Tiddo
Svenska | English

Privacy Policy

Last updated: 2026-06-02

1. Introduction

Welcome to Tiddo. We care about your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your personal information when you use our time tracking app Tiddo.

Tiddo is a mobile time tracking app with GPS-based attendance verification. The app is used by companies to manage their employees' working hours, projects, and work locations.

2. Data Controller

Company: [Your company name]

Organization number: [Your org number]

Address: [Your address]

Email: privacy@tiddo.se

Website: https://tiddo.se

3. Personal Data We Collect

3.1 Account Information

  • Name (first name and last name)
  • Email address
  • Phone number
  • Employee ID
  • Company affiliation
  • User role and permissions

3.2 Location Data (GPS)

  • GPS coordinates: Latitude and longitude at clock in and clock out
  • GPS accuracy: Measurement data to verify location accuracy
  • Timestamp: When location information was recorded
  • Purpose: GPS data is used solely to verify that you are at an approved work location during clock in and clock out

3.3 Time Tracking Data

  • Clock in and clock out times
  • Working hours and breaks
  • Projects you work on
  • Work locations you visit
  • Notes and comments related to time entries
  • Project switches during the workday

3.4 Technical Information

  • Device type and operating system
  • App version
  • Error logs and crash reports
  • IP address and network information
  • Language settings

4. How We Use Your Personal Data

4.1 Primary Purposes

  • Time tracking: Record and manage your working hours
  • Attendance verification: Verify that you are at an approved work location
  • Project management: Track time per project and work location
  • Payroll administration: Provide data for payroll calculations
  • Reporting: Generate reports for managers and administration

4.2 Legal Basis for Processing

  • Contract: Processing is necessary to fulfill the employment contract
  • Legal obligation: Employers are required to keep time records according to labor law
  • Legitimate interest: The company's need to manage personnel and projects

4.3 GPS Data Specifically

GPS location data is collected only during clock in and clock out. We do NOT track your position continuously. Location information is used solely to verify that you are within the allowed zone (geofence) for the specified work location.

5. Data Sharing and Third Parties

5.1 We DO NOT share your personal data with third parties for marketing purposes

5.2 Service Providers

We use the following service providers who process data on our behalf:

  • Heroku (Salesforce): Cloud hosting and databases (USA/EU)
  • Google Cloud Platform: Google Calendar API and Google Maps API
  • Cloudflare: CDN and security services

All service providers are bound by data protection agreements and may only process data according to our instructions.

5.3 Legal Requirements

We may be required to disclose personal data to authorities if required by law, such as during tax audits, labor law disputes, or police investigations.

6. Data Storage and Security

6.1 Retention Period

  • Active employees: Data is stored during employment
  • Former employees: Time reports are saved for 7 years according to accounting law
  • GPS data: Stored together with time reports for 7 years
  • Technical logs: Deleted after 90 days

6.2 Security Measures

  • Encrypted data transmission (TLS/SSL)
  • Encrypted data storage in database
  • Two-factor authentication for administrators
  • Access control and role-based permissions
  • Regular security updates
  • Automatic backups
  • Intrusion detection and monitoring

6.3 Data Transfer Outside EU

Some data may be stored on servers in the USA (Heroku). All transfers are made with adequate protection according to GDPR, either through EU Standard Contractual Clauses or Privacy Shield Framework.

7. Your Rights Under GDPR

You have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: You have the right to obtain a copy of your personal data
  • Right to rectification: You can request that incorrect information be corrected
  • Right to erasure: You can request deletion after end of employment (with exceptions for legal retention periods)
  • Right to restriction: You can request that processing of your data be restricted
  • Right to data portability: You can receive your data in a structured, machine-readable format
  • Right to object: You can object to certain processing of your data
  • Right to withdraw consent: If processing is based on consent, you can withdraw it at any time

Note: Some rights may be limited due to labor law or accounting requirements. For example, time reports cannot be deleted during the statutory retention period of 7 years.

To exercise your rights, contact your employer's HR department or email us at privacy@tiddo.se.

8. Complaints to Supervisory Authority

If you believe that the processing of your personal data violates GDPR, you have the right to file a complaint with the Swedish Authority for Privacy Protection (IMY):

Swedish Authority for Privacy Protection

Box 8114

104 20 Stockholm, Sweden

Email: imy@imy.se

Website: https://www.imy.se

9. Cookies and Tracking

The Tiddo mobile app does NOT use cookies or tracking technology for marketing purposes. We only use technically necessary tokens for authentication and session management.

Our website (tiddo.se) may use cookies for web analytics and user experience. You can read more in our cookie policy.

10. Changes to Privacy Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through a notification in the app.

The latest version is always available at https://app.tiddo.se/privacy-policy-en

11. Contact Us

If you have questions about this privacy policy or how we process your personal data, contact us:

Email: privacy@tiddo.se

Website: https://tiddo.se

Address: [Your address]