recipe suggestions tailored to the items you have. It also includes allowing you to plan meals and track your food usage. Legal basis: Performance of a contract, we process your data because it is necessary to deliver the service you have requested (Art. 6(1)(b) GDPR). When you sign up and agree to our Terms, a contract is formed for us to provide the app’s functionality. We cannot provide these features without processing your data (e.g. we need to store your list of groceries to remind you about them).
Account Management and User Support: We use account data (like your email) to manage your registration, authenticate you when you log in, and to communicate with you about your account. For example, we might send service-related communications such as confirmation emails, critical app updates, changes to terms or this policy, or alerts about security or privacy. If you contact us for help, we will use your information to respond and resolve issues. Legal basis: Contractual necessity for essential communications (Art. 6(1)(b)), and our legitimate interests (Art. 6(1)(f)) in providing good customer service and maintaining user satisfaction. We have a legitimate interest in helping our users and ensuring the service works smoothly, and we balance this interest with your rights, support communications typically benefit you, but you can object if you believe our handling of your data for support unreasonably impacts your privacy (see Your Rights below).
Feedback, Research and Service Improvement: If you are a test user or otherwise provide feedback (e.g. by answering questionnaires about your cooking habits or app experience), we process that information to improve our product. We also analyze how users in general use the app (for example, feature usage patterns, aggregate statistics on how many items people track or how many reminders are sent) to understand what works and what could be better. We may use automated means (including AI and analytics tools) to process usage data and derive insights for improvement. These analyses help us refine our AI models (e.g. improving receipt scanning accuracy) and introduce new features that better serve our users. Legal basis: Our legitimate interests (Art. 6(1)(f) GDPR) in improving and developing our services. We consider this processing beneficial to users as well (leading to a better app experience) and have determined it does not override your privacy rights, especially since much of this data is analyzed in an aggregated or pseudonymized form. You have the right to object to processing for product improvement if you have particular reasons (see Your Rights), and if we ever want to use your feedback in a way that identifies you beyond these purposes, we will seek your consent. If you are a test user specifically, we will use your provided information and responses with your consent (Art. 6(1)(a)), since our tester sign-up explicitly asks for your consent to be contacted for follow-up questions. You can withdraw that consent at any time (for example, if you no longer wish to be part of our testing program).
Personalized Experience: We may use your data to personalize aspects of the service beyond the core functionality. For example, we might suggest content, tips or promotions that align with your usage (such as highlighting a feature you haven’t tried, or suggesting seasonal recipes if we see you have certain ingredients). We will only do this in a way that is not intrusive and respects your choices. Legal basis: In most cases, this is part of the contractual service (Art. 6(1)(b)), as personalization (like recipe suggestions) is a key feature you expect. In other cases, it may rely on legitimate interests, for instance, recommending an optional feature we think you’ll find useful. We ensure any such profiling is low-risk and never used to make decisions with legal or significant effects on you. (Matdags does not engage in any automated decision-making that produces legal or similarly significant effects, see below for more on profiling).
Marketing and Newsletters: We may occasionally want to send you news about Matdags, such as newsletters, information about new services or invites to events. We will only use your email or other contact info for marketing if you have given us your consent (for example, by subscribing to a newsletter or opting in during signup). You are free to withdraw that consent at any time. Every marketing email will include an “unsubscribe” link, and you can also contact us to opt out. If you are an existing user, we might send you very limited service-related announcements about products or features similar to the Matdags app you’re using, based on our legitimate interest in growing our business and keeping users informed. However, we will always respect opt-outs, and we will never share your data with third parties for their own marketing without your explicit consent.
Security and Abuse Prevention: We monitor and use data (like device information, IP addresses, and usage patterns) to maintain the security of our Services, detect and prevent fraudulent or malicious activity, and enforce our terms of use. For example, we may use IP addresses and device IDs to detect multiple accounts abuse or to investigate suspicious activity that could be a security threat. We also need to ensure the integrity of the service (e.g. no one is hacking the app or violating others’ privacy). Legal basis: Legitimate interests (Art. 6(1)(f)) it is in our interest (and our users’ interest) that we keep our platform secure and free from misuse. We implement this in a way that minimally impacts your privacy (for instance, security logs are only accessed when needed for investigations). In some cases, processing for security may also be necessary for compliance with legal obligations (Art. 6(1)(c)), such as obligations under data protection law to implement appropriate security measures or to report certain data breaches.
Compliance with Legal Obligations: When we are subject to legal obligations, we will process and retain personal data as needed to comply. For example, Swedish accounting laws require us to retain certain transaction records or invoicing details for a minimum period (generally 7 years) since we engage in financial transactions (such as paid subscriptions). We may also need to process data to comply with court orders or binding requests from authorities. Legal basis: Legal obligation (Art. 6(1)(c) GDPR). We will only process the data necessary for compliance and only for as long as required by the law in question. For instance, if we issue any invoices or receipts, we would retain the related data for at least seven years as mandated by Bokföringslagen (the Swedish Bookkeeping Act).
Protecting Vital Interests and Public Interest: It is very unlikely, but if ever necessary, we might process personal data to protect someone’s life or vital health (Art. 6(1)(d)), or for a task in the public interest (Art. 6(1)(e)), for example if we were asked by authorities for information to contain a public health crisis. These are not typical uses for Matdags, and we would only rely on these bases in extraordinary circumstances.

