← Back to TassaIn

Privacy Policy

Effective date: 10 June 2026 · Version 1.0

1. Introduction and scope

This Privacy Policy applies to TassaIn, a service that helps you discover pet-friendly places in Sweden, available at tassain.app (the "Service"). It describes how we collect, use, store, and protect personal data when you visit or use the Service, and explains the rights you have under the EU General Data Protection Regulation ("GDPR").

We have designed the Service around data minimisation: we collect only the personal data necessary to provide and secure the Service, and nothing more. You can browse TassaIn freely without an account, in which case we collect no account data about you.

2. Data controller

The data controller responsible for the processing of personal data described in this policy is the operator of TassaIn.

For all matters relating to this policy or your personal data, contact:

Email: hello@tassain.se

3. Categories of personal data we collect

3.1 Account data

When you create an account, we collect:

  • Name
  • Email address
  • Password — stored exclusively in hashed (encrypted, one-way) form. At no point do we have access to your password in readable form.

3.2 Verification data

To confirm your account, a one-time passcode (OTP) is sent to your email address. This code is valid for a limited time and used solely for verification.

3.3 User-generated content

Where these features are available, we process content you actively choose to submit through the Service, such as place suggestions, reviews, ratings, and photographs, together with the account name under which it is published.

3.4 Location data

If you choose to use location-based features such as "Near me", and only after you have granted permission through your device, we process your approximate or precise location. Location data is processed in real time solely to display nearby places. It is not stored, logged, or used for any other purpose. You may withdraw this permission at any time in your device or browser settings.

3.5 Technical data

When you access the Service, our infrastructure providers automatically process limited technical data required to deliver the Service securely and reliably, such as IP address, browser type and version, device type, and timestamps of requests.

4. Purposes and legal bases for processing

We process personal data only where a valid legal basis under the GDPR exists:

  • To create, manage, and secure your account and sign you in, we process your account and verification data. This is necessary to perform our contract with you.
  • To send essential service communications, such as your account confirmation code, we process your email address. This is necessary to perform our contract with you.
  • To show places near you, we process your location data, based on your consent. You may withdraw this consent at any time in your device settings.
  • To publish and display content you submit, such as reviews, we process that content together with your account name. This is necessary to perform our contract with you.
  • To keep the Service secure and prevent abuse and fraud, we process technical data. This is based on our legitimate interest in protecting the Service and its users.

We do not sell personal data. We do not use personal data for advertising or marketing profiling.

5. Recipients and data processors

We engage a limited number of carefully selected service providers (data processors) that process personal data strictly on our documented instructions and under data processing agreements as required by the GDPR:

  • A database and authentication provider — all account data is stored within the European Union.
  • An email service provider, for the delivery of service communications from hello@tassain.se.
  • A map service provider, for rendering the interactive map. When the map loads, your device communicates directly with this provider, which may process technical data such as your IP address.
  • A hosting and content delivery provider, for the secure delivery of the Service.

6. International data transfers

Your account data is stored and processed within the EU. Some providers may process limited technical data outside the EU/EEA; where this happens, it is protected by safeguards approved under the GDPR, such as the EU–US Data Privacy Framework or the EU's Standard Contractual Clauses.

7. Data retention

We keep personal data only for as long as necessary. Account data is deleted without undue delay when you delete your account. Verification codes expire after use or after a short validity period. Location data is never stored. Content you have published (such as reviews) may be anonymised rather than deleted when an account is closed, so the Service remains useful to others. Technical logs are kept for limited periods for security and operational purposes.

8. Data security

We protect personal data with appropriate technical and organisational measures, including encryption in transit and at rest, hashed password storage, strict database access controls, and data minimisation throughout the Service. No method of transmission or storage is completely secure, but we continuously review and improve our safeguards.

9. Your rights as a data subject

Under the GDPR, you have the right to: access the personal data we hold about you; correct inaccurate data; delete your data ("right to be forgotten"); restrict or object to certain processing; receive your data in a structured, machine-readable format (data portability); and withdraw consent at any time, where processing is based on consent.

Requests may be submitted to hello@tassain.se. We respond within one month, as required by the GDPR. Exercising your rights is free of charge.

If you consider that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority in Sweden is Integritetsskyddsmyndigheten (IMY), Box 8114, 104 20 Stockholm, www.imy.se.

10. Cookies and similar technologies

The Service uses only cookies necessary for its operation and security, such as keeping you signed in and protecting the Service from automated abuse. Our hosting provider may produce aggregate visit statistics (such as page views) that do not identify individual visitors. We do not use advertising cookies or cross-site tracking. Should this change, this policy will be updated and consent will be obtained where required by law.

11. Age requirement

The Service is intended for adults. You must be at least 18 years old to create an account or submit content. We do not knowingly collect personal data from anyone under the age of 18. If you believe a person under 18 has provided us with personal data, please contact us at hello@tassain.se.

12. Changes to this policy

We review this policy regularly and may update it as the Service evolves or as legal requirements change. The effective date and version number above always identify the current version. In the event of material changes affecting how your personal data is processed, registered users will be informed by email or through the Service before the changes take effect.

13. Contact

For any questions regarding this Privacy Policy or the processing of your personal data:

TassaIn

hello@tassain.se