LegalPrivacy Policy

Last updated: March 26, 2026

This Privacy Policy explains how Drop In Hockey ("we", "us", or "our") collects, uses, and protects your personal information when you use our website, mobile application, and related services (collectively, the "Service").

Who We Are

Drop In Hockey is a platform for managing sports groups, events, member coordination, and payments. Our website is available at https://dropinhockey.seand we also offer a mobile application. We are based in Sweden.

What Data We Collect

When you use our Service, we may collect the following personal data:

  • Account information: name, email address, phone number, and profile details you provide when creating an account.
  • Group and event data: information about the groups you create or join, events you participate in, and your attendance records.
  • Payment information: billing details processed through Stripe. We do not store your full credit card numbers on our servers.
  • Communications: emails sent through the platform, group chat messages, images, and documents shared in group channels.
  • Push notification tokens: device tokens used to deliver push notifications for event summons, chat messages, and payment reminders.
  • Location data: approximate location collected only when you search for nearby groups, and only with your explicit permission. We do not track your location continuously.
  • Device information: device model, operating system version, and app version sent with support requests and error reports.
  • Managed account data: personal data about children or dependents whose accounts are created and managed by a parent or legal guardian.
  • Usage data: IP address, browser type, device information, pages visited, and interaction patterns collected automatically through cookies and analytics tools.

How We Use Your Data

We use your personal data to:

  • Provide, maintain, and improve the Service.
  • Process payments and manage subscriptions through Stripe.
  • Send you event reminders, group notifications, and other service-related communications via email or push notifications.
  • Deliver push notifications for event summons, chat messages, and payment reminders.
  • Enable in-app chat between group members.
  • Enable group organizers to manage members, events, and payments.
  • Manage child or dependent accounts on behalf of parents or legal guardians.
  • Process content reports and enforce community guidelines.
  • Analyze usage patterns to improve the Service and fix issues.
  • Comply with legal obligations.

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract: processing necessary to provide the Service you signed up for.
  • Legitimate interest: improving and securing the Service, analytics, and fraud prevention.
  • Consent: marketing communications and newsletter subscriptions, which you can withdraw at any time.
  • Legal obligation: where required by applicable law.

Third-Party Services

We use the following third-party services that may process your data:

  • Firebase (Google): authentication, database, and cloud functions.
  • Stripe: payment processing.
  • Postmark: transactional email delivery.
  • Vercel: website hosting and analytics.
  • Sentry: error tracking and performance monitoring.
  • Plausible: privacy-friendly website analytics.
  • Expo (EAS): push notification delivery and over-the-air app updates for the mobile application.

Each of these providers has their own privacy policies governing how they handle data.

Cookies

We use cookies for the following purposes:

  • Essential cookies: required for authentication and core functionality of the Service.
  • Preference cookies: to remember your settings, such as theme preference and active group.
  • Analytics cookies: to understand how the Service is used and identify areas for improvement.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using parts of the Service.

Data Sharing

We share your personal data only in the following circumstances:

  • Within groups: group organizers can see member names, email addresses, and attendance data for groups you belong to.
  • Payment processing: billing information is shared with Stripe to process payments.
  • Service providers: with the third-party services listed above, solely for the purpose of operating the Service.
  • Legal requirements: when required by law, court order, or to protect our rights.

We do not sell your personal data to third parties.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we immediately delete your personal data. Some data may be anonymized rather than deleted to preserve group statistics and payment records — for example, chat messages will show "Deleted user" instead of your name, and payment records are retained for bookkeeping purposes.

Usage data and analytics are retained in aggregated, anonymized form and are not linked to your account after deletion.

Account Deletion

You can delete your account at any time from the Settings screen in the mobile app or by contacting us. Account deletion will:

  • Remove your personal profile and authentication credentials.
  • Anonymize your chat messages and group participation history.
  • Remove your managed accounts and their associated data.
  • Delete your push notification tokens and calendar subscriptions.

Some records, such as payment history, may be retained in anonymized form as required by applicable bookkeeping laws.

Children

The Service requires users to be at least 13 years old to create their own account. Parents or legal guardians may create managed accounts for minors. By creating a managed account, the parent or guardian consents to the processing of the minor's personal data as described in this policy. The parent or guardian can delete the managed account at any time, which will remove all associated data.

If you believe a child has independently provided us with personal data without parental consent, please contact us and we will delete it.

Your Rights

Under the GDPR and other applicable data protection laws, you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate data.
  • Erasure: request deletion of your personal data.
  • Restriction: request that we limit how we process your data.
  • Portability: request your data in a machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at info@dropinhockey.se. We will respond within 30 days.

Data Security

We take reasonable measures to protect your personal data, including encryption in transit (TLS), secure authentication through Firebase Auth, and access controls on our infrastructure. However, no method of electronic transmission or storage is completely secure.

International Data Transfers

Your data may be transferred to and processed in countries outside the EEA, including the United States (where some of our service providers are located). We ensure appropriate safeguards are in place in accordance with GDPR requirements.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending you an email. The "Last updated" date at the top indicates when the policy was last revised.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at: