Privacy Policy

1. Introduction

Vakteye AB (“Vakteye,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our compliance scanning platform and related services.

We process personal data in accordance with the General Data Protection Regulation (GDPR) and Swedish data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Information You Provide

• Account information (name, email, company name)
• Payment information (processed by Stripe)
• Website URLs you submit for scanning
• Communications with our support team

3.2 Information Collected Automatically

• Log data (IP address, browser type, pages visited)
• Device information
• Usage data and analytics

3.3 Scan Data

When scanning websites, we collect publicly available information from the target URLs including cookies, scripts, headers, and page content. This data is processed to generate compliance reports.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: To provide our services to you
• Legitimate Interest: To improve our services and prevent fraud
• Legal Obligation: To comply with applicable laws
• Consent: Where you have given explicit consent

5. How We Use Your Information

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments and questions
• Analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

• Service Providers: Stripe (payments), Supabase (infrastructure), Vercel (hosting)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger or acquisition

7. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfill the purposes described in this policy. Scan results are retained for 90 days unless you request earlier deletion. Account data is retained until you close your account.

8. Your Rights

Under GDPR, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data
• Restriction: Request limitation of processing
• Portability: Receive your data in a portable format
• Objection: Object to certain types of processing

To exercise these rights, contact us at privacy@vakteye.com.

9. International Transfers

Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

10. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, and regular security assessments.

11. Cookies

We use cookies and similar technologies. For more information, please see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: