Skip to content

In developmentSweChat is in active development — not yet production-ready. Looking for collaboration and sponsorship from Sweden and the Nordic region. Get involved →

Privacy Policy

Last updated: 2026-05-24

SweChat is built around a single principle: your conversations are yours. This policy explains the small amount of data we do process, why we process it, and how to exercise the rights you have under the GDPR and Swedish data protection law.

1. Who we are

SweChat is operated by Nordchat from Sweden. Servers hosting user data are located in Sweden and the Nordic region, under EU jurisdiction. For all privacy matters you can reach us at privacy@swechat.se.

2. Data we process

  • Account data. Phone number, display name, profile photo, and BankID verification status (if you choose to verify). We never store legal names or personal numbers — only a one-way hash to prevent the same identity being attached to multiple accounts.
  • Messages. Stored as end-to-end encrypted ciphertext only. We cannot read your messages, calls, or files. Decryption keys live exclusively on your devices.
  • Device tokens. Required to deliver push notifications and incoming-call rings. Removed when you remove a device or delete your account.
  • Authentication logs. IP address and timestamp of login/logout events, kept for 90 days for abuse and fraud prevention, then automatically purged.
  • Reports and blocks. Kept while the relationship exists, then removed.

3. Legal basis

We process the categories above under the legal bases of contractual necessity (delivering the service you signed up for), legitimate interest (abuse prevention, security), and consent (BankID verification — always optional).

4. Retention

Account data is retained for the lifetime of your account. Ciphertext is retained until you or your conversation partner deletes it. OTP codes used for login live in our cache for at most 5 minutes and are then discarded. Auth logs are purged after 90 days.

5. Third parties

We do not sell data and we do not share it with advertising or analytics brokers. We use an SMS provider to deliver one-time passcodes during sign-in and BankID for optional identity verification. Both process only the minimum data required to do their job.

6. Your rights

  • Right of access, rectification, and erasure
  • Right to restriction and to object to processing
  • Right to data portability
  • Right to lodge a complaint with the Swedish data protection authority (IMY)

Email privacy@swechat.se and we will respond within the statutory one-month window. Account deletion can also be performed from the app at Settings → Account → Delete account.

7. Website

This website does not set advertising or tracking cookies. If analytics is enabled in our production environment it is a privacy-respecting, cookie-free service (Plausible) that records aggregate page views without any personal identifiers. No consent banner is required because no personal data is collected by the site itself.

8. Changes to this policy

We will update the “Last updated” date above whenever this document materially changes. For substantive changes affecting how we process your data we will notify you in-app before the change takes effect.