Profiling and Automated Decisions: Matdags may use algorithms (including AI) to analyze your data and preferences in order to provide certain features (e.g. recommending recipes based on what you have in your pantry). This kind of profiling is done to tailor the service to you. However, we do not make any solely-automated decisions that have legal or similarly significant effects on you. In other words, no algorithm at Matdags will, for example, deny you a service or charge you a different price without human involvement. The profiling we do is intended to benefit you (e.g. reducing food waste by suggesting relevant recipes) as part of the service you signed up for. You have the right to object to profiling in certain cases, see Your Rights below, but do note that some profiling is integral to how the app works (opting out of it might mean certain features like personalized recipe suggestions won’t function). We will be transparent and provide options where feasible.

If we plan to process your personal data for any new purpose that is incompatible with the original purposes stated above, we will update this Privacy Policy and notify you before starting that processing, and if required, seek your consent.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our website, and to understand how our Services are used. Here is how we handle these:

Essential Cookies: Some cookies are necessary for our website to function. For example, if our site has a login or a form, a cookie might be used to maintain your session or remember that you have filled out part of a form. These cookies do not require consent under applicable law (but we still want you to know about them).
Analytics and Performance Cookies: We may use analytics tools (such as Google Analytics or similar, compliant with EU standards) to collect information about how visitors use our website. This can include which pages are viewed, how long, and which links are clicked. The information is collected in an anonymized or aggregated form (for instance, Google Analytics might anonymize your IP address). We use these insights to improve the content and functionality of our website (e.g. to see which info is most useful to visitors). Consent: Because these cookies are not strictly necessary, we will request your consent before using them. For example, you might see a cookie banner or pop-up when you first visit our site, allowing you to accept or decline analytics cookies. You are free to refuse, and the site will still largely work.
Advertising Cookies: None at this time. We do not use any third-party advertising or targeting cookies on our website or in our app. We do not serve ads based on your behavior, and we do not share your browsing habits with advertising networks. If this ever changes in the future, we will update this Policy and ensure proper consent mechanisms are in place.
App Analytics/Tracking: Our mobile app may collect certain analytics data to help us understand app performance (such as crash reports or usage statistics). Where these involve anything beyond the necessary telemetry for running the service, we will seek your opt-in. For instance, during onboarding, we might ask if you want to share anonymous usage data to help improve the app. You can always change your mind later in the app settings or by contacting us.

