Privacy Policy - Copl
Version 3.2 - effective from 2026-06-29
This policy explains what Copl does with the data you and your partner enter in the app. We've tried to write it in plain language - if anything is unclear, get in touch.
Note: this is an English translation of the Swedish original. The Swedish version is the authoritative one in case of any discrepancy. Synchronize both files when updating the policy.
Who is responsible
Pontus Brunzell, sole trader (enskild näringsidkare), is the data controller for Copl. (Business registration number available on request.)
Contact: copl-app@outlook.com
Note during development: when the app moves to a company structure, this section will be updated with company name, registration number, and contact details.
Summary for the impatient
- You and your partner are the only ones who see your content. Not us.
- No ad SDKs, no analytics, no trackers. None.
- All database content is stored in Sweden (Supabase, Stockholm region). Push notifications pass through Apple/Google on the way to your phone (see section 3).
- You can at any time view all data about you, export it, or delete your account.
- Sensitive data (intimacy, family notes, agreements, appreciations) is end-to-end encrypted since 2026-05-23. Not even we as operators can read the content.
1. What we collect
1.1 When you create an account
| Item | What it is | Why we need it |
|---|---|---|
| Email address | Your email | Login and account verification. We send one-time codes there. If you sign in with Apple or Google we receive the address from them (Apple may give you a relay address that hides your real one). |
| Password (if you create an account with email) | Your chosen password | Login. Never stored in plain text - only as a cryptographic hash with Supabase Auth. We cannot see it. |
| Nickname | What your partner sees | So the app can say "Eva added a task" instead of an ID number |
| Anonymous account ID | Random UUID | Internal - links you to your data |
We never ask for:
- Real first or last name
- Phone number
- Address
- Date of birth or age
- Gender
- Profile photo (an optional avatar is possible but not required)
1.2 When you use the app
The content you and your partner enter:
- Tasks, to-do lists, shopping lists
- Calendar events
- Family information (children's names, shoe sizes, doctors, allergies)
- Meal planning
- Workout logs
- Weekly routines
- Homework
- Budget (income, expenses)
- Agreements between you
- Appreciations you send each other
- Daily and weekly mood check-ins
- Intimacy data (logs, preferences, goals) - only if you actively enable the module
- Reminders you send each other
- Short messages
We don't ask for any of this - you choose what to enter.
If you enter information about someone else (e.g. your partner or your children in the family module), you are responsible for having the right to do so. Our legal basis for storing it is to perform the contract with you (Art. 6.1.b); for sensitive data (e.g. allergies), your explicit consent (Art. 9.2.a).
1.3 Technical data
- Push token for the device (so we can send notifications to that device)
- Device type (iOS/Android, for debugging). App version is only included if you submit feedback via "Suggest".
- Timestamps on your actions (when you logged in, when a row was created)
1.4 What we do not collect
- Location (GPS, IP-based geolocation)
- Contacts / address book from your phone
- Behavioral tracking or analytics
- Advertising identifiers (IDFA, GAID)
- Cookies (neither the app nor the website uses cookies or tracking)
- Bank transactions or card details
- Health data beyond what you yourself log in the intimacy module
About the website (coplapp.com): it sets no cookies and has no analytics or tracking. The only thing stored is your language choice (Swedish/English), saved locally in your browser (localStorage). This is a functional setting, not tracking, and therefore requires no consent. The site is static and served via GitHub Pages, with DNS via Cloudflare - these providers may keep normal technical access logs (IP address) to deliver the site, but we do not access them and nothing is linked to your app account.
Waitlist: if you voluntarily submit your email to the waitlist, we store it (with your consent, GDPR Art. 6.1.a) only to notify you when Copl launches. We send no other emails, and the list is deleted after launch. You can ask us to remove your address at any time (copl-app@outlook.com).
