PRIVACY POLICY — Gemma

Effective date: [DATE]
Company: Gemma App AB (“Gemma”, “we”, “us”)
Org. no.: 1234-56789
Address: Brännkyrkagatan 40, Stockholm, Sweden
Contact: support@gemma-app.com (recommended: privacy@gemma-app.com)
Website: www.gemma-app.com

1. About this policy

This Privacy Policy explains how Gemma collects, uses, shares, and protects personal data when you use the Gemma mobile application (the “App”) and our website (the “Website”).

Platform terms: Where applicable, your use of the App may also be subject to platform terms (such as Apple’s standard End User License Agreement (EULA)).

2. What we collect

We collect the following categories of personal data:

A) Account & profile data

• Name

• Email address

• Profile photo

• City (profile field)

• Authentication information from Apple Sign In / Google Sign In (e.g., a unique identifier provided by them)
  
  

B) Location data (optional and controlled by you)

If you enable location permissions, we may collect precise location data to support core features (such as nearby discovery and location-relevant functionality).
You can choose whether location access is Always, While Using the App, or Off in your device settings.

C) User-generated content

• Reviews you write

• Photos you upload

• Lists you create (including collaborative lists)

• Interactions within the App (e.g., follows, likes, saves, comments if enabled)
  
  

D) Device & diagnostics data

• Device information (e.g., device model, OS version)

• Log data, crash reports, and performance data (used for troubleshooting, security, and improving the App)
  
  

E) Support communications

• Information you provide when contacting support (e.g., messages, screenshots, and related details)

3. How we use your data

We use personal data to:

• Provide and operate the App (restaurant discovery, lists, following, reviews)

• Create and manage accounts and authentication

• Enable social features (follower requests/approvals, shared lists, follower-only content)

• Moderate content and enforce our community rules

• Troubleshoot, secure, and improve the App (including diagnostics and, if enabled, analytics)

• Communicate with you (support and important service messages)

• Comply with legal obligations
  
  

4. Social visibility (limited public profile vs. follower-only content)

The App is designed with private-by-default social features, with a limited public profile for discovery.

Visible to other users even before they follow you

• Your name

• Your city

• Your profile photo
  
  

Visible only to users you approve as followers

• Your reviews, photos, and lists (including collaborative lists)

• Your social activity related to your account within the App (as applicable)
  
  

Other users may request to follow you. You can approve or reject follower requests in the App. Please be mindful that content you share becomes accessible to approved followers within the Service.

5. Legal bases (EEA/UK)

If you are in the EEA/UK, we process personal data based on one or more of:

• Contract (to provide the App features you request)

• Legitimate interests (security, preventing abuse, improving the Service)

• Consent (where required, including certain device permissions such as location)

• Legal obligation (where applicable)
  
  

6. How we share your data

We may share your data in these situations:

A) Service providers

We use vendors to operate the App (for example, backend/hosting such as Supabase, and map services such as Apple Maps). We may add additional providers (e.g., analytics such as Mixpanel) in the future. These providers process data on our behalf, under appropriate contractual terms.

B) With other users in the App

A limited public profile (name, city, profile photo) is visible for discovery. Your other content (reviews, photos, lists) is intended to be visible only to users you approve as followers.

C) Legal and safety reasons

We may share data if required by law, lawful requests, or to protect the rights, safety, and security of users, Gemma, and the public.

We do not sell your personal data.

7. International transfers

We are based in Sweden, but some service providers may process data outside your country. Where required (especially for EEA/UK), we use appropriate safeguards for international transfers (such as Standard Contractual Clauses).

8. Retention

We keep personal data only as long as necessary for the purposes described in this Policy, including:

• While your account is active
  
  

• As needed for security, legal compliance, and dispute resolution
  
  

If you delete your account, we will delete or anonymize personal data unless we must retain certain data for legal reasons.

9. Your choices & rights

Your choices

• Location permissions: You can choose Always / While Using / Off in iOS settings.
  
  

• You may be able to edit certain profile information in the App.
  
  

Your rights (EEA/UK)

Depending on where you live, you may have rights to request access, correction, deletion, restriction, portability, or to object to certain processing. You also have the right to lodge a complaint with your local data protection authority. In Sweden, this is IMY (Integritetsskyddsmyndigheten).

To exercise rights, contact: support@gemma-app.com (recommended: privacy@gemma-app.com).

10. Security

We use reasonable technical and organizational measures designed to protect your data. No system is completely secure, and we cannot guarantee absolute security.

11. Children

The App is not intended for children under 13. If we learn we have collected personal data from a child under 13, we will take steps to delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice in the App or on the Website and update the effective date.

13. Contact

Gemma App AB (Org. no. 1234-56789)
Brännkyrkagatan 40, Stockholm, Sweden
Email: support@gemma-app.com