Your Choices: When using our website, you can manage cookies through our cookie consent tool (if provided) or via your browser settings. Most web browsers allow you to refuse new cookies, delete existing cookies, or alert you when cookies are being sent. Please note that blocking all cookies might impair some features of our site (for example, you might not be able to use a functionality that relies on remembering your input). For analytics cookies, you can also opt-out using tools provided by some analytics providers (e.g. Google offers a browser add-on to opt out of Google Analytics). On our app, if we use any third-party analytics or tracking, we will provide in-app controls or respect your device settings (such as the “Allow Apps to Request to Track” setting on iOS). We also do not combine mobile app analytics with third-party data for advertising purposes.

For more details on our use of cookies or to change your preferences, please refer to our Cookie Notice (if available) or contact us anytime.

How We Share Your Data

We treat your personal data with care and confidentiality. We do not sell your personal information to third parties. However, in order to provide our Services and run our business, we do share data in the following circumstances and with appropriate safeguards:

Service Providers (Processors): We employ trusted third-party companies to perform tasks on our behalf, and they may need access to personal data to do so. Examples include cloud hosting providers (for storing our database and servers), email delivery services (for sending verification or notification emails), analytics providers, and customer support tools. When we engage such service providers, we ensure they are bound by contracts that require them to process personal data only under our instructions and in compliance with GDPR (Standard Contractual Clauses or equivalent safeguards are used if they are outside the EU, see International Data Transfers below). These providers are not allowed to use your data for their own purposes or to disclose it to others. We limit the data shared to only what’s necessary for them to carry out their function.
Within Our Corporate Group: Currently, Matdags Technologies AB does not have any parent or subsidiary companies, but if in the future we are part of a group, we may share data with affiliates as needed to operate the Services (for example, if we establish a branch or hire a company under our control to process data). Any such intra-group sharing would follow the same strict rules and this Privacy Policy.
Business Transfers: If Matdags undergoes a business transaction such as a merger, acquisition by another company, or sale of all or part of its assets, personal data might be transferred to the successor entity as part of that transaction. We would ensure that the new owner continues to handle your data in accordance with this Privacy Policy (or inform you of any changes). If such a transfer is subject to additional requirements by law, we will comply with those (for example, if your consent is needed or if you must be notified).
Legal Requirements and Protection: We may disclose your personal data when required to do so by law, or in response to valid requests by public authorities. For example, we might receive a court order or subpoena requiring disclosure of certain user information, or we may need to share information with government bodies for tax or accounting purposes. We will only disclose what is necessary and will verify that the request is legitimate. Specifically, as a company based in the EU, we will only comply with non-EU government or law enforcement requests for data if they are channeled through proper international legal mechanisms (such as a mutual legal assistance treaty or an agreement under Article 48 GDPR). This means that if, for instance, a foreign (non-EU) authority seeks access to personal data, we will insist they follow the process that is recognized by EU law before we consider compliance. Our policy is to protect our users’ data against unlawful or overreaching requests. Additionally, we may share information to establish or exercise our legal rights or defend against legal claims. This could include sharing data with our legal advisors. We may also share information in emergencies when we believe it is necessary to protect someone’s vital interests, for example, communicating with law enforcement to prevent imminent harm.
Aggregated or Anonymized Data: We may share statistics and insights that are derived from your data, but in a form that does not identify you. For instance, we might publish a report on overall food waste reduction (e.g. “Matdags users reduced an average of X kg of waste per household last year”), or share aggregated usage trends with a research partner or sponsor to illustrate the impact of our app. These reports will never contain personal information about any individual user. Aggregated data cannot be linked back to you and is not considered personal data under GDPR. If we combine or use aggregated data in a way that could potentially identify you, we will treat it as personal data and ensure it’s handled according to this Policy. (Our goal, however, is to only release insights in a privacy-preserving manner.)

In all cases of sharing, we strive to minimize the data disclosed and ensure that the third party has a legitimate need to access the information. We maintain a list of our key sub-processors (critical service providers) which we can provide upon request, so you know who may handle your data.

