GilleTerms of Service

Privacy Policy

Last updated: March 22, 2026

1. Who we are

This Privacy Policy describes how Gille Inc, registered in Sweden ("Gille", "we", "our", or "us"), processes personal data in connection with the Gille web platform and mobile application (the "Service").

Gille is subject to the EU General Data Protection Regulation (GDPR). For questions or requests related to your personal data, contact us at info@gille.io.

2. Data controllers and processors

Gille operates a two-tier data model:

  • Club account holders (administrators) — Gille is the data controller for the personal data of club administrators and owners who register directly with Gille (name, email, login credentials).
  • Club members — The Club is the data controller for the personal data of its members. Gille acts as a data processoron behalf of the Club for this data. Clubs are responsible for ensuring they have a lawful basis to process their members' data and for obtaining any necessary consents.

3. What data we collect

3.1 Club administrator accounts

  • Name and email address
  • Password (stored as a one-way hash — we cannot read it)
  • OAuth provider identifier (if you sign in with Google, Microsoft, or Apple)
  • Organisation name, sport, and country
  • Stripe Connect account details for payment processing

3.2 Member data (processed on behalf of Clubs)

  • Name, email address, phone number
  • Gender, date of birth
  • Home address (street, postcode, city, country)
  • National identification number / SSN (where provided by the Club)
  • Profile photo
  • Sport role, position, and shirt number
  • Membership fee status and payment records
  • Guardian details (name, email, phone, relationship) for minor members
  • Emergency contact information
  • Attendance and RSVP records for activities and events
  • Privacy flags set by the member (e.g. photo visibility, protected person status)

3.3 Technical and device data

  • Push notification tokens (iOS and Android device identifiers for sending notifications)
  • Calendar subscription tokens (for personal iCal feed access)
  • Standard server logs (IP address, browser/device type, access timestamps)

4. How we use your data

  • To provide the Service — managing accounts, displaying member lists, sending notifications, processing payments.
  • To send transactional communications — invoices, payment confirmations, activity reminders, and account-related emails.
  • To process payments — invoicing and Stripe Connect payment flows.
  • To improve the Service — analysing usage patterns in aggregate, fixing bugs, and developing new features.
  • To comply with legal obligations — responding to lawful requests from authorities.

5. Legal basis for processing (GDPR)

  • Contract — processing necessary to provide the Service to club administrators who have agreed to our Terms.
  • Legitimate interests — service security, fraud prevention, and product improvement.
  • Legal obligation — compliance with applicable Swedish and EU law.
  • Consent — where we rely on consent (e.g. marketing), you can withdraw it at any time.

For member data processed on behalf of Clubs, the legal basis is determined by the Club as data controller.

6. Sensitive data

National identification numbers (SSN / personal ID numbers) may be stored where provided by Clubs for administrative purposes. This data is treated as sensitive and access is restricted to authorised administrators within the Club. Gille does not use this data for any purpose other than storing and displaying it within the Club's account.

Where a member has been marked as a protected person (e.g. under a protection order), their sensitive data — including address, SSN, date of birth, phone, and guardian details — is hidden from other users in the platform. Only Club administrators with appropriate access can view this information.

7. Data sharing and third parties

We share personal data only with the following categories of recipients:

  • Stripe — payment processing and Stripe Connect for club payouts. See Stripe's Privacy Policy.
  • Cloudflare — file and image storage (member photos, club logos) via Cloudflare R2.
  • Expo / Apple / Google — push notification delivery via Expo Push Notifications, Apple APNs, and Google FCM.
  • Infrastructure providers — cloud hosting and database services. All providers are bound by data processing agreements and are GDPR-compliant.

We do not sell personal data to third parties or use it for advertising purposes.

8. Data retention

  • Club administrator account data is retained for as long as the account is active, plus a reasonable period thereafter for legal and billing purposes.
  • Member data is retained for as long as the Club account is active. When a Club account is deleted, all associated member data is permanently deleted.
  • Payment records may be retained for up to 7 years to comply with Swedish accounting law.
  • Server logs are retained for up to 90 days.

9. Your rights under GDPR

If Gille is the data controller for your data, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — request that we limit processing of your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, contact info@gille.io. We will respond within 30 days.

If you are a Club member (not an administrator), your data is controlled by your Club. Please contact your Club directly for data requests. Gille will support the Club in fulfilling such requests.

You also have the right to lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten, IMY) at www.imy.se.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These include encrypted data transmission (TLS), hashed password storage, and access controls scoped to each Club.

In the event of a personal data breach that poses a risk to individuals, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR.

11. Cookies

The Gille web platform uses cookies strictly necessary for authentication (session cookies). We do not use tracking cookies or third-party advertising cookies.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice within the Service. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

For any privacy-related questions or requests: info@gille.io

Gille Inc, Sweden