Legal
Privacy Policy
Last updated: 14 May 2026
This Privacy Policy explains how Appdaso Sweden AB (“we”, “us”, “our”) collects, uses, and protects personal data when you use SquadSpace — our sports team management platform available at squadspaceapp.com and via our mobile applications.
We are the data controller responsible for your personal data. We are committed to handling your data transparently and in compliance with the EU General Data Protection Regulation (GDPR) and applicable Swedish law.
1. Who we are
Appdaso Sweden AB
Sweden
Email: contact@squadspaceapp.com
2. Data we collect
We collect the following categories of personal data:
Account data
- Email address and password (hashed) when you register
- Display name or profile name you provide
Team and member data
- Team name, sport type and team settings
- Player names, jersey numbers and assigned roles
- Attendance records and RSVP responses
- Match results and statistics you record
Communication data
- Messages sent in team chat
- Posts, polls and comments on the notice board
Payment data
- Payment records and amounts for team collections
- Card payments are processed by Stripe — we never store card numbers or full payment credentials
Technical and usage data
- IP address, browser type and device information
- Pages and features accessed, session timestamps
- Error logs for debugging
3. How we use your data
We use your personal data to:
- Provide, maintain and improve the SquadSpace service
- Authenticate you and keep your account secure
- Enable team collaboration, event scheduling and communication
- Process payments and send payment confirmations
- Send service notifications and important account emails
- Investigate and resolve support requests
- Comply with legal obligations
4. Legal bases for processing (GDPR)
- Contract performance (Art. 6(1)(b)): Processing your account, team and event data is necessary to deliver the service you signed up for.
- Legitimate interest (Art. 6(1)(f)): Improving our service, preventing fraud and ensuring platform security.
- Legal obligation (Art. 6(1)(c)): Retaining financial records as required by Swedish accounting law.
- Consent (Art. 6(1)(a)): For optional marketing communications, where we ask for your explicit consent.
5. Data sharing and third parties
We share data with the following trusted sub-processors, all of which have Data Processing Agreements compliant with GDPR Article 28:
- Supabase — database hosting and authentication. Our primary database runs in the EU (Frankfurt, eu-central-1).
- Stripe — payment processing (PCI-DSS Level 1). Stripe is also our sub-processor for connected accounts in Stripe Connect (your club's Stripe account country determines where payment data is processed).
- Vercel — web application hosting and CDN.
- Expo (Expo Application Services) — push notification delivery for the mobile apps.
- Apple / Google — mobile app distribution via the App Store and Google Play, and underlying push notification infrastructure (APNs/FCM).
We do not sell your personal data to third parties. We do not use your data for advertising. We do not use third-party analytics or tracking tools.
6. Data retention
- Account and team data: Retained for as long as your account is active. Deleted within 30 days of account deletion upon request.
- Financial records: Retained for 7 years as required by Swedish bookkeeping law (Bokföringslagen).
- Chat messages and posts: Deleted when the team or account is deleted.
7. Your rights under GDPR
As a data subject in the EU/EEA, you have the following rights:
- Access: Request a copy of the personal data we hold about you. You can do this yourself at any time via Settings → Download my data in the web dashboard or the mobile app — no request needed.
- Rectification: Ask us to correct inaccurate data.
- Erasure: Delete your account directly from Settings → Delete my account in the web dashboard or the mobile app (“right to be forgotten”). Financial records may be retained for the period required by Swedish bookkeeping law.
- Data portability: The data export (above) is a structured JSON file suitable for import elsewhere.
- Object to processing: Object to processing based on legitimate interest.
- Restriction: Request that we restrict processing in certain circumstances.
- Withdraw consent: Withdraw any consent you have given at any time.
To exercise any rights not available in-app, contact us at support@squadspaceapp.com. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.
8. Cookies
We use essential cookies to keep you logged in and remember your preferences. No advertising or tracking cookies are used. For full details, see our Cookie Policy.
9. Data security
We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, row-level security in our database, and access controls. However, no system is completely secure — if you believe your account has been compromised, contact us immediately.
10. Children
SquadSpace is not directed at children under 13. Team admins may add player profiles for minors as part of managing a youth sports team. In those cases, the team admin (typically a coach or club official) is responsible for having the appropriate legal basis — such as parental consent — for adding that data.
11. Changes to this policy
We may update this policy from time to time. When we make significant changes we will notify you by email or via an in-app notice. The date at the top of this page always reflects the latest update.
12. Contact
For any questions about this Privacy Policy or how we handle your data:
contact@squadspaceapp.com
Appdaso Sweden AB, Sweden