International Data Transfers

Matdags is based in Sweden and we primarily store and process personal data within the European Union (EU)/European Economic Area (EEA). However, some of our service providers or partners may be located outside the EEA. If your personal data is transferred to a country outside the EEA, we will ensure it remains protected by adequate safeguards as required by GDPR Chapter V.

Adequacy Decisions: Some countries have been officially recognized by the EU as providing an adequate level of data protection (known as “adequacy decisions”). For example, the EU has adequacy decisions for countries like Norway (EEA member), the United Kingdom, Switzerland, Japan, Canada (commercial organizations), and others. In particular, for the United States, on July 10, 2023 the European Commission adopted an adequacy decision for the EU-US Data Privacy Framework (DPF). If we transfer data to the US, and the recipient is certified under the DPF, your data is protected under that framework which the EU deems adequate (meaning no additional transfer tool is required). For instance, if we use a U.S.-based cloud provider or email service that is DPF-certified, your data can flow to that provider under the DPF’s rules. We will inform you in this Policy which providers, if any, benefit from this mechanism.

Standard Contractual Clauses: For transfers to countries that do not have an EU adequacy decision or where our partner is not part of an approved framework like DPF, we rely on the European Commission’s Standard Contractual Clauses (SCCs). These are legal contracts that impose GDPR-level data protection obligations on the recipient of the data. We have signed SCCs with our relevant service providers outside Europe to ensure your data has equivalent protection even overseas. Where needed, we also implement additional technical and organizational measures (for example, encryption in transit and at rest, pseudonymization of data, limiting access strictly to what’s necessary) to further safeguard data in transit to third countries, in line with guidance from the European Data Protection Board. We also evaluate on a case-by-case basis whether in practice the law of the importing country might impinge on the effectiveness of these safeguards, and we take steps to mitigate any such risks (often referred to as “transfer impact assessments”).

Other Safeguards: In rare cases, we might rely on specific derogations under Article 49 GDPR for international transfers, for example, if a transfer is necessary to perform a contract with you, or with your explicit consent for a particular transfer after informing you of possible risks, or if the transfer is necessary for important reasons of public interest or to establish/exercise legal claims. These situations are exceptions and not the norm for our operations. We will document and inform you about any such transfers if they occur.

Access by Foreign Authorities: As noted in How We Share Your Data, any request from a non-EU authority for access to personal data will only be honored if it comes through proper legal channels (e.g. an MLAT or international agreement) and is binding under EU law. We will not voluntarily hand data to foreign governments, and we will challenge unlawful or overbroad requests to protect your rights.

You can request more information about international data transfers pertaining to your personal data. If you’d like to see a copy of the specific safeguards (e.g. SCCs) we have in place or know which countries your data might transit through, please contact us. We will be as transparent as possible, provided that disclosing details (like portions of contractual clauses) does not violate confidentiality or security obligations.

Data Retention

We will not keep your personal data for longer than necessary for the purposes for which we process it. In practice, this means:

