Effective from 2025-09-03 until further notice

1. Introduction

The website www.domira-app.com (“Website”) and mobile application “Domira” (“App”), are provided by Digies, with company registration number 820219-1907, a company duly incorporated and registered in Sweden (hereinafter referred to as “we”, “our”, or “us”).

In this Privacy Policy, you can read about how we process personal data, the purposes for which the processing takes place, where the data is stored, who may have access to it, and the rights of data subjects under the GDPR. References to “you”, “your”, or “yours” refer to the data subject whose personal data we process.

Quick Overview – At a Glance:

What we collect: Account details (e.g., email), subscription/payment data, usage data, technical data, and any information you provide to our support (see Sections 4–5). Your journaling notes are encrypted and, if chosen, also stored only on your own device (see Section 7.6).

Why we collect it: To provide and improve the App, manage subscriptions, ensure security, and send optional communications (see Sections 6–7).

Where your data is stored: Personal data is primarily processed within the EU/EEA. If transferred outside, we ensure appropriate safeguards such as Standard Contractual Clauses (see Section 8).

How long we keep it: Data is retained only as long as necessary for each purpose (see Sections 7 and 9). Some data must be stored longer if required by law (e.g., for tax or accounting).

Who we share it with: Trusted service providers (e.g., hosting, IT, payment processors). We never sell your personal data (see Section 10).

Your rights: You can for example request to access, correct, delete, or object to how we process your data (see Section 11).

2. Definitions

In this Privacy Policy, the definitions correspond to those set out in the EU General Data Protection Regulation 2016/679 (“GDPR”), such as “personal data”, “processing”, “data subject”, “supervisory authority”, “controller”, “processor” and others. Each of these definitions shall have the same meaning as provided in Article 4 of the GDPR. For a complete list and exact definitions, please refer to that article.

3. How we access your personal data

We act as the data controller for the processing of personal data when we determine the purposes and means of the processing, in accordance with the principle of accountability. Our processing of personal data is carried out in compliance with the GDPR, the fundamental data protection principles, and applicable data protection legislation. Unless otherwise stated, we are the data controller for the processing of personal data described herein.

4. How we access your personal data

We obtain your personal data primarily when you interact with the App or with us directly. This includes situations such as:

  • Account registration: When you create an account to the App and provide your e-mail.
  • Subscription and payment: When you purchase a subscription via the Apple App Store or Google Play, we receive information from the app store about your subscription status and payment confirmation (but never your card details), in order to manage your subscription.
  • Use of the App: When you use the App’s features, certain technical and usage data is generated (e.g., email address, crash reports and feature usage).
  • Customer support: When you contact us for customer support, we process your contact details and the information you provide in your request.
  • Feedback: When you provide us feedback through the App, we process your e-mail address and the feedback provided to us. 

5. Categories of processed personal data

We only process personal data that is adequate, relevant, and necessary for the purposes for which it was collected, in line with the principle of data minimisation. The App is not intended for children under the age of 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

We collect the following categories of personal data:

Email address: You provide us with your email address when you create your user account to the App, and when you provide us with feedback or contact our customer support etc., including the content of your request.

Subscription and payment information: Information about your chosen subscription plan, billing status, price, and currency. Payment details (e.g., card numbers) are never shared with us, but are handled directly by Apple App Store or Google Play.

User interaction with the App: When you use the App’s features, certain technical and usage data is generated (e.g., email address, crash reports and feature usage).

