Privacy Policy
SweepOS — operated by Meffecta AB
Last updated: March 2026
1. Introduction
This Privacy Policy describes how Meffecta AB, org. nr. 556916-8106 (“we”, “us”, “the Company”) collects, uses, stores, and protects personal data when you use SweepOS (“the Service”).
We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller and Processor
- When you are a Customer: You are the data controller for the personal data of your employees and clients. We act as a data processor, processing data on your behalf according to your instructions and our Data Processing Agreement.
- When you create an account: We are the data controller for your account and billing information.
3. Personal Data We Collect
3.1 Account Data
When you register, we collect:
- Company name and organization number.
- Contact person name and email address.
- Billing information (handled by our payment processor).
3.2 Employee Data (entered by Customer)
Customers may enter the following data about their employees:
- Full name, email address, phone number.
- Role and employment details.
- Work schedules and assignments.
- GPS location data (check-in and check-out at cleaning sites).
- Photos taken through the mobile application (checklist documentation).
- Time tracking records.
3.3 Client Data (entered by Customer)
Customers may enter data about their cleaning clients:
- Name, address, and contact details.
- Site information and access instructions.
- Service history and preferences.
- Contract and billing details.
3.4 Usage Data
We automatically collect:
- Device type, operating system, and browser information.
- IP address and approximate location (country/region level).
- Feature usage patterns and interaction data.
- Error logs and performance data.
3.5 Cookies
We use essential cookies for authentication and session management. We use analytics cookies only with your consent. See our Cookie Banner for details.
4. How We Use Personal Data
We process personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the Service (scheduling, checklists, invoicing) | Performance of contract (Art. 6(1)(b)) |
| Processing employee data on behalf of Customers | Legitimate interest of Customer as controller (Art. 6(1)(f)) |
| Account management and billing | Performance of contract (Art. 6(1)(b)) |
| Customer support | Performance of contract (Art. 6(1)(b)) |
| Service improvement and analytics | Legitimate interest (Art. 6(1)(f)) |
| Security monitoring and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
| Marketing communications (optional) | Consent (Art. 6(1)(a)) |
5. GPS and Location Data
The SweepOS mobile application collects GPS location data when employees check in and check out at cleaning sites. This data is:
- Collected only during active check-in/check-out events, not continuously.
- Stored as part of the visit record (timestamp + coordinates).
- Accessible to the Customer (employer) through the Service.
- Not shared with third parties.
- Employees can review their own location data in the app.
Customers are responsible for informing their employees about GPS data collection and ensuring a valid legal basis under employment law.
6. Photos
Photos taken through the SweepOS mobile app (for checklist documentation) are:
- Stored securely in the EU.
- Associated with the specific visit and checklist item.
- Accessible to the Customer and assigned employees.
- Not used for facial recognition or any automated analysis.
- Deleted when the Customer deletes the associated data or terminates the account.
7. Data Storage and Security
7.1 Location
All data is stored within the European Union.
7.2 Security Measures
We implement appropriate technical and organizational measures, including:
- Encryption in transit (TLS/SSL) and at rest.
- Access controls and authentication.
- Regular security assessments.
- Employee access limited to what is necessary for their role.
- Automated backups.
7.3 Incident Response
In the event of a personal data breach, we will notify the affected data controller (Customer) without undue delay and within 72 hours where feasible, as required by GDPR Article 33.
8. Data Sharing
We do not sell personal data. We share data only with:
| Recipient | Purpose |
|---|---|
| Cloud hosting provider (EU) | Infrastructure and data storage |
| Payment processor | Subscription billing |
| Email service provider | Transactional emails and notifications |
| Analytics provider | Anonymized usage analytics |
| Fortnox (if enabled by Customer) | Invoice synchronization |
All sub-processors are bound by data processing agreements and process data within the EU or under appropriate safeguards.
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 30 days |
| Customer Data (employees, clients, visits) | Duration of account + 30 days |
| GPS location records | Duration of account + 30 days |
| Photos | Duration of account + 30 days |
| Billing records | 7 years (Swedish accounting law) |
| Usage analytics | 24 months (anonymized) |
After account termination, Customer Data is available for export for 30 days, then permanently deleted.
10. Your Rights (GDPR)
Depending on your role, you have the following rights:
- Access — request a copy of your personal data.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your data (“right to be forgotten”).
- Restriction — request limited processing of your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — where processing is based on consent, withdraw at any time.
For employees and clients of our Customers: Since your employer/service provider is the data controller, please direct data rights requests to them first. We will assist the Customer in fulfilling such requests.
For account holders: Contact us directly at hello@sweepos.app.
11. Children
The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.
12. International Transfers
All data is processed within the EU. If we ever need to transfer data outside the EU, we will ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service at least 30 days before taking effect. The “last updated” date at the top reflects the most recent revision.
14. Supervisory Authority
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY):
Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm
imy.se
15. Contact
For privacy-related questions or requests:
Meffecta AB
Email: hello@sweepos.app
Website: https://sweepos.app