2. Why we process data - legal basis
Per purpose:
| Purpose | Legal basis (GDPR) |
|---|---|
| Create account, log in | Contract (Art. 6.1.b) - you enter into an agreement with us to use the app |
| Store your entries and show them to your partner | Contract |
| Send push notifications about tasks and events | Legitimate interest (Art. 6.1.f) - the app would be meaningless without notifications; minimal impact on you |
| Store intimacy data | Explicit consent (Art. 9.2.a) - you actively enable the module and can disable it at any time |
| Error reporting (when Sentry is active) | Legitimate interest - technical crash reports without personal data |
| Export calendar events to your Outlook calendar (if you enable it) | Consent (Art. 6.1.a) - you connect the service voluntarily and can disconnect at any time |
Intimacy data is a special category of personal data under GDPR Art. 9. We handle it with extra care: opt-in, optional PIN lock, and end-to-end encryption (implemented 2026-05-23 - only you and your partner hold the decryption key).
3. Where data is stored
| Where | What | Geography |
|---|---|---|
| Supabase | All database content, authentication, files | Sweden (Stockholm, eu-north-1) - EU region. Supabase data never leaves the EU. |
| Apple Push Notification Service (APNS) | Push token + notification content in transit | Apple's global infrastructure |
| Google Firebase Cloud Messaging (FCM) | Push token + notification content in transit | Google's global infrastructure |
| Microsoft (Outlook calendar) | Calendar events you choose to export (title, description, location, time) | Microsoft's global infrastructure. Only if you connect your Outlook calendar in Settings. Private events are never exported. |
| Supabase Auth (email) | Delivery of login codes and verification emails - your email address and message content in transit | Sent via our authentication service (Supabase) |
| Expo | App builds, OTA updates (no user data) | USA |
| Sentry (when active) | Crash reports | EU region (configured) |
Beyond the providers listed above, we do not share data with any third party.
For the providers that process personal data outside the EU/EEA (e.g. Apple and Google for push notifications, Microsoft for calendar sync, and Expo for app services), we rely on the European Commission's Standard Contractual Clauses (SCC) and, where applicable, the EU-US Data Privacy Framework.
4. How long data is kept
- Active accounts: No automatic deletion. Data lives as long as you use the app.
- Inactive accounts: If you haven't logged in for 3 years we contact you first, then close the account - your data is deleted within 30 days.
- Ended relationships (where both partners have ended or you deleted your account): Soft delete first. Hard deletion within 30 days.
- Closed accounts: All your data is deleted within 30 days.
- Backups: We take manual backups with limited retention. Backups older than 3 months are deleted.
- Server logs: Maximum 7 days.
- Crash reports (when Sentry is active): Technical crash reports without your content, deleted per Sentry's standard retention (approx. 90 days).
When you delete your account, deletion happens immediately (within seconds) via the app. The limits above for inactive accounts and backups are enforced through periodic routines rather than in real time. If you want your data deleted immediately, you can always delete your account yourself or contact us.
5. Who sees data
You and your partner
You see each other's content within your relationship. That is the entire point of the app.
Us (operators)
- Technically, we can reach the database via Supabase administration tools.
- In practice, we don't look at user data - there are no routine tasks that require it.
- When debugging a specific issue, we may need to read individual rows, always with the purpose of fixing the problem and nothing else.
- End-to-end encryption is in place since 2026-05-23. We cannot read intimacy data, family notes, agreements, or appreciations - it is encrypted on your device before being stored. Only you and your partner hold the decryption key.
Third parties
- Supabase stores the data but has no routines that open it. They have their own privacy policy.
- Supabase Auth sends our login and verification emails and therefore sees your email address and the message content.
- Apple and Google see push notification content on the way to your phone. We send generic notification texts ("Something new from your partner") where possible.
- Apple or Google as sign-in provider - only if you yourself choose to sign in with Sign in with Apple or Google. Then Apple/Google knows you sign in to Copl, and we receive your email address (Apple may provide a relay address) and a signed login token. Nothing more - no contacts, photos, or other account data.
- Microsoft - only if you yourself enable Outlook sync in Settings. The calendar events you choose to export (title, description, location, time) are then sent to your own Outlook calendar via Microsoft Graph. Sign-in happens directly with Microsoft on your device; your access tokens are stored encrypted locally on the phone and never pass through our servers. Private events are never exported, and you can disconnect at any time.
- Beyond these providers, we do not share data with any other third party.
What we don't do
- We never sell data.
- We never share data with ad networks or data brokers.
