Plannie Privacy Policy
Plannie Privacy Policy
Version 1.0 — [DATE]
Plannie is built for your family's everyday life, which means you trust us with personal information — including information about your children. This policy explains what we collect, why, and what your rights are. We've tried to keep it readable; if anything is unclear, ask us.
1. Who is responsible
Plannie, org. no. [ORG NUMBER], [ADDRESS], is the data controller for the processing described in this policy. Contact us about privacy at [CONTACT EMAIL].
2. What we collect
Your account. Email address, name, and your password (stored only as a secure hash) — or, if you sign in with Google or Apple, the identifier those services give us. Whether your email is verified.
Family member profiles. Names, initials, profile colours, adult/child role, and optionally birth dates, avatar photos, and dietary preferences or allergies for the members of your household. Members other than account holders (for example children) have profiles but no login.
Your family's content. What your household puts into Plannie: calendar events (including any location you type into an event), tasks, chores, routines, check-ins, lists, recipes and meal plans, rewards and star balances.
Photos. Photos you pick via Google Photos for your screensaver are re-encoded and stored on our own storage. We can only access photos you explicitly pick — never your photo library (see section 8).
Family Inbox email. If you use your household's Plannie email address, we receive and store the emails sent to it. Email from senders you haven't approved is quarantined and deleted after 7 days unless you approve it.
Approximate location. If you set a location for weather, we store a city-level place (name and coarse coordinates) for your household. We do not collect street addresses and we do not track your device's location.
Your devices. Push-notification tokens and basic device information needed to deliver notifications.
Usage and diagnostics. Product analytics events (which features are used, platform, household identifier — via PostHog, EU-hosted) and error/crash reports (via Sentry, EU region), used to keep Plannie working and improve it. AI-feature usage is metered per household for the fair-use allowance.
Feedback. What you tell us — support conversations, feature feedback, and the optional feedback you leave if you cancel a subscription.
Payments. Purchases run through Apple, Google, or RevenueCat/Stripe. We receive subscription status and entitlements — never your full card details.
3. Why, and on what legal basis
| Purpose | Data | Legal basis |
|---|---|---|
| Providing Plannie: your account, household, calendar, lists, and other features | Account, profiles, content, photos, inbox email, devices | Performance of our contract with you (GDPR art. 6.1(b)) |
| Sending service email (verification, invitations, receipts, important notices) | Account data | Performance of contract |
| AI features you use (Sidekick, Magic Import, inbox extraction) | The content you submit to them | Performance of contract |
| Weather on your dashboard | Approximate location | Performance of contract |
| Keeping the service secure, preventing abuse | Account, usage, diagnostics | Legitimate interest (art. 6.1(f)): running a safe service |
| Understanding usage and improving Plannie | Usage and diagnostics (pseudonymised; aggregated where possible) | Legitimate interest: improving the product |
| Newsletters or product news, if we send any | Your email | Consent (art. 6.1(a)) — opt-out anytime |
| Bookkeeping and tax | Purchase records | Legal obligation (art. 6.1(c)) |
| Establishing or defending legal claims; business transfer (merger/acquisition) | What's necessary in the situation | Legitimate interest |
You can object to processing based on legitimate interest — see section 10.
4. AI features and your data
When you use Sidekick, Magic Import (photos, PDFs, links), or when the Family Inbox extracts events from incoming email, the content involved is sent to our AI provider, Anthropic, to generate the result. We don't use your content to train AI models. Items created by AI or via the API are always marked with an attribution badge in the app.
5. Children's data
Plannie accounts are for adults (18+). Children appear in Plannie as profiles created and managed by a parent or guardian in the household — children themselves have no account, no login, and cannot use the service directly.
As the parent or guardian, you decide what information about your child to add (name, birthday, photo, activities, chores). We use it only to provide the family features you see in the app. We never use children's data for advertising or profiling, and we don't allow anyone outside your household to see it.
6. Who we share data with
- Service providers. Companies that host and power Plannie — servers, email, AI, analytics, payments. The full list, including where each provider processes data, is public: Service providers & sub-processors. They may only process your data on our instructions.
- Services you connect. If you connect Google Calendar, Outlook, Google Photos, Alexa or Siri, data flows to/from those services as needed for the connection you chose. Their privacy policies apply to their side.
- Authorities. If the law requires it — for example a court order or a request we are legally obliged to answer.
- Business transfer. If we sell or restructure the company, your data may be transferred to the parties involved, under the same protections; we would inform you.
- With your consent — anyone else, only if you ask us or agree.
We never sell your personal data, and we don't share it with advertisers.
7. Where data is processed
Plannie runs in the EU: our servers, database and file storage are in AWS's Ireland region (eu-west-1), analytics on PostHog's EU cloud, and error monitoring in Sentry's EU region.
Some providers process data outside the EU/EEA — for example Anthropic (AI), Expo (push notifications), RevenueCat (subscriptions), and Google, Microsoft, and Amazon for integrations you connect. Where that happens, we rely on the European Commission's adequacy decision for the EU–U.S. Data Privacy Framework for certified providers, or the Commission's Standard Contractual Clauses, together with additional safeguards where needed. Details per provider are in the sub-processor list.
8. Google user data — Limited Use disclosure
Plannie's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Google Calendar data only to provide two-way calendar sync you set up, and Google Photos data only to display photos you explicitly pick.
- We do not use Google user data for advertising, and we do not sell it.
- We do not allow humans to read your Google user data, except with your explicit permission (e.g. a support request), where required for security, or to comply with law.
- We only transfer Google user data to others where necessary to provide the features above, for security, or to comply with law.
9. How long we keep data
| Data | Kept |
|---|---|
| Your account and household content | Until you delete it or delete your account. If the last adult deletes their account, the whole household and all its data are deleted. |
| Quarantined Family Inbox email (unapproved senders) | 7 days, then deleted |
| Plus features after your subscription ends | 30-day grace period; then the family email address and its stored email are released, while your calendar and lists continue on the free plan |
| Analytics and diagnostics | Kept in identifiable form only as long as needed for the purpose, then deleted or aggregated |
| Purchase records | As long as bookkeeping and tax law require |
| Data needed for legal claims | Until the matter is resolved |
Deleting your account is available directly in the app: Settings → Delete account & data.
10. Your rights
Under the GDPR you can:
- Access your data and get a copy of it.
- Export your data in a machine-readable format (data portability).
- Correct inaccurate or incomplete data.
- Delete your data ("right to be forgotten") — largely self-service via account deletion in the app.
- Object to processing based on our legitimate interests, and to any direct marketing (we then stop, unless compelling legitimate grounds apply — never for marketing, where objection is absolute).
- Restrict processing while a correction or objection is being handled.
- Withdraw consent at any time, for anything based on consent, without affecting processing already done.
To use these rights, contact [CONTACT EMAIL]. We answer within one month.
If you think we've handled your data wrongly, you can complain to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY, imy.se) or to the supervisory authority where you live.
11. Changes to this policy
The current version is always available where this policy is published. If we make significant changes we will tell you in the app or by email before they take effect.