Privacy Policy for reportr.me

Effective Date: 2024-04-01
Last Updated: 2025-08-09

1. Who We Are (Data Controller)

Welcome to reportr.me (“we,” “us,” “our”). We are the data controller for personal data processed in connection with reportr.me and reportr.aprture.io.

Controller: aprture.io
Location: Piteå, Sweden
Data Protection Officer (DPO): Kim Kangas
Contact (GDPR): qa@pixelgeeks.se

2. What Data We Collect

Personal Information: name, email, address, phone, and any other details you choose to provide.

Account & Authentication Data: login credentials, session identifiers, security logs.

Report Content: reports you submit, including images, videos, captions, timestamps.

Location/Metadata: EXIF data (e.g., GPS coordinates) extracted from uploads when available.

Payout & Tax Data: Social Security Number/Personnummer (where required), payout amounts, banking or payout identifiers necessary for payments and tax compliance.

Device/Cookie/Usage Data: cookies for login and preferences; analytics (e.g., Google Analytics) such as page views, referrers, and approximate geolocation.

3. Why We Process Your Data & Legal Bases

We process personal data only when we have a valid legal basis under GDPR:

  • Provide and operate the service (account creation, uploads, content unlocking, payouts): Performance of a contract (Art. 6(1)(b)).
  • Tax, accounting, and compliance (including SSN/Personnummer and payout records): Legal obligation (Art. 6(1)(c)).
  • Security and abuse prevention (fraud monitoring, enforcing rules like “no AI”): Legitimate interests (Art. 6(1)(f)).
  • Analytics and product improvement (how features are used): Legitimate interests (Art. 6(1)(f)). Non‑essential analytics cookies are used only with consent (Art. 6(1)(a)).
  • Displaying precise event locations from EXIF GPS to buyers/editors: Performance of a contract and/or legitimate interests (authenticating reports and enabling discovery).
  • Marketing communications (if any): Consent (you can withdraw at any time).

4. How We Use Your Information

To deliver core features (accounts, uploads, selling content to agencies), provide support, detect misuse (e.g., manipulated/AI content), process payouts, meet tax/legal obligations, and improve the service.

5. Sharing & Recipients

We share data only as needed:

  • Buyers (agencies/companies): access to content and related metadata required to evaluate and license your uploads.
  • Service providers (processors): hosting, storage/CDN, analytics, email, payments, tax/reporting tools—bound by contracts and confidentiality.
  • Authorities: where required by law (e.g., Swedish tax authorities).
  • Business transfers: in a merger, acquisition, or asset sale, subject to GDPR safeguards.

6. International Data Transfers

Personal data is primarily stored in the EU/EEA. Where processors are located outside the EEA (e.g., analytics or email providers), we use appropriate safeguards such as the EU Commission’s Standard Contractual Clauses (SCCs) and implement supplementary measures where necessary.

7. Cookies & Similar Technologies

We use essential cookies for login, security, and preferences. Non‑essential analytics cookies (e.g., Google Analytics) are used only with your consent. You can withdraw or change cookie preferences at any time via our cookie banner/settings. For details, see our Cookie Policy.

8. Data Retention

  • Account data: kept while your account is active; deleted/anonymized after closure unless we must retain it.
  • Uploads/transactions: retained as long as necessary for contractual purposes, disputes, and platform integrity.
  • Payout & tax records: retained to satisfy legal obligations (typically up to 7 years under Swedish bookkeeping/tax rules).
  • Logs & security data: retained for a limited period proportionate to security needs.

9. Your Rights (GDPR)

You have the right to access, rectify, erase, restrict processing, object, and data portability. Where processing is based on consent, you may withdraw consent at any time.

Erasure/Anonymization: You can request account deletion (“be forgotten”). We will anonymize your account and scrub personal data while retaining only non‑identifiable or legally required records (e.g., tax).

How to exercise rights: contact our DPO at qa@pixelgeeks.se. We may need to verify your identity. We aim to respond within 30 days.

Complaint: You can lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

10. Children’s Data

Our service is not intended for children under the age of 16, and we do not knowingly collect personal data from them. If you believe a child has provided personal data, contact us to remove it.

11. Security

All sensitive information is stored as encrypted strings in our databases. We use access controls, encryption in transit and at rest (where applicable), monitoring, and regular backups. No method of transmission or storage is 100% secure, but we work to protect your data using industry‑standard measures.

12. Data Breaches

We assess and respond to suspected personal‑data incidents. Where required by GDPR, we will notify the competent authority and affected users without undue delay.

13. Swedish Tax Compliance

We are required to store payout details (including SSN/Personnummer when applicable) and, where required, report payout information to Swedish authorities. For example, we may need to track payouts exceeding 10,000 SEK to meet reporting obligations.

14. Downloading Your Data

You can download your personal data at any time from your control panel by selecting “Download user data.”

15. Anonymization Option

You may anonymize your account at any time. When you do so, we scrub personal data and deactivate your account, retaining only non‑personal or legally required information (e.g., tax records).

16. Automated Decision‑Making

We do not use automated decision‑making, including profiling, that produces legal or similarly significant effects about you.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated in‑app and by updating the “Effective Date.” Continued use after updates constitutes acceptance.

18. Contact

Questions or concerns? Contact our DPO, Kim Kangas, at qa@pixelgeeks.se.

Updated: Aug. 9, 2025, 1:54 p.m.

>