6. Legal basis for the processing of personal data

We process personal data only for specific, explicit, and legitimate purposes, in line with the principle of purpose limitation. The processing is primarily based on one of the following legal bases under the GDPR:

  • Consent (Article 6.1.a GDPR): You have given your consent to the processing of your personal data for specific purposes (e.g., receiving marketing communications). If processing of your personal data is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Contract (Article 6.1.b GDPR): Processing of your personal data is necessary for entering into or performing a contract with you (such as providing access to the App and its features).
  • Legal obligation (Article 6.1.c GDPR): Processing  of your personal data is necessary to comply with a legal requirement, which means we must keep certain data because the law requires it (for example for accounting, tax, or consumer protection purposes).
  • Legitimate interest (Article 6.1.f GDPR): Processing of your personal data is necessary for our legitimate interests, or those of a third party, provided these interests are not overridden by your rights and freedoms (e.g., ensuring security, improving the App, or communicating with existing customers about similar services). Where processing is based on legitimate interest, we have carried out a balancing test to ensure that our interests do not override your right to privacy and data protection.

In some cases, providing personal data is voluntary, but without it we may not be able to provide certain services, such as customer support or subscription access.

7. Purpose of the processing of personal data

Below we describe the purposes for which we process personal data, the categories of data involved, why we process them, the legal basis, any recipients, and how long the data is stored.

1) Account registration and administration

When you create a user account in the App, we process your personal data to register and manage your account.

  • Purpose: To enable account registration, authentication, and ongoing account administration.
  • Personal data: Contact details (email address), account information (encrypted password and preference settings).
  • Processing: Registering and storing the account, authenticating logins, providing account settings, and managing changes.
  • Legal basis: Contract. Processing is necessary to provide the App and its features in accordance with the Terms of Use.
  • Recipients: Service providers offering hosting, IT operations, and security services.
  • Storage period:
    • Account data (such as email address, encrypted password, and settings) is always stored in our systems as long as the account remains active.
    • Journaling and notes data are stored in accordance with the storage option you have selected:
      • Default (encrypted backup): Data is stored in encrypted form and may be restored if you reinstall the App. If you cancel your subscription but keep your account, this data will remain stored as long as the account is active. However, accounts without an active subscription that remain inactive for twenty-four (24) consecutive months may be closed and deleted, together with associated personal data.
      • Local storage on the device: No backup is stored in our systems. All data is deleted directly on the device if the App is uninstalled or the device is reset, and we cannot restore or retain your data.
  • If you delete your account using the “Delete my account” function, all your personal data will be erased or anonymized from our systems. This function corresponds to your right to be forgotten under the GDPR.

2) Subscription and payments

When you purchase a subscription for the App, we process your personal data to manage your subscription and provide access to the included features.

  • Purpose: Managing subscriptions, renewals, payment status, and potential refunds.
  • Personal data: Contact details (email address), account information (chosen subscription plan), and transaction data (price, currency, purchase date, payment status).
  • Processing: Administering subscriptions, receiving transaction confirmations from the App Stores, managing renewals, payment status, and cancellations. We do not process or store your card details.
  • Legal basis: Contract. Processing is necessary to manage your subscription in accordance with the Terms of Use.
  • Recipients: The App Store who is responsible for processing your payment details (including card information) and handling billing and refunds.
  • Storage period: Subscription and transaction data is stored as long as you have an active subscription and thereafter for up to seven (7) years, in accordance with applicable accounting and tax legislation.

3) Customer support

When you contact us, for example via email, mail, phone, feedback feature within the App, social media or other channels, we process your personal data to handle and respond to your request.

  • Purpose: To manage incoming requests, provide support, and answer questions from users.
  • Personal data: Identifying information (e.g., name, username), contact details (e.g., email address, phone number), case-related information (what you choose to share in your request).
  • Processing: Receiving and registering the request, identifying you as a user, handling and responding to the case, and following up when necessary.
  • Legal basis: Legitimate interest. We have a legitimate interest in providing support and responding to user inquiries.
  • Recipients: Service providers offering communication services (e.g., email provider, provider of telecommunication, social media platform).
  • Storage period: Support cases are normally stored for up to three (3) years after the case is closed, to ensure follow-up and improved service. Longer retention may occur if required by law.

