SPOA
SPOA · Privacy Policy

Privacy Policy

Privacy Policy

Last updated: 2026-05-20

SPOA (“we”, “us”) helps teams coordinate where people work each week. This Privacy Policy explains what personal data we collect when you use SPOA, why we process it, where it’s stored and what rights you have over it.

1. About SPOA

SPOA helps teams coordinate where people work each week. It is currently operated as a small independent project based in Sweden. Contact details are in section 9 below.

2. What we collect

When you sign in or use SPOA, we process the following categories of personal data:

  • Account details — the email addresses you register, your first and last name, an optional profile name, phone number and profile image.
  • Team membership — which companies or teams you belong to, the email address a given team uses to contact you, and whether you are an administrator for a team.
  • Planning data — the office/home/remote locations you select for each day, day notes you write, vacations you enter and answers to any surveys your team runs.
  • Authentication data — a securely hashed password and short-lived session cookies so you stay signed in.
  • Usage analytics — anonymous, cookieless page-view statistics that do not identify individual visitors.

We do not ask for, and do not intentionally store, any special categories of personal data (health, religion, political opinion, etc.).

3. Why we process it

The legal basis for processing depends on the category:

  • Performance of a contract — we need your account details and planning data to provide the service you or your employer signed up for.
  • Legitimate interests — security (rate-limiting sign-ins, detecting misuse), product analytics (aggregate page views), and occasional operational emails (password resets, account merge confirmations).
  • Consent — where consent is needed (for example opt-in marketing emails) we ask for it explicitly in your Account settings and you can withdraw it at any time.

4. Where your data lives

SPOA runs on servers located in the European Union. Personal data stays within the EU / EEA and is not transferred to third countries.

Operational email (password resets, account confirmations) is delivered through a standard email provider. We do not use third-party tracking cookies.

5. How long we keep it

  • Active accounts and their planning data are kept while the account is in use.
  • When you delete your account from Account → Delete my account, your personal data is removed and you can no longer be contacted through SPOA. Some past planning entries may be retained in anonymous form so team statistics remain meaningful.
  • Audit and access logs are retained for up to 12 months for security and operational purposes.

6. Your rights

Under the GDPR you have the right to:

  • Access a copy of your personal data. You can download it yourself from Account → Download my data.
  • Rectify data that is incorrect — most fields are editable directly in your profile.
  • Erase your data by deleting your account (see section 5).
  • Object to or restrict certain processing.
  • Lodge a complaint with your national data protection authority (in Sweden, IMY — Integritetsskyddsmyndigheten).

To exercise any of these rights, email meet@spoa.se.

7. Cookies and tracking

SPOA uses one essential cookie — the session cookie that keeps you signed in. No marketing or tracking cookies are set. Our analytics script does not use cookies either; it aggregates page-view statistics anonymously.

8. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app or by email before they take effect. The “Last updated” date at the top of the page always reflects the most recent revision.

9. Contact

Questions or concerns? Email us at meet@spoa.se.