- We don't combine your data with external data sources.
6. Security
- Row Level Security (RLS) on all database tables - it is technically impossible for a user to read data from a relationship they are not a member of.
- HTTPS encrypts all traffic between your phone and our servers.
- End-to-end encryption is implemented for sensitive fields (intimacy, family notes, agreements, appreciations) since 2026-05-23. Not even we as operators can read the content - it is encrypted on your device before being stored, with a key that only exists on your and your partner's phones. Algorithm: tweetnacl/XSalsa20-Poly1305 with AAD binding and version prefix. You can verify the encryption via Settings → Encryption Verification (shows your and your partner's fingerprint for verbal comparison).
- PIN lock on the intimacy module can be activated locally on your device.
- Discreet mode hides sensitive sections from the app's home screen.
- Sign-in: you sign in with a one-time code via email, with a password, or with Sign in with Apple/Google. Passwords are never stored in plain text - only as a cryptographic hash with Supabase Auth. Forgotten passwords are handled by signing in with a one-time code (no reset link that can be hijacked).
7. Your rights under GDPR
You have the following rights and can exercise them at any time:
| Right | How to do it |
|---|---|
| Know what data we have about you | Settings → "Your data" - shows everything stored about you personally |
| Correct inaccurate data | You can change all your own content directly in the app |
| Erasure of your data ("the right to be forgotten") | Settings → Delete account - all data disappears within 30 days |
| Receive your data (portability) | Settings → Export our data - JSON file with all rows |
| Restrict processing | Pause the relationship (Settings → Pause) - the app switches to read-only mode |
| Object to processing | Contact us (see below) |
| Withdraw consent for the intimacy module | Settings → turn off Closeness/Intimacy - the data is deleted |
We respond to all requests within 30 days, usually much sooner.
8. Complaints
If you believe we are handling your personal data incorrectly, you can:
- Contact us first - we want to know and would like to fix it.
- File a complaint with the Swedish Authority for Privacy Protection (IMY):
- Web: https://www.imy.se
- Phone: +46 8 657 61 00
- Mail: IMY, Box 8114, 104 20 Stockholm, Sweden
9. Automated decisions and profiling
We use no automated decision-making or profiling. No algorithms draw conclusions about you that affect you.
10. Children
Copl is not intended for minors. You must be at least 18 years old to create an account (the app is age-rated 18+ and includes an optional intimacy module). Parents may store information about their children (names, shoe sizes, allergies) as part of the family module - but the children themselves should not create accounts.
Parents are responsible for informing their children about what data is stored about them.
11. Changes to this policy
This policy may be updated as the app evolves or as legislation changes. Major changes are announced in the app and, when needed, via email.
Version history:
| Version | Date | Change |
|---|---|---|
| 1.0 | 2026-05-19 | First published version. |
| 2.0 | 2026-05-24 | End-to-end encryption has been implemented and verified in production on 2026-05-23. Sections that described E2EE as "planned" or "future" updated to present tense. Encryption verification via fingerprint in Settings documented. |
| 3.0 | 2026-06-12 | New sign-in methods documented: Sign in with Apple, Google, and email with password (in addition to one-time codes via email). Resend added as a subprocessor for email delivery (EU/Ireland). Clarification about website hosting (GitHub Pages, Cloudflare DNS). |
| 3.1 | 2026-06-29 | Microsoft (Outlook calendar sync) added as a recipient with consent as legal basis. Clarification of the safeguard (SCC/EU-US Data Privacy Framework) for transfers outside the EU/EEA, and of absolute wording. |
| 3.2 | 2026-06-29 | Email delivery described as Supabase Auth (replaced unverified Resend entry). Clarified that app version is only collected with feedback, that pause is a read-only mode in the app, and that some retention limits are enforced via routines. Complete data export and actual deletion of account and closeness data in place. |
12. Contact
For privacy questions, GDPR requests, or curiosity:
Email: copl-app@outlook.com
Postal address: provided on request
The Swedish version of this policy is authoritative. In case of discrepancy between translations, the Swedish version applies. See the Swedish original.
Internal source document with technical details (for developers): docs/INTEGRITET.md in the codebase.