4) Technical operations, security, performance and updates

To ensure that the App functions securely we conduct certain types of processes, such as to authenticate the user, enable features, prevent fraud, implement security measures, ensure server up-time, minimize app crashes, improve scalability and performance, or perform customer support, we process personal data linked to technical operations, security, and monitoring.

  • Purpose: To maintain and improve the App’s functionality and performance, prevent misuse, detect and resolve technical issues or incidents, implement updates, and ensure overall security.
  • Personal data: Technical information (e.g. usage logs, login times).
  • Processing: Collecting and analyzing technical data, logging and monitoring usage, troubleshooting, implementing updates, conducting security measures, and investigating and resolving incidents or threats.
  • Legal basis: Legitimate interest. We have a legitimate interest in ensuring that the App is secure, reliable, and up to date.
  • Recipients: IT, hosting, and security providers who supply infrastructure, monitoring, and support services.
  • Storage period: Technical logs are normally stored for up to twelve (12) months, unless longer retention is required to investigate incidents, prevent misuse, or comply with legal obligations.

5) Marketing and communication

We may process personal data to communicate with you about the App, provide relevant information, and send marketing or reminders about features.

  • Purpose: To send information, updates, offers, and marketing about the App’s features and services.
  • Personal data: Contact details (e.g., name, email address), account information (subscription plan), usage data (e.g., whether you opened an email or clicked on a link).
  • Processing: Sending digital communications, tailoring content based on usage, and monitoring marketing performance.
  • Legal basis:
    • Legitimate interest: We have a legitimate interest in marketing our own similar services to existing or former customers. You can object to this processing at any time.
    • Consent: For marketing to non-customers, your prior consent is required, which you may withdraw at any time.
  • Recipients: Providers of email and marketing services.
  • Storage period: Personal data used for marketing is stored as long as you have an active customer relationship or until you object to the processing. For processing based on consent, data is stored only as long as the consent is valid. Upon objection or withdrawal, we will immediately stop processing your data for marketing purposes. Marketing-related data will also be erased when your customer relationship ends, unless a longer retention period is required by applicable law (for example, to demonstrate prior consent).

6) Personalization and improvement of the App’s features

We use information about how the App is used to improve and adapt its functionality to user needs.

  • Purpose: To analyze usage and develop features that make the App more relevant, personalized, and user-friendly.
  • Personal data: Usage data (e.g., which features are used, frequency, click patterns, interactions with content), technical information (e.g., device type, operating system, app version).
  • Processing: Collecting and analyzing usage data, customizing features and content, improving user experience, and developing new functionality.
  • Legal basis: Legitimate interest. We have a legitimate interest in improving and developing the App to deliver a better user experience.
  • Recipients: Providers of analytics and development tools.
  • Storage period: Data is normally stored for up to two (2) years in aggregated or pseudonymized form.

7) Service notifications 

We may send messages about important updates, reminders, or new features in the App.

  • Purpose: To inform about important updates, required notifications, and reminders about features.
  • Personal data: Contact details (e.g., email address or push notification linked to your account), account information (e.g., subscription status, language settings).
  • Processing: Sending notifications via email, push, or in-App messages. You can disable reminders at any time in your settings.
  • Legal basis: Legitimate interest. We have a legitimate interest in informing users about important updates and features to ensure proper use of the App.
  • Recipients: Providers of email and push notification services.
  • Storage period: As long as your account is active or until you opt out of notifications.

8) Handling of statutory rights requests

When you contact us to exercise your rights under applicable law, we process your personal data to handle and document your request.

  • Purpose: To manage requests related to the exercise of rights under law (e.g., consumer rights, GDPR rights).
  • Personal data: Identifying information (e.g., first and last name), contact details (e.g., email address, phone number), case-related information (e.g., communication about your request).
  • Processing: Verifying the requester’s identity, handling and documenting the request, ensuring proper compliance with legal requirements.
  • Legal basis: Legal obligation. Processing is necessary to comply with applicable law (e.g., consumer protection legislation and GDPR).
  • Recipients: Authorities when required by law, IT providers and systems used for managing requests.
  • Storage period: Data related to rights requests is normally stored for three (3) years after the case is closed, based on limitation periods. In case of ongoing legal proceedings, data may be stored longer until the case is resolved or as required by law.

