Last updated: May 2026

Privacy Policy

Attendivo (“we”, “our”, “us”) is a team scheduling service operated by Jóhann Ingi Sigurðsson, based in Sweden. This policy explains what personal data we collect, why we collect it, and how we use it. It applies to all users of Attendivo, including team administrators and members.

1. Data controller

The data controller responsible for your personal data is:

Jóhann Ingi Sigurðsson

Stockholm, Sweden

hello@jamber.app

This policy will be updated when a formal legal entity is established.

2. Data we collect

We collect the minimum information needed to run the service:

  • Member information — name, email address, and (optionally) phone number, added by a team administrator when you are invited to a team.
  • Authentication data — if you sign in as a team administrator, your login is managed by Clerk. We store a reference to your Clerk user ID.
  • RSVP responses — your attendance response (yes, no, maybe) and any optional comment for each session.
  • Profile settings — optional information such as an emergency contact or a reason for temporarily pausing your membership.
  • Access requests — if you submit a “Request access” form, we store your name, email, team type, and any message you provide.
  • Usage data — standard server logs including IP address, browser type, and pages visited.

3. Legal basis for processing

Under the GDPR, we rely on the following legal bases:

  • Performance of a contract (Article 6(1)(b)) — processing your name, email and RSVP responses is necessary to deliver the scheduling and notification service your team administrator has set up.
  • Legitimate interests (Article 6(1)(f)) — server logs and security monitoring are necessary to maintain the reliability and security of the service. Our legitimate interest is operating a safe and functional platform; this does not override your rights.
  • Consent (Article 6(1)(a)) — where you voluntarily provide optional information (phone number, emergency contact, profile details), we process it on the basis of your consent. You may withdraw consent at any time by contacting us.

4. How we use your data

  • To send session invites, reminders, and cancellation notices to team members.
  • To display RSVP status and team rosters to other members of the same team.
  • To allow team administrators to manage schedules, sessions, and membership.
  • To respond to access requests and onboard new teams.
  • To maintain the security and reliability of the service.

We do not sell your data. We do not use your data for advertising or profiling. No automated decision-making with legal or significant effects takes place.

5. Data collected indirectly

If you are a team member, your personal data (name and email) was provided to Attendivo by your team administrator, not directly by you. By sending you a session invite, we fulfil our obligation under Article 14 GDPR to inform you that we hold your data. This policy is the primary source of that information. If you wish to have your data removed, please contact us or ask your team administrator.

6. Third-party services and international transfers

Attendivo uses the following sub-processors to deliver the service. All are based in the United States, which means your data is transferred outside the European Economic Area (EEA). Each transfer is covered by Standard Contractual Clauses (SCCs) adopted by the European Commission, ensuring an adequate level of protection.

  • Clerk — user authentication for team administrators.
  • Resend — transactional email delivery (session invites, reminders, notifications).
  • Neon — PostgreSQL database hosting. Your personal data is stored in Neon’s infrastructure.
  • Vercel — application hosting and edge network.

We do not transfer your data to any other third parties.

7. Data sharing within your team

Within a team, member names and RSVP responses are visible to all members of that team. This is necessary for the service to function. We do not share your data with other teams.

8. Data retention

  • Member and RSVP data — retained for as long as your team account is active. Deleted within 30 days of team deletion.
  • Access request data — retained for up to 12 months, then deleted.
  • Server logs — retained for up to 30 days.

You may request deletion of your personal data at any time, regardless of the above periods.

9. Your rights under GDPR

If you are in the EEA, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your data (“right to be forgotten”).
  • Right to restriction — request that we limit how we process your data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@jamber.app. We will respond within 30 days.

10. Right to lodge a complaint

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with a supervisory authority. In Sweden, the relevant authority is the Integritetsskyddsmyndigheten (IMY) at www.imy.se. You may also contact the supervisory authority in your country of residence.

11. Cookies

Attendivo uses cookies only where strictly necessary — for authentication sessions (via Clerk) and to keep administrators signed in. We do not use tracking, analytics, or advertising cookies.

12. Changes to this policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For significant changes, we will notify team administrators by email where possible.

13. Contact

For any questions about this policy or to exercise your data rights, please contact: hello@jamber.app