Hoppa till innehåll

We use cookies

We use cookies to enhance your experience, analyze site traffic, and for marketing purposes. You can manage your preferences below.

Privacy Policy

See also our Terms of Service

Table of Contents

GDPR Compliance

We comply with the EU General Data Protection Regulation (GDPR) and respect your rights under the law.

Your Rights Under GDPR

  • Right to access: You can request a copy of your personal data
  • Right to rectification: You can request correction of inaccurate data
  • Right to erasure: You can request deletion of your data
  • Right to restriction: You can request limited processing of your data
  • Right to data portability: You can receive your data in a structured format
  • Right to object: You can object to processing of your data

What Data We Collect

We collect and process the following types of personal data:

  • Account information: name, email address, company information
  • Sustainability data: emissions figures, energy consumption, environmental reports
  • Usage data: how you interact with our platform
  • Technical data: IP address, browser type, device information
  • Payment information: billing address (payments processed by Stripe)

Legal Basis for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

  • Account information — Contract (Art. 6(1)(b)): necessary to provide and manage your account
  • Sustainability data — Contract (Art. 6(1)(b)): core service functionality for generating VSME reports
  • Usage data — Legitimate interest (Art. 6(1)(f)): improving service quality and user experience
  • Technical data — Legitimate interest (Art. 6(1)(f)): ensuring security, preventing fraud, and maintaining platform stability
  • Payment information — Contract (Art. 6(1)(b)) and Legal obligation (Art. 6(1)(c)): processing payments and complying with tax and accounting requirements

How We Use Your Data

  • Provide and improve our services
  • Communicate with you about your account and updates
  • Comply with legal requirements and regulatory compliance
  • Analyze usage to improve user experience

Data Security

We implement industry-standard security measures to protect your data, including encryption, secure data storage, and regular security audits. All data is stored in EU-based data centers complying with GDPR.

Cookies

We use cookies to enhance your experience. See our Cookie Policy for more information.

View our full Cookie Policy

Third-Party Services

We share data with trusted service providers who help us operate our platform (e.g., Supabase for database, Stripe for payments). All providers are GDPR-compliant.

International Data Transfers

Your data is stored in EU data centers (Frankfurt, Germany and Ireland). Some of our subprocessors (Stripe, Resend) are US-based companies. Where personal data may be accessed from outside the EU/EEA, we ensure adequate protection through EU Standard Contractual Clauses (SCCs) as approved by the European Commission, in accordance with GDPR Article 46(2)(c).

Data Retention

We retain your personal data as long as your account is active or as needed to provide services. You can request deletion of your data at any time.

Data Processing Agreement (DPA)

Future Fluent AB acts as a Data Processor under GDPR Article 28. You (the customer) are the Data Controller determining the purposes and means of processing. This section outlines our commitment to GDPR compliance and your rights.

GDPR Article 28 Compliance

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption: AES-256 at rest, TLS 1.3 in transit
  • Role-based access controls (RBAC) and multi-factor authentication
  • 24/7 security monitoring and intrusion detection
  • Daily automated backups with 30-day retention

Your GDPR Rights

You have the right to request:

  • Access: Obtain confirmation of what personal data we hold
  • Rectification: Correct inaccurate data
  • Erasure: Delete your data (right to be forgotten)
  • Restriction: Limit how we use your data
  • Portability: Export your data in machine-readable format
  • Objection: Oppose certain types of processing

Data Retention Periods

  • Accounting data: 7 years (legal requirement)
  • Emissions reports: 3 years (VSME Standard requirement)
  • User account data: Duration of subscription + 90 days
  • Support logs: 2 years

Data Breach Notification

In the event of a personal data breach:

  • We notify supervisory authorities within 72 hours (GDPR requirement)
  • We notify affected customers within 48 hours via email
  • We provide details on nature, extent, and mitigation measures

Questions about this DPA? Contact hello@vsme-reporter.com

Subprocessors (Third-Party Services)

In accordance with GDPR Article 28(2), we use the following third-party service providers (subprocessors) to deliver our platform. All subprocessors are bound by Data Processing Agreements (DPAs) and comply with GDPR requirements.

Supabase Inc.

Service: Database, Authentication, File Storage

Location: EU (Frankfurt, Germany)

Certification: SOC 2 Type II, ISO 27001

Stripe Inc.

Service: Payment Processing

Location: EU (Ireland)

Certification: PCI DSS Level 1, SOC 2 Type II

Resend Inc.

Service: Email Delivery

Location: EU (Ireland)

Certification: GDPR compliant

Subprocessor Changes

We notify customers 30 days in advance of any new subprocessor additions. You have the right to object to new subprocessors on legitimate grounds (e.g., data protection concerns). If your objection is reasonable and we cannot resolve it, you may terminate your subscription without penalty.

Questions about subprocessors? Contact hello@vsme-reporter.com

Supervisory Authority

You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) if you believe your data protection rights have been violated. IMY can be contacted via imy.se.

Contact Us

For privacy questions or to exercise your GDPR rights, contact us at hello@vsme-reporter.com