Privacy Policy

Last Updated: January 18, 2026 | Version 1.0

1. Introduction

Welcome to Dage Tilbage ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our countdown timer application.

2. Data Controller

Controller: DageTilbage
Location: Denmark, European Union
Contact: info@dagetilbage.dk

3. What Data We Collect

3.1 Account Information (Required)

Email address - for account creation and authentication
Password - securely hashed, never stored in plain text
First and last name - when signing in via OAuth providers
Profile avatar URL - when provided by OAuth providers (Google, Facebook, Apple, Microsoft)

3.2 Countdown Data

Countdown titles - the names you give your countdowns
Target dates - the dates you're counting down to
Location data - ONLY if you consent to use weather features (optional)

3.3 Group Information

Group names and descriptions - for groups you create
Group membership information - your role in groups (owner/member)

3.4 Technical Data

Session cookies - strictly necessary for authentication (no consent required)
OAuth tokens - provided by third-party authentication services (not stored by us)
IP addresses - temporarily in server logs for security purposes

4. Legal Basis for Processing

We process your personal data under the following legal bases:

Contract (Article 6(1)(b) GDPR) - Processing is necessary to provide our service to you
Consent (Article 6(1)(a) GDPR) - For optional features like location-based weather forecasts
Legitimate Interests (Article 6(1)(f) GDPR) - For security, fraud prevention, and service improvement

5. How We Use Your Data

To create and manage your account
To provide countdown timer functionality
To enable group sharing features
To display weather forecasts (only with your consent)
To send important service notifications
To improve our service and user experience
To ensure security and prevent fraud

6. Third-Party Data Sharing

6.1 Authentication Providers

When you sign in using OAuth providers, we receive limited data from:

Google - Name, email, profile picture
Facebook - Name, email, profile picture
Apple - Name, email (may be hidden)
Microsoft - Name, email, profile picture

Note: These providers have their own privacy policies. We do not control how they process your data.

6.2 Weather Data Provider

If you consent to location-based weather features, we share your location data with:

Open-Meteo API (open-meteo.com) - for weather forecasts
Nominatim/OpenStreetMap (nominatim.openstreetmap.org) - for geocoding location names

Your consent is required before we share any location data with these services.

6.3 Data Transfers Outside the EU

Some of our third-party service providers (OAuth providers) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place through:

Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Privacy Shield certification (where applicable)

7. Data Retention

Account data - Retained until you delete your account
Countdown data - Retained until you delete your account or individual countdowns
Consent records - Retained for 3 years after account deletion (legal requirement)
Server logs - Retained for 90 days for security purposes

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

8.1 Right of Access (Article 15)

You can request a copy of all personal data we hold about you.

8.2 Right to Rectification (Article 16)

You can update or correct your personal information at any time in your account settings.

8.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can delete your account and all associated data at any time. Go to Settings → Delete Account.

8.4 Right to Data Portability (Article 20)

You can export all your data in JSON format. Go to Settings → Export My Data.

8.5 Right to Restrict Processing (Article 18)

You can request that we limit how we process your data.

8.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

8.7 Right to Withdraw Consent (Article 7(3))

You can withdraw consent for optional features (like location data) at any time in Settings → Manage Consents.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority if you believe we have violated your data protection rights.

9. How to Exercise Your Rights

In the app: Go to Settings to manage your data, consents, and account
By email: Contact us at info@dagetilbage.dk

We will respond to your request within 30 days (as required by GDPR).

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

HTTPS encryption for all data transmission
Bcrypt password hashing
Secure session management
Regular security updates
Access controls and authentication

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours
Notify affected users without undue delay
Provide information about the nature of the breach and steps taken

12. Cookies

We use the following cookies:

Session cookies (strictly necessary) - Required for authentication. No consent needed under GDPR.
Remember me cookie - Optional, only if you check "Remember me" when logging in

See our Cookie Policy for more details.

13. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

Update the "Last Updated" date and version number
Notify you via email or in-app notification
Request new consent if required by law

15. International Users

This service is operated from Denmark and intended for users in the European Union. If you are accessing from outside the EU, you do so at your own risk and are responsible for compliance with local laws.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: info@dagetilbage.dk
Data Protection Officer: DageTilbage
Response time: Within 30 days

Back to Dage Tilbage | Terms of Service | Cookie Policy