Privacy Policy

Last updated: January 16, 2026

Scope: This privacy policy applies to the Sammen mobile apps (iOS and Android), the web app at sammen.app, and all related services.

Our Commitment

At Sammen, privacy isn't just a feature—it's fundamental to everything we do. We believe that planning gatherings with friends should be simple, private, and secure. This policy explains how we handle your information across all our services.

Information We Collect

When You Use Sammen (Mobile or Web)

  • Account Information: Your email address and display name
  • Profile Data: Avatar image (if you choose to upload one)
  • Event Data: Events you create, including title, description, location, date/time, and cover images
  • RSVP Data: Your responses to event invitations
  • Connections: Other Sammen users you've connected with in the app
  • Lists: Your Favorites and any custom lists you create to organize connections
  • Device Information: Basic device type for providing the best experience

When You RSVP as a Guest (Without an Account)

  • Display Name: The name you enter when RSVPing
  • RSVP Status: Your response (going, maybe, or can't go)
  • Edit Token: A unique identifier stored in your browser so you can modify your RSVP later
  • IP Hash: A scrambled version of your IP address for abuse prevention (we don't store your actual IP)

When You Visit Our Website

  • Usage Data: Basic analytics to understand traffic (no personal tracking)
  • Device Type: Whether you're on mobile or desktop (for proper redirects)

How We Use Your Information

  • To provide the Sammen service and enable event planning
  • To send you notifications about events you're invited to (only with your permission)
  • To send transactional emails (verification, deletion confirmations, etc.)
  • To authenticate you and keep your account secure
  • To improve our services based on aggregated, anonymous usage patterns

What We Don't Do

  • We don't sell your data—ever
  • We don't track you across the internet
  • We don't show you ads
  • We don't share your information with third parties for marketing
  • We don't use analytics that compromise your privacy
  • We don't access your contacts without permission

Data Storage and Security

We use industry-standard encryption to protect your data both in transit and at rest. Your events and personal information are secured using the same technology trusted by banks. All data is stored in secure data centers with regular backups.

Your Rights and Control

You have complete control over your data:

  • Access: Request a copy of all your data at any time
  • Correction: Update your profile and event information
  • Deletion: Delete your account and all associated data
  • Portability: Not currently available
  • Opt-out: Control notification preferences

Guests

You can modify or withdraw your RSVP from the same device/browser you used originally. Lost access? Contact us and we'll help remove it.

Data Retention

  • Active Accounts: We keep your data as long as your account is active
  • Event Data: Past events are retained for your reference unless you delete them
  • Guest RSVPs: Retained for the life of the event; deleted when the event is deleted or when the host removes them
  • Deleted Accounts: All data is permanently removed within 30 days of account deletion
  • Backups: Backup data is purged within 90 days

Third-Party Services

We use minimal third-party services to provide a reliable experience:

  • Supabase: For authentication and data storage (GDPR compliant)
  • Vercel: For hosting our website (no personal data collected)
  • Resend: For email delivery (verification, notifications)
  • Friendly Captcha: For spam protection on forms (privacy-focused, GDPR-compliant, no tracking)
  • Apple/Google: For app distribution only (we don't share your data with them)

Cookies and Tracking

Our mobile app does not use cookies; it stores authentication tokens securely on your device (e.g., iOS Keychain / Android Keystore). Our website does not set cookies, but uses browser local storage to remember your language preference and, if you RSVP as a guest, to store an edit token so you can modify your response later. External identity providers used during sign‑in may set their own cookies in the system browser; these are not used by the app.

Children's Privacy

Sammen is not intended for children under 13. We don't knowingly collect information from children under 13. If we discover we've collected such information, we'll delete it immediately.

International Data Transfers

Your data may be processed in data centers located in the United States and European Union. We ensure all transfers comply with applicable data protection laws.

California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information we collect and the right to opt-out of any sale of personal information (though we never sell your data).

European Privacy Rights (GDPR)

If you're in the European Economic Area, you have rights under GDPR including access, rectification, erasure, and data portability. Contact us to exercise these rights.

We process your data based on: contract (providing the service), consent (notifications and optional features), and legitimate interest (security and abuse prevention).

Changes to This Policy

If we make changes to this policy, we'll notify you via email and update the "Last updated" date above. We'll never make changes that reduce your privacy without your explicit consent.

Data Protection Officer

Philip Kartin
Email: philip@sammen.app
Sammen App, Copenhagen, Denmark

Contact Us

Questions about privacy? We'd love to hear from you at philip@sammen.app