Welcome to Supertext's Privacy Policy. We know privacy matters to you, and it matters to us too. This policy explains what information we collect, how we use it, and, most importantly, what control you have over your own data.

We've written this in plain language because we believe you shouldn't need a law degree to understand how your data is handled. If you have questions after reading this, we're always here to help.

This Privacy Policy explains how Supertext (SMSgrupp i Stockholm AB) collects, uses, stores, shares, and protects your personal data. Our goal is to be transparent, user-friendly, and fully compliant with GDPR, the EU Digital Services Act (DSA), the Swedish Data Protection Act, and other applicable laws.

By creating an account, sending a message, or using any part of Supertext, you agree to this Privacy Policy.

We collect only the data needed to provide the service securely and reliably.

3.1 Information You Give Us Directly

• Your phone number, username, and (optionally) profile picture.
• Your contacts, if you allow access, to help you find friends and form groups.
• The content you create: messages, photos, and videos.
• Support requests, including contact details and issue information.

We do not read or access your private messages except:

• If required by law
• If necessary to investigate severe abuse, threats, or harmful behavior
• If flagged by automated systems detecting spam, fraud, or risks to safety

3.2 Information We Collect Automatically

• Device and system info, IP address, and activity data for service operation.
• General location data (if permitted).
• Usage data to improve features and performance.
• Cookies and local storage to remember preferences and keep you logged in.
• Timestamps of sent and received messages
• Group or community ID
• Routing events (delivery, failure, retry)

3.3 Contacts (Optional)

If you allow contact access, we process hashed phone numbers to show who uses Supertext. Names are not stored.

3.4 Usage Data & Analytics

• Interactions with features
• Crashes, bugs, and technical logs
• Basic analytics for improving the service

3.5 Advertising Data

If you consent to ads, we may process:

• Device ID
• Approximate location
• Group/community category (e.g., “Sports”, “School”)
• Automated contextual categorization based on message content within a group to determine broad, non-identifiable themes (for example, “sports event”, “parent meeting”, or “local fundraiser”). This processing is carried out solely by software. We never read your messages, and we never share message content with advertisers, only a high-level category generated from the analysis. The categorization process does not store, index, or retain message content for advertising purposes, and output categories are not linked to identifiable users.

Why we process your data – and what gives us the right to do so

​

Under GDPR, every piece of data processing needs a legal basis. Here's ours, in plain terms:

Contract performance (Art. 6(1)(b)) — We need this to simply run the service: delivering your messages, storing content, sending notifications, and managing your account. Without it, Supertext doesn't work.

Your consent (Art. 6(1)(a)) — For things that are optional, we only proceed if you say yes: accessing your contacts, showing you ads, running analytics, and using cookies.

Legal obligation (Art. 6(1)(c)) — Sometimes the law requires us to act, for example responding to lawful police requests, meeting DSA transparency requirements, or fulfilling your GDPR rights.

Legitimate interests (Art. 6(1)(f)) — We have a genuine interest in keeping the platform safe and functional: preventing spam, maintaining security, running basic analytics, and serving contextual ads. We only rely on this where our interests don't override yours.

Vital interests (Art. 6(1)(d)) — In rare, serious situations, such as credible threats of harm or child safety concerns — we may act to protect someone's life or safety.

Supertext stores data primarily within the EU.
However, certain technical operations may be processed outside the EU.

We rely on:

• EU-US Data Privacy Framework
• Standard Contractual Clauses (SCCs)
• Additional technical safeguards (encryption, access control)

By using Supertext, you acknowledge these necessary international transfers.

We apply both technical and organizational measures:

• Encrypted in transit transport
• Role-based access controls
• Audit logging and access monitoring
• Multi-factor authentication for staff
• Regular security testing
• Incident and breach response routines

Message Security and Communications Confidentiality

Supertext protects the confidentiality of your private communications in line with:

• the Swedish Electronic Communications Act (2022:482), and
• the EU ePrivacy Directive (2002/58/EC).

Access to message content is limited to authorized personnel under strict internal procedures, and only under the lawful grounds described in this policy.

In the unlikely event of a data breach affecting your rights, we will notify you and the Swedish Authority for Privacy Protection (IMY) within the timeframe required by Articles 33–34 of the GDPR.