Account Data: If you create a Matdags account, we retain your personal account information for as long as you maintain an account with us. If you decide to delete your account or stop using Matdags, we will delete or anonymize your personal data associated with your account, generally within 30 days of account deletion. (We keep it for this short period in case you mistakenly delete your account or need to retrieve information, and to complete the deletion process on our backups.) If your account is inactive for an extended period, we may contact you to ask if you wish to maintain it. Should we decide to remove inactive accounts, we will notify you in advance.
Tester / Survey Data: If you signed up as a beta tester or provided survey responses, we retain that data for the duration of the testing program or research project. If you withdraw from the test or once the test concludes, we will either delete your data or anonymize it, unless we have your permission to keep it (for example, if you transition into a regular user or agree that we can keep your feedback for future product development).
Usage Data: Data such as your inventory items, recipes, and reminders are kept as long as you are using the service so that we can provide the features to you. You have control within the app to delete certain data (for instance, you can remove or edit items in your pantry list, or clear your saved recipes). When you delete such items, they will no longer be accessible to the app. In our backend, we typically remove deleted user data from active databases promptly, though it might remain for a short period in backups (which are securely stored and eventually overwritten on a rolling schedule). Non-personal aggregated data (e.g. total counts or statistical insights derived from many users’ data) may be retained longer, since it does not identify you.
Communication Data: If you contact us via email or other channels, we may retain those communications and our responses for a period of time to effectively manage our relationship and in case we need to reference past correspondence. Typically, support emails are kept for up to 2 years, unless there’s an ongoing issue that requires keeping them longer. Feedback that you provide (e.g. through surveys) may be retained until it has been analyzed and incorporated into improvements, and then either deleted or archived in an anonymized form.
Logs and Technical Data: Our server logs and security logs (which may include IP addresses and device information) are usually retained for a short period, generally 90 days, for troubleshooting and security monitoring. In cases of security incidents, relevant logs may be kept longer until the issue is resolved and any investigations are concluded.
Legal and Compliance Records: We retain data as required by law or regulation. For example:
- Financial Records: Financial transactions (like payments for the premium version), invoicing and payment records are kept for at least 7 years after the end of the fiscal year in which they were made, in accordance with Swedish bookkeeping requirements. Even if you delete your account, we may need to retain certain information from the transaction (name, transaction date, amount, etc.) in our financial records until the legally mandated retention period expires. We will, however, not use that data for anything other than compliance (and will restrict access to it).
- Consent Records: If we rely on consent for certain processing (e.g. sending marketing emails), we may keep a record of your consent and its withdrawal (if applicable) for a period necessary to demonstrate our compliance. Typically, we’d keep such records for a few years after you withdraw consent, to be able to show we respected your preferences.
- Litigation & Enforcement: If we are involved in any legal dispute or if we reasonably believe there is a prospect of litigation or an official investigation relating to your data or use of our Services, we will retain the relevant information until the matter is resolved (and then only to the extent needed for any legal recovery or obligations).

After the applicable retention period has elapsed, and provided there is no other valid legal basis to keep the data, we will either securely delete or irreversibly anonymize your personal data. Anonymized data is no longer associated with you and may be used for analytical or statistical purposes without further notice to you.

If deleting data is technically not immediately feasible (for instance, stored in long-term backup archives), we will ensure it is isolated from further active processing and securely protected until deletion is possible.

Your Rights and Choices

As a user of Matdags and as a data subject under GDPR, you have a number of rights regarding your personal data. We are committed to honoring your rights. Below is a summary of those rights and how you can exercise them:

