Privacy Policy

Last updated: 21 April 2026

This Privacy Policy explains how Koeda Studio AB ("we", "us") processes personal data when you use the Court In mobile app and website (the "Service"). We are established in Sweden and act as the data controller under the EU General Data Protection Regulation (GDPR).

1. Data we collect

  • Account data: name, email address, password (hashed), and an optional profile photo. Your email and name are required to create and use an account; your profile photo is optional.
  • Content you create: event details, invitations, friend connections, friend tags, and notification content.
  • Device data: push notification tokens and basic device identifiers, used only to deliver notifications you have enabled. Push is optional and depends on operating-system permission.
  • Profile photo access: the app uses your device camera or photo library only when you choose to set a profile photo, and only the image you select is uploaded. The app does not access your photo library in the background.
  • Beta mailing list: the email address you submit on our website to request a beta invite — see section 7.
  • Technical logs: IP address, app version and basic diagnostic logs, generated automatically by our servers and kept for security and troubleshooting.

2. Data from other people

When an existing user invites you to an event or adds you as a friend, they may enter your email address or name so we can deliver the invitation. In that case we process your personal data even though you did not give it to us directly. We use it only to send the invitation and to link it to your account if you sign up. If you do not want to receive further invitations from that user, you can decline the invite in the app, or contact us to have the pending invitation removed.

3. How we use data and legal bases

  • To provide and operate the Service, including creating and managing your account, events, invitations and friend connections (contract, GDPR Art. 6(1)(b)).
  • To send invitations, event updates, and the notifications you have enabled (contract, Art. 6(1)(b)).
  • To keep the Service secure and prevent abuse, and to maintain technical logs (legitimate interest, Art. 6(1)(f)).
  • To send beta invites and sparse product updates to the mailing list (consent, Art. 6(1)(a)).
  • To comply with legal obligations (Art. 6(1)(c)).

4. Sharing and processors

We share data only with service providers ("processors") who help us run the Service under written data-processing agreements:

  • Backend hosting: our PocketBase backend (account, event and invitation data) is hosted on a cloud infrastructure provider.
  • Push notifications: Apple Push Notification service (Apple Inc.) for iOS and Firebase Cloud Messaging (Google Ireland Ltd.) for Android.
  • Transactional and mailing-list email: Resend (email delivery provider) is used to send beta-signup notifications and, once the beta opens, the mailing-list emails described in section 7.
  • Website font delivery: our marketing website loads webfonts from Google Fonts (Google Ireland Ltd.). When your browser requests these fonts, Google receives your IP address. The app itself does not load Google Fonts.

Where data is transferred outside the EU/EEA, we rely on the European Commission's Standard Contractual Clauses and on any applicable adequacy decisions.

5. Retention

We keep personal data only for as long as we need it for the purposes above:

  • Account data (name, email, hashed password, profile photo): for as long as your account exists. If you delete your account, this data is removed from our live systems immediately.
  • Events, invitations, friend connections, friend tags: kept while relevant to you and the other participants. When you delete your account, your records in these collections are deleted or anonymised; entries that other users still need (for example, a past event they attended) may remain in anonymised form.
  • Push notification tokens: until you disable push notifications, uninstall the app, or delete your account — whichever comes first. Stale tokens returned as invalid by APNs/FCM are removed automatically.
  • Beta mailing list email addresses: until you unsubscribe or ask us to remove you. A minimal suppression record (email address and unsubscribe date) may be kept to avoid re-adding you.
  • Server and security logs: typically up to 30 days, longer only if needed to investigate a specific incident.
  • Backups: encrypted backups are rotated and fully purged within 30 days, so deleted data disappears from backups within that window.

We may keep specific records longer where required by law (for example, accounting rules) or to establish, exercise or defend legal claims.

6. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict or object to processing of your personal data, and to data portability. You can exercise these rights, or delete your account, by using the in-app option described in section 8 or by contacting us at the address at the end of this policy. You can also withdraw any consent you have given (for example, your consent to the mailing list) without affecting the lawfulness of earlier processing. You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

7. Beta mailing list

If you submit your email address on our website to request a beta invite, we add it to our mailing list. The legal basis is your consent (GDPR Art. 6(1)(a)), given by submitting the form after reading the notice next to it.

We use this mailing list only to:

  • send you your beta invite when it becomes available, and
  • send occasional, sparse product updates about Court In (a few per year at most).

We do not share these email addresses with third parties for marketing, and we do not use them for advertising. We retain your address on the list until you unsubscribe or ask us to remove it.

How to unsubscribe: every email we send includes an unsubscribe link. You can also email [email protected] to be removed. Once you unsubscribe, we stop sending mailing list emails and delete your address from the list; we may keep a minimal suppression record so we don't accidentally re-add you.

8. Deleting your account

You can delete your Court In account at any time from within the mobile app. Deleting your account permanently removes your profile, the events you created, invitations you sent, friend connections, friend tags and push notification tokens. Entries that other users still need to see (for example, a past event they attended) may remain in anonymised form so shared history stays consistent.

How to delete your account from the app:

  1. Open the Court In app and sign in to the account you want to delete.
  2. Tap the Profile tab in the bottom navigation.
  3. Tap Edit Profile.
  4. Scroll to the bottom of the screen.
  5. Tap Delete Account.
  6. Confirm the deletion in the dialog that appears.

The deletion is immediate: you will be signed out and your account data will be removed from our live backend. Backups containing your data are rotated and fully purged within 30 days. If you cannot access the app (for example, because you lost access to your email), you can request deletion by emailing [email protected] from the address associated with your account.

9. Children

The Service is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we learn that we have collected such data without appropriate consent, we will delete it.

10. Security

We use appropriate technical and organisational measures, including encryption in transit and hashed passwords, to protect your personal data.

11. Changes

We may update this Privacy Policy from time to time. Material changes will be announced in the app or on this page, and we will update the "Last updated" date above.

12. Contact

Koeda Studio AB
Email: [email protected]