Aquest document ha estat traduït automàticament. Veure la versió original en anglès

Privacy Policy

Last Updated: January 7, 2026

Data Controller:
Boutique Web Development (Enskild firma)
Org. nr: 860413-8779
Address: Stockholm, Sweden
Contact: asterisk@summo.plus

📝 1. Introduction

At Summo ("the App"), we treat privacy as a fundamental feature, not an afterthought. This Privacy Policy outlines how Boutique Web Development ("we," "us," or "our") collects, uses, and protects your data.

We operate under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Swedish Data Protection Act (Lag med kompletterande bestämmelser till EU:s dataskyddsförordning). By using Summo, you agree to the practices described in this policy.

📸 2. What to Upload

2.1 Keep it to Receipts
Summo is built to organize your grocery life. The Service is designed exclusively for processing receipts and purchase documents.

2.2 Please Don't Upload Personal Photos
To protect your own privacy, please do not upload personal photos (like selfies or pictures of family members) or sensitive documents unrelated to shopping.

  • Our Focus: Our system is trained to read grocery items, not people. If you upload unrelated personal photos, our system won't understand them, and we may delete them to keep our storage efficient.
  • Your Privacy: Since the app isn't designed for personal photo storage, we cannot accept responsibility for private photos you upload by mistake. Please help us keep Summo focused on groceries!

⚖️ 3. Lawful Basis for Processing

We process your data based on specific legal grounds:

  1. Contractual Necessity (Art. 6.1.b GDPR): To provide the core functionality: scanning receipts, extracting data, and organizing your grocery history.
  2. Legitimate Interest (Art. 6.1.f GDPR):
    • To train and improve our proprietary machine learning models.
    • To generate aggregated market insights (e.g., price trend analysis).
    • To ensure the security and integrity of our Service.
  3. Consent (Art. 6.1.a GDPR): Solely for optional features or direct marketing, which you can withdraw at any time.

🔍 4. Data We Collect

We adhere to data minimization principles. We collect only what is needed:

  • Account Data: Email address and internal User ID.
  • Receipt Data: Images you upload and the raw text/data extracted (store name, products, prices, timestamps).
  • Usage Metadata: Technical logs, device type, crash reports, and interaction metrics to help us fix bugs.

📈 5. Local Shopping Insights (Aggregated Data)

5.1 How We Create Insights
We want to help everyone shop smarter. To do this, we analyze trends across all receipts, like "Who has the cheapest milk in Stockholm?". We call this "Aggregated Data."

  • It's Anonymous: This data is stripped of all personal identifiers. It is just math and statistics, impossible to trace back to you.
  • Business Use: Because this anonymous data helps the whole market understand pricing, we reserve the right to use, publish, or sell these anonymous statistics to improve the grocery ecosystem.

5.2 Improving Summo
We use the receipts you upload to teach our AI how to read better. This helps the app become more accurate for you and everyone else over time. We do not use your personal email or identity for this training.

🤖 6. Third-Party Services

We use trusted partners to operate the Service.

6.1 Processors (process data on our behalf, under our instructions)

ProviderPurposeDPA
Google Cloud PlatformHosting, Database, Storage, AIGoogle Cloud DPA
SentryError Tracking & Crash ReportingSentry DPA
ResendTransactional EmailsResend DPA

6.2 Controllers (process data under their own privacy policies)

ProviderPurposePrivacy Policy
Google Maps PlatformStore Location GeocodingGoogle Privacy
Google Sign-inAuthenticationGoogle Privacy
Apple Sign-inAuthenticationApple Privacy

We configure our AI providers to ensure they do not train their public models on your private data.

🇸🇪 7. Your Rights

Under the GDPR, you have the following rights over your Personal Data:

  • Access & Portability: Request a copy of your receipts and account data.
  • Rectification: Correct wrong info.
  • Erasure ("Right to be Forgotten"): Request deletion of your account and identifiable data.
    • Note: This does not apply to Aggregated Data that has already been anonymized, as it is no longer personal data.
  • Objection: You may object to our processing of your data for model training purposes by contacting support.

To exercise these rights: Email us at asterisk@summo.plus.

🛡️ 8. Security & Retention

  • Security: We use industry-standard encryption (TLS/SSL) in transit and at rest.
  • Retention: We keep your identifiable data only as long as you have an active account. If you delete your account, personal identifiers are removed within 30 days.

🏛️ 9. Regulatory Authority

If you believe we are mishandling your data, you have the right to lodge a complaint with your local Data Protection Authority (for example, the Swedish Authority for Privacy Protection – IMY).

👤 10. Age Requirement

Summo is intended for users aged 16 or older. We do not knowingly collect data from children under 16.