Privacy

Privacy Policy

Last updated 2026-05-16

Jämna ("we", "us", "the service") is a bill-splitting application operated for personal use. This policy explains what data we collect, why we collect it, and how we protect it.

1. Who we are

Jämna is self-hosted by the operator at jamna.myhrmans.com. Servers are located in Sweden. For privacy questions, contact privacy@myhrmans.com.

2. What we collect

  • Account: your phone number (used for sign-in via SMS one-time code) and your display name.
  • Groups and friends: the groups you create or join, who is a member, who is a friend.
  • Expenses and settlements: the amounts, titles, dates, categories, and per-person split that you record yourself.
  • Bank connection (optional): if you connect a bank, we store the encrypted EnableBanking session identifier, the account UID, the bank name, the last four digits of the account, and the session expiry date.
  • Bank transactions: we do not store raw bank transactions. They are fetched live from EnableBanking each time you open the Bank inbox and held only in memory for the duration of the request (with a short server-side cache for performance). When you choose to split a transaction or mark it as personal, we store only the opaque transaction reference (no merchant, amount, or date is persisted with it).
  • Session cookies: a long-lived HTTP-only cookie containing a hashed session token so you stay signed in.

We do not collect: device identifiers beyond what your browser sends, location data, analytics or tracking events.

3. Why we collect it

All of the data above is collected solely to provide the service you signed up for: splitting bills with friends, calculating balances, suggesting settlements, and (if you opted in) importing bank transactions.

4. Third parties

  • EnableBanking AB (Helsinki, Finland) is our licensed AISP for PSD2-regulated bank access. They handle authentication with your bank and return transaction data to us on request. We only ever read transactions — Jämna cannot move money. See EnableBanking's privacy notice.
  • 46elks AB (Stockholm, Sweden) sends the SMS one-time codes used to sign you in. The phone number is forwarded to them for the duration of sending the message.

5. How we protect data

  • All traffic to and from jamna.myhrmans.com is encrypted with TLS.
  • Bank session identifiers are encrypted at rest using AES-256-GCM with a key stored only on the application server.
  • Session cookies are HTTP-only, secure, and SameSite=Lax.
  • Database is reachable only on the private network, never exposed to the internet.

6. Retention

Your data is kept for as long as your account exists. When you delete your account, all your data (expenses, groups, friendships, bank connection) is deleted along with it. You can also disconnect your bank at any time from the Bank inbox; doing so deletes the stored session.

7. Your rights (GDPR)

Under the EU General Data Protection Regulation and Swedish data protection law, you have the right to access, correct, export, and delete your data. To exercise any of these rights, email privacy@myhrmans.com.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.

8. Changes

If we change this policy, the "last updated" date above will change. Material changes will be communicated in-app on your next sign-in.