Right to Access: You have the right to request a copy of the personal data we hold about you, as well as information on how we process it. This is often called a Subject Access Request. Upon verification of your identity, we will provide you with a copy of your data in a commonly used format, and explain the purposes, categories of data, and any third parties with whom it’s shared (unless directly provided in this Policy).
Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to have it corrected or updated. For example, if you change your email or notice we misspelled your name, you can ask us to fix it. We strive to allow you to correct basic information yourself (e.g. through your account settings), but you can also contact us and we’ll make the corrections promptly.
Right to Erasure (“Right to be Forgotten”): You can request that we delete your personal data. This is not an absolute right, but we will comply if: the data is no longer needed for the purposes it was collected; you withdraw consent (and we have no other legal basis to keep it); you have a valid objection to our processing (see Right to Object); or we are required by law to erase your data. Please note, if you request deletion of your account data, this typically means we will need to close your account and you will no longer be able to use the Services. We will inform you if there are any categories of data we cannot completely delete (for instance, data we must keep for legal compliance like transaction records, or data stored in backups which will be deleted on the next scheduled cleanup). In any case, we won’t process retained data further and will keep it secure.
Right to Restriction of Processing: You have the right to ask us to restrict or pause the processing of your personal data in certain circumstances. For example, you may want us to restrict processing if you contest the accuracy of the data (until it’s verified or corrected), or if you have objected to processing (until we determine if our legitimate grounds override yours). When processing is restricted, we will store your data but not use it (other than to inform you or for certain legal reasons). We will also inform you before lifting any restriction.
Right to Data Portability: For data that you have provided to us and that we process by automated means based on your consent or on a contract, you have the right to get that data from us in a structured, commonly used, machine-readable format and you have the right to transmit that data to another controller. In practical terms, this means you can request an export of the personal data you actively provided (like your profile info and perhaps your inventory/usage data) so that you can, for instance, back it up or use it with a different service. Where technically feasible, you can also ask us to send it directly to another company. We will facilitate such requests to the extent possible.
Right to Object: You have the right to object to our processing of your personal data when that processing is based on legitimate interests (Art. 6(1)(f) GDPR) or public interest (Art. 6(1)(e)). If you lodge an objection, we will evaluate it and stop the processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is for the establishment, exercise or defense of legal claims. Importantly, you have an unconditional right to object to the processing of your personal data for direct marketing purposes at any time. If we send marketing emails or similar and you opt-out or object, we will cease using your data for that purpose immediately. In our app, if we ever rely on legitimate interests for any data use (like some analytics or improvement functions), you can object and we will consider if we can cease or limit that processing without affecting the service (or otherwise we may have to treat it as a deletion request if it’s integral to service). We will not refuse an objection without a clear justification.
Right to Withdraw Consent: In cases where we process your data based on your consent, you have the right to withdraw that consent at any time. For example, if you gave consent to receive newsletters, you can unsubscribe; if you gave consent to be a tester and be contacted, you can let us know you withdraw it. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it won’t affect processing that is based on other legal bases (e.g. if you withdraw consent for something optional, we may still process data for contractual service or legal reasons). We will act on consent withdrawals as quickly as possible.
Right not to be subject to Automated Decision-Making: As noted, we do not engage in any fully automated decision-making that produces legal or similarly significant effects. However, if we ever did, you would have the right to not be subject to such a decision without human intervention. This includes profiling-based decisions. You would also have the right to express your point of view and contest the decision. Given our current practices, this right is more theoretical because we simply don’t do that type of processing.

Exercising Your Rights: You can exercise these rights free of charge (unless requests are manifestly unfounded or excessive, in which case we might charge a reasonable fee or refuse). The easiest way is to contact us at info@matdags.se with your request. You can also write to us at our postal address (see Contact Us section). For certain requests like data access or portability, we may need to verify your identity to ensure we’re giving the data to the right person, we might ask for information that confirms you are the account holder or reply using the email we have on file. We will respond to your request as soon as possible and at the latest within one month of receipt. If your request is complex or if we have received many requests, we may extend the response deadline by up to two further months, but we will inform you within the first month if that is the case and explain why.

If we decide not to act on your request, we will provide an explanation. For example, if you ask for deletion but we are required by law to keep certain data, we will tell you that and only delete what we can. Or if you request access for data that involves others’ rights (like personal data of someone else), we might not be able to provide that if it would adversely affect others, but we would explain the situation.

We want to emphasize that your rights are very important to us. Please do not hesitate to reach out regarding any privacy questions or to exercise your rights. We are here to help and will do our utmost to accommodate your needs in line with legal requirements.

Right to Complain: If you believe that we have not handled your personal data properly or have not respected your rights, you have the right to lodge a complaint with a supervisory authority. Matdags is under the jurisdiction of the Swedish Authority for Privacy Protection, known as Integritetsskyddsmyndigheten (IMY). You can contact IMY via their website or in writing: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden. More information is available on IMY’s website (imy.se) about how to submit a complaint. If you reside or work in another EEA country, you may alternatively contact your local data protection authority. We would, however, appreciate the chance to address your concerns before you approach a regulator, so please consider reaching out to us first and we will try our best to resolve the issue to your satisfaction.

