Artyflow logoARTYFLOW

    Privacy Policy

    Last updated: 29 July 2025

    This Privacy Policy describes how Artyflow AB ("Artyflow", "we", "our", or "us") collects, uses, and protects the personal data of Clients and Users ("you") when using the Artyflow platform (the "Platform"). We are committed to protecting your privacy and handling your personal data responsibly in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

    1. Who We Are

    Artyflow AB

    Org. no: 559525-4615

    Email: contact@artyflow.com

    Website: www.artyflow.com

    Artyflow acts as the data controller when determining the purpose and means of processing your personal data on the Platform.

    2. What Information We Collect

    We may collect the following types of personal data:

    • Identity Data: Name, email address, company name, role/title
    • Account Data: Login credentials (hashed), user permissions, license allocation
    • Usage Data: Task activity, login timestamps, platform engagement
    • Technical Data: Device type, operating system, browser type, IP address
    • Support Data: Communication with customer support, feedback, bug reports

    We do not collect or process sensitive personal data (e.g. health data, political views).

    3. How We Use Your Data

    We process personal data to:

    • Provide access to and functionality within the Platform
    • Notify you of tasks, updates, or account activity
    • Personalize features and recommendations
    • Improve the Platform through analytics and feedback
    • Respond to support inquiries and troubleshoot issues
    • Comply with legal obligations

    We do not sell or share your personal data with third parties for marketing purposes.

    4. Legal Basis for Processing

    We rely on the following legal bases:

    • Contractual necessity: To provide the Platform to you or your organization
    • Legitimate interests: To improve, maintain, and secure our Platform
    • Consent: For cookies and optional analytics (where applicable)
    • Legal obligation: When required by law (e.g. accounting or fraud prevention)

    5. Data Sharing

    We may share data with trusted service providers (e.g. Supabase, Expo, hosting providers, analytics tools) who process data on our behalf. These providers are contractually bound to comply with GDPR.

    6. Data Retention

    We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

    • Data related to active user accounts is retained throughout the subscription period.
    • Inactive or deleted accounts are anonymized or deleted within 90 days unless otherwise agreed.
    • When a Client's data is deleted, all Users linked exclusively to that Client will also be deleted. However, if a User is associated with multiple Clients, only the data related to the terminated Client will be deleted; data linked to other active Clients will remain unaffected.

    7. International Transfers

    If personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or transfers to countries deemed adequate by the European Commission.

    8. Your Rights

    Under GDPR, you have the right to:

    • Access your personal data
    • Correct inaccurate data
    • Request deletion of your data
    • Restrict or object to processing
    • Data portability
    • Withdraw consent (where applicable)

    To exercise your rights, contact us at legal@artyflow.com. We will respond within 30 work days.

    9. Cookies & Analytics

    Artyflow uses strictly necessary cookies