PopBy Privacy Policy

Last updated: 30 July 2025

1. Introduction

Welcome to PopBy (“we”, “our”, “us”). This Privacy Policy governs your access to and use of our mobile application and related services (“Service”) and sets out how we collect, process, store, and share your personal data. This Policy is intended to comply with and reflect the requirements of the European Union (EU) General Data Protection Regulation (GDPR) and applicable Swedish data protection laws, as well as other relevant EU legislation governing privacy and data security. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Scope

This Policy applies to all users of PopBy, regardless of their place of residence. It governs the collection and processing of personal data in connection with the Service for users located in Sweden and throughout the European Economic Area (EEA). In instances where national legislation provides additional or stricter protection, the applicable local laws shall prevail.

3. Data Controller and Contact Information

PopBy is the data controller with respect to your personal data. For inquiries regarding this Privacy Policy or your personal data, please contact our Data Protection Officer (DPO) at:

Email: [email protected]

4. Personal Data We Collect

4.1. Information You Provide Directly

Account Registration Data: Name, email address, phone number, postal address, username, and password.
Profile Information: Photographs, user bio, and other details you choose to share.
Content Submission: Messages, reviews, ratings, and any content you post on the Service.
Transactional Data: Payment details, order history, or transactional data as required for in-app purchases or subscriptions.
Support Requests: Any correspondence with our customer support team.

4.2. Information Collected Automatically

Device Information: Device type, operating system, unique device identifiers, mobile network information, and app installation data.
Usage Data: Interaction logs, IP address, location data (with your consent), browser type, pages viewed, clickstream data, and other technical data collected via cookies and similar technologies.
Location Data: Precise or approximate geolocation data derived from your device’s GPS, Wi‑Fi, or IP address, used primarily to provide hyperlocal content and services. This collection will only occur with explicit user consent.

4.3. Third-Party Sources

Social Media Accounts: Data obtained from third-party social networks if you choose to register or link your account through those platforms.
Analytics Providers: Data provided by third-party analytics services to assist in improving the Service and our marketing efforts.

5. Legal Basis for Processing

We process personal data based on the following legal grounds:

Consent: Where you have provided explicit consent (e.g., for location tracking or marketing communications).
Contractual Necessity: Where processing is necessary for the performance of a contract (e.g., to create and manage your user account).
Legal Obligations: Where processing is required under applicable law.
Legitimate Interests: Where processing is necessary for the purposes of our legitimate interests, including service improvements, fraud prevention, and secure operation of the Service, provided such interests are not overridden by your fundamental rights and freedoms.

6. Use of Your Personal Data

Your personal data may be used for the following purposes:

Provision and Maintenance: To operate, maintain, and improve the Service.
Personalization: To tailor content and advertisements relevant to your location and interests.
Communication: To send updates, newsletters, and information regarding changes to our policies or the Service. You may opt out of non‑essential communications at any time.
Analytics and Research: For research and analytical purposes to better understand how users interact with the Service and to enhance the overall user experience.
Security: To detect and prevent fraud and maintain system integrity.
Legal Compliance: To comply with our legal obligations and enforce our terms and conditions.

7.1. Third-Party Service Providers

We may share your information with trusted third-party service providers that assist in the operation of the Service, such as:

Hosting Providers: For data storage and processing.
Analytics Services: To monitor usage and improve performance.
Payment Processors: To facilitate transactions.
Customer Support Tools: To provide assistance and communication.

Third-party providers are contractually obligated to treat your personal data in accordance with this Privacy Policy and applicable laws.

7.2. Legal Requirements and Safety

We may disclose your personal data if required to do so by law or in response to a valid legal request, such as a subpoena, court order, or governmental demand to protect the rights, property, or safety of PopBy, its users, or the public.

7.3. International Transfers

Personal data processed by PopBy may be transferred to countries outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards, such as standard contractual clauses or other legally recognized mechanisms, are implemented to ensure that your data remains protected.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law. Criteria used to determine the retention period include the duration of our contractual relationship, any legal obligations, and our legitimate business interests. After the expiry of such period, your data will be securely deleted or anonymized.

9. Your Rights

In accordance with the GDPR and applicable Swedish data protection laws, you have the following rights:

Right to Access: You can request access to your personal data held by us.
Right to Rectification: You have the right to correct any inaccuracies in your personal data.
Right to Erasure (“Right to be Forgotten”): Under certain circumstances, you may request the deletion of your personal data.
Right to Restrict Processing: You may request the limitation of processing under specific conditions.
Right to Data Portability: You have the right to request a copy of your data in a structured, commonly used, and machine‑readable format.
Right to Object: You may object to certain types of processing, including direct marketing.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact our DPO using the contact details provided above. We may request additional information to confirm your identity before processing your request.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

Data Encryption: In transit and at rest.
Access Controls: Restrictive access policies and authentication mechanisms.
Regular Audits and Monitoring: Periodic evaluations of our systems and infrastructure to ensure data integrity and security.
Employee Training: Regular training programs to ensure compliance with data protection practices.

Despite these measures, no security system is impervious. You acknowledge that absolute security cannot be guaranteed, and we assume no liability for any unauthorized access that occurs despite our best efforts.

11. Use of Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies on our Service to enhance user experience and collect usage data. Cookies are small data files stored on your device that enable us to remember your preferences and improve the functionality of the Service. You may control or disable cookies by adjusting your browser settings; however, please note that some parts of the Service may not function properly without them.

12. Third-Party Links

Our Service may include links to third-party websites, plug‑ins, or applications. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third‑party sites you visit.

13. Children’s Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal data from children without verifiable parental consent. If it is discovered that personal data of a child under 16 has been inadvertently collected, we will take prompt steps to delete such information. Parents or guardians who believe that their child’s information may have been collected should contact us immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal obligations, or technological advancements. When material changes are made, we will notify you by updating the “Effective Date” at the top of this Policy and, where appropriate, by providing a notice within the Service. Continued use of the Service after such updates constitutes your acceptance of the revised Privacy Policy.

15. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of Sweden and applicable EU regulations. Any disputes arising from this Privacy Policy or the processing of personal data shall be resolved in the courts of competent jurisdiction in Sweden, unless otherwise required by mandatory provisions of applicable law.

16. Contacting Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact our Data Protection Officer at:

Email: [email protected]

Final Note

By using PopBy, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices as described herein.