Privacy Policy
Last updated 2026-07-06
Jämna ("we", "us", "the service") is a bill-splitting application operated for personal use.
This policy explains what data we collect, why we collect it, and how we protect it.
1. Who we are
Jämna is self-hosted by the operator at jamna.myhrmans.com. Servers are located
in Sweden. For privacy questions, contact privacy@myhrmans.com.
2. What we collect
- Account: your email address (used for sign-in via magic-link or via Google
/ Apple sign-in if you choose that), your display name, and optionally your Swedish mobile
number (used only to pre-fill the recipient when a friend pays you back via Swish).
- Groups and friends: the groups you create or join, who is a member, who is
a friend.
- Expenses and settlements: the amounts, titles, dates, categories, and
per-person split that you record yourself.
- Profile photo (optional): if you set a profile picture, we store the image
so your friends and group members can recognise you. You can change or remove it any time in
Settings; it is deleted when you delete your account.
- Receipts (beta receipt scanning): if you scan a receipt, the photo is sent
to our own OCR service (self-hosted, not a third party) to extract the merchant, date, line
items, and total. The photo is attached to the expense you create so group members can view
it, and is deleted with the expense; the extracted details are saved with the expense.
- Push notifications (Android): when you are signed in on the Android app, we
register a Firebase Cloud Messaging (FCM) device token so we can notify you about activity in
your groups (for example, when someone adds an expense or settles up). The token is a device
identifier and is shared with Google to route the notification to your device. You can turn
group notifications off in Settings, and the token is deleted when you delete your account.
- Session cookies: a long-lived HTTP-only cookie containing a hashed session
token so you stay signed in.
We do not collect location data, analytics, or advertising / cross-app tracking identifiers.
The only device identifier we store is the push-notification token described above, and only on
Android.
3. Why we collect it
All of the data above is collected solely to provide the service you signed up for: splitting
bills with friends, calculating balances, suggesting settlements.
4. Third parties
- Google (Firebase Cloud Messaging): on Android, we use Google's Firebase
Cloud Messaging to deliver push notifications. Your FCM device token is shared with Google
so it can route notifications to your device. No expense amounts or personal content are put
in the notification payload beyond a short summary (e.g. "Someone added an expense"). See Firebase's privacy and security.
- One.com (Copenhagen, Denmark) handles outgoing email for our magic-link sign-in.
Your email address is forwarded to them for the duration of delivering the sign-in message.
- Google Ireland Limited (Dublin, Ireland) and Apple Distribution International Limited (Cork, Ireland) are used only if you choose Sign in with Google / Apple. They verify
your identity and return your email + display name to us. If you sign in with the email magic
link instead, no data is shared with Google or Apple.
5. How we protect data
- All traffic to and from
jamna.myhrmans.com is encrypted with TLS. - Uploaded images (profile photos and receipt scans) are stored as private objects in the
operator's self-hosted object storage on the same private network, and are served only to
authenticated members of the relevant group.
- Session cookies are HTTP-only, secure, and SameSite=Lax.
- Database is reachable only on the private network, never exposed to the internet.
6. Retention & account deletion
Your data is kept for as long as your account exists. You can delete your account any time
from Settings → Delete account, or on the web at jamna.myhrmans.com/account/delete. Deleting your account
permanently removes your personal data — name, email, phone, profile photo, sign-in methods,
friendships, push-notification tokens, and reminder history. Expenses and settlements you shared with other people remain in their
groups, anonymised as “Deleted user”, because removing them would corrupt everyone else's
balances.
7. Your rights (GDPR)
Under the EU General Data Protection Regulation and Swedish data protection law, you have the
right to access, correct, export, and delete your data. To exercise any of these rights, email privacy@myhrmans.com.
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection
(IMY) at imy.se.
8. Changes
If we change this policy, the "last updated" date above will change. Material changes will be
communicated in-app on your next sign-in.