Data Security

We take security measures seriously to protect your personal data from loss, misuse, unauthorized access or disclosure, alteration, and destruction. Here are some of the key measures we have in place:

Encryption: All data transmitted between your device and our servers is protected by up-to-date encryption protocols (such as HTTPS/TLS). This means that when you enter information in the Matdags app or website, it is encrypted in transit. We also encrypt sensitive data at rest in our databases or storage, especially any secrets (for example, authentication tokens).
Access Controls: Access to personal data within our organization is restricted on a need-to-know basis. Only authorized personnel who require access to support you or operate the service have permission to view personal data, and they are bound by confidentiality obligations. We employ role-based access control so that, for instance, a developer debugging an issue may see technical logs but not user-identifying information unless absolutely necessary.
Secure Infrastructure: We host our application and databases with reputable cloud providers that implement high levels of physical and network security. We keep our systems updated with security patches. Our servers are protected by firewalls and monitoring systems to guard against intrusions. We also perform regular backups of data to prevent accidental loss, and those backups are secured.
Testing and Best Practices: We periodically review our security practices and update them in line with emerging threats and industry standards. This includes conducting vulnerability assessments or penetration tests on our application. Our development practices incorporate security checks (for example, input validation to prevent common attacks like SQL injection, and use of secure frameworks). We follow privacy by design and default principles, meaning we aim to build our systems to collect the minimum data needed and to protect data privacy from the ground up.
Incident Response: In the unlikely event of a data breach or security incident involving your personal data, we have a response plan in place. We will notify the affected individuals and relevant authorities (like IMY) as required by law. Our goal is to be transparent and help you take any precautionary measures if necessary. For example, if we suspect any misuse of your account, we will inform you and prompt you to secure your account (such as by changing password or other steps).
Personal Responsibility: We also advise you to take steps to protect your own data. For instance, use a strong, unique password for your Matdags account (if applicable) and do not share it. Keep your device secure (e.g. use a device passcode or biometric lock). Be cautious of phishing attempts, Matdags will never ask you for your password via email, and any important communications will come from our official domain. If you suspect any unauthorized access to your account or have security concerns, please contact us immediately. We will work with you to investigate and address the issue.

No system can be 100% secure, but we strive to reduce risks. We also keep an eye on the latest security advisories and will update our safeguards as needed. Your privacy and data security are top priorities for us.

Third-Party Links and Services

Our Services may contain links to third-party websites or integrations (for example, a link to a partner’s site, or social media buttons to share content). If you follow a link to any of those external sites, please be aware they have their own privacy policies, and we are not responsible for their content or practices. We encourage you to read the privacy notices of any third-party services you interact with. This Privacy Policy applies solely to data processed by Matdags. If in the future our app integrates with third-party services (for example, if you could directly import data from a retailer or export recipes to a shopping list app), we will clearly inform you and obtain any necessary consents. We will also ensure any such integration protects your data in line with GDPR requirements through appropriate agreements.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make important changes, we will notify you in an appropriate manner. For example, we might post a prominent notice on our website or within the app, and/or email you if the changes are significant or require your consent. The “Last updated” date at the top will always indicate when the latest changes were made. We encourage you to review this Policy periodically to stay informed about how we are protecting your data.

If we propose to use your personal data for a new purpose not covered by this Policy, we will provide you with a new notice explaining all relevant conditions and legal basis, and obtain your consent if required.

By continuing to use the Services after a new version of the Policy takes effect, you will be deemed to have accepted the updated terms, to the extent permitted by law. If you disagree with any changes, you should stop using our Services and you may request that we delete your data.

Contact Us

Thank you for reading our Privacy Policy. Your trust is important to us, and we aim to protect your personal data accordingly. If you have any questions, concerns, or requests regarding your personal data or this Policy, please do not hesitate to contact us:

Matdags Technologies AB
Attn: Privacy Team
Edsviksvägen 31E
182 33 Danderyd
Sweden

Email: info@matdags.se
Website: www.matdags.se

We will be happy to assist you with any inquiries.

This Privacy Policy is written in English. If it is translated into other languages, the English version will prevail in case of any inconsistencies. We strive to use plain language so it’s easy to understand, and we welcome feedback if anything is unclear.