InsikraINSIKRA

Privacy Policy

Last updated: 11 March 2026

1. Data Controller

Insikra ("we", "us", "our") is the data controller responsible for the processing of your personal data. Insikra is a company registered in Sweden.

Contact:
Insikra
Sweden
Email: [email protected]

2. Types of Personal Data Collected

We collect and process the following categories of personal data:

  • Account information: Name, email address, and profile photo provided during account registration.
  • Organization data: Organization name, settings, and membership information that you create or are associated with.
  • Usage data: Information about how you interact with our platform, including log data, feature usage, and session information.
  • Technical data: IP address, browser type, device information, and operating system.

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

  • Performance of a contract (Art. 6(1)(b)): Processing necessary to provide you with our services, manage your account, and fulfill our contractual obligations.
  • Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for receiving marketing communications or optional analytics.
  • Legitimate interest (Art. 6(1)(f)): Processing necessary for our legitimate interests, including improving our services, ensuring platform security, and preventing fraud.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data: Retained for the duration of your active account. If you request account deletion, your data will be removed within 30 days, except where retention is required by law.
  • Usage and audit logs: Retained for up to 12 months for security and operational purposes.

5. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request that we correct inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): You may request that we delete your personal data, subject to legal obligations.
  • Right to data portability (Art. 20): You may request your data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interest at any time.
  • Right to restrict processing (Art. 18): You may request that we limit the processing of your personal data in certain circumstances.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

6. Cross-Border Data Transfers

Your data is processed and stored using the following service providers:

  • Database and authentication: Supabase, hosted in the EU West (Ireland) region.
  • Backend services: Microsoft Azure, hosted in the Sweden Central region.
  • Web application: Vercel, a US-based company. Requests may be processed through their global network, including servers outside the EEA.

Your personal data (database, account information, audit logs) is stored within the EEA. However, the web application is hosted on Vercel, whose infrastructure may process requests outside the EEA. We are actively evaluating alternatives to ensure full data residency within the EEA.

We use only essential cookies that are strictly necessary for the operation of our platform. These include:

  • Authentication cookies: To keep you signed in and maintain your session.
  • Security cookies: To protect against cross-site request forgery and other security threats.
  • Preference cookies: To remember your theme and language settings.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required as we only use essential cookies that are exempt under the ePrivacy Directive.

8. Contact Information for Data Protection Inquiries

For any questions or concerns regarding data protection or this privacy policy, please contact:

Email: [email protected]

9. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):

Integritetsskyddsmyndigheten (IMY)
Box 8114
104 20 Stockholm
Sweden
Website: www.imy.se
Email: [email protected]

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this page periodically.