9) Handling and investigation of personal data breaches

If a personal data breach occurs, we process relevant data and technical information to investigate and manage the breach in compliance with legal requirements.

  • Purpose: To handle and investigate personal data breaches.
  • Personal data: Identifying information (e.g., first and last name), technical data (e.g., IP address, log files, device information), incident-related information (e.g., description of the incident, impact, remedial actions).
  • Processing: Investigating, managing, and documenting breaches, informing affected data subjects and supervisory authorities if required under GDPR (Articles 33–34), implementing measures to minimize harm and prevent future incidents.
  • Legal basis: Legal obligation. Processing is necessary to comply with GDPR obligations (Articles 5.2, 33, and 34), including documentation of incidents, notifications to the supervisory authority, and informing affected data subjects when required.
  • Recipients: Supervisory authorities (e.g., the Swedish Authority for Privacy Protection – IMY) when notification is required, IT security providers for technical analysis and corrective actions, internal investigation teams.
  • Storage period: Incident documentation is stored for five (5) years after the investigation is completed, unless an ongoing supervisory case or legal proceeding requires longer retention.

8. Storage location and security measures

Our aim is for personal data to always be processed within the European Union (EU) or the European Economic Area (EEA). In some cases, however, personal data may be transferred to and processed outside the EU/EEA. To ensure adequate protection of your personal data in such cases, we implement appropriate safeguards, which may include the use of the European Commission’s Standard Contractual Clauses (SCCs).

We take the security of personal data seriously and implement appropriate technical and organizational measures in accordance with Article 32 GDPR to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction. These measures are designed to ensure a level of security appropriate to the risk, and we regularly review and update them to maintain effective protection. Your data is stored securely using industry-standard encryption. Journaling notes are encrypted end-to-end, ensuring that only you can view and access them.

9. Storage duration

We process personal data only for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements, in accordance with the principle of storage limitation. When personal data no longer needs to be retained, it is deleted or anonymized in accordance with our internal retention routines and applicable legislation.

The exact retention period depends on the type of personal data and the purpose of the processing. Detailed information about retention periods for specific processing activities is provided in Section 7 of this Privacy Policy. Please note the following:

  • If we are legally required to retain personal data (for example, under accounting law, anti-money laundering legislation, or consumer protection laws), the personal data will be stored for the period required by the relevant law.
  • In the event of ongoing or potential legal disputes, regulatory investigations, or other legal proceedings, we may retain relevant personal data until the matter is finally resolved or until the applicable statute of limitations has expired.
  • If personal data needs to be processed to handle warranty matters, complaints, or other legal claims, it will be stored for the period required under applicable law.
  • If you request the erasure of your personal data, we may need to retain certain personal data to the extent necessary to fulfill our contractual, statutory, or regulatory obligations.

10. Disclosure of personal data

We handle personal data with care, and any disclosure is made only in accordance with applicable data protection laws. Your personal data may be shared with the following categories of recipients:

Government Authorities: We may disclose personal data when required by law, regulation, or valid legal request, for example under tax law or during official investigations (e.g., to the Swedish Tax Agency or the Police). Legal basis: Legal obligation. We may also share data where necessary to prevent or investigate crime, fraud, or to protect our business operations. Legal basis: Legitimate interest.

Service Providers (Processors): We use trusted service providers to help us operate and improve the App, including hosting providers, IT and security providers, analytics providers, payment processors, and accounting firms. These providers act as our processors and may only process data according to our instructions. Data processing agreements are in place in accordance with Article 28 GDPR.

  • Contract: Data may be shared with payment providers and subscription systems to fulfill our agreement with you.
  • Legal obligation: Data may be shared with accounting firms to comply with bookkeeping and tax regulations.
  • Legitimate interest: Data may be shared with IT, hosting, analytics, and security providers to ensure the secure and efficient operation of the App and to prevent cyberattacks.

Independent Controllers: In some cases, we may share personal data with independent third parties who determine their own purposes and means of processing. This may occur in connection with business transactions such as a merger, acquisition, or sale of assets, or when a third party has a legitimate business interest in handling personal data. Legal basis: Legitimate interest. In such cases, the receiving party is responsible for ensuring compliance with GDPR.

11. Data subject’s rights

As a data subject under the GDPR, you have the following rights:

  • Right to information: You have the right to clear information about how we process your personal data, including the purposes, categories of data, and potential recipients. This information is provided in this Privacy Policy.
  • Right of access: You may request a copy of the personal data we process about you and receive information about the processing, including any transfers outside the EU/EEA and applicable safeguards.
  • Right to rectification: If your personal data is inaccurate or incomplete, you have the right to have it corrected. Where feasible, we will also inform relevant recipients of the correction. You also have the right to be informed of who these recipients are.
  • Right to erasure (“right to be forgotten”): Under certain circumstances, you may request that we delete your personal data, for example if it is no longer needed for the purpose it was collected or if you withdraw your consent. In some cases, however, we must keep certain data because the law requires it (for example, for tax or accounting purposes). Where feasible, we will also inform relevant recipients of the erasure and provide you with information about who these recipients are.
  • Right to restriction of processing: You may request that we restrict the processing of your personal data, for example if you contest its accuracy or if the processing is unlawful but you oppose deletion. During restriction, we may only store the data, process it with your consent, or process it for the establishment, exercise, or defense of legal claims. We will inform you when the restriction ends.
  • Right to data portability: If we process your personal data based on consent or contract, you have the right to receive it in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller where technically feasible.
  • Right to object: You may object to our processing of your personal data if it is based on legitimate interests. We may only continue processing if we can demonstrate compelling legitimate grounds that override your interests. You always have the right to object to processing for direct marketing, in which case we must immediately stop such processing.
  • Right not to be subject to automated decision-making: You have the right not to be subject to decisions based solely on automated processing, including profiling, if the decision significantly affects you. Exceptions apply if the decision is necessary for a contract or required by law. In such cases, you may request human review of the decision. We do not make automated decisions, with or without profiling.

You may contact us using the details provided at the end of this Privacy Policy to exercise your GDPR rights. Exercising your rights is free of charge, unless your request is repetitive, unfounded, or excessive, in which case we may charge a reasonable fee or refuse the request.

To ensure proper handling, we may need to verify your identity before processing your request. We normally respond within one month. In complex cases or during periods of high workload, the response time may be extended by up to two additional months. If so, we will inform you of the extension within the first month.

Please note that certain rights are limited under the GDPR and only apply in specific circumstances. If we cannot fulfill your request, we will inform you of the reasons, in accordance with applicable law.

12. Changes to this Privacy Policy

We update this Privacy Policy as necessary to ensure that the information remains accurate and up to date. You are responsible for reviewing the latest version, which is always available on our website at: https://domira-app.com/privacy-policy. If we make material changes that affect how we process your personal data, we will inform you where required by law. Any changes will be published with a new “Effective Date.” Continued use of the App after updates means that you accept the revised Privacy Policy.

13. Questions or complaints

If you have any questions about this Privacy Policy or our processing of your personal data, you can contact us using the following details:

  • Email: privacy@domira-app.com

If you are dissatisfied with our processing of your personal data, you may lodge a complaint with our supervisory authority, the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, “IMY”):

  • Phone: +46 (0)8-657 61 00
  • Email: imy@imy.se
  • Postal address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden

If you reside in another EU/EEA country, you may also contact the supervisory authority in your country of residence. A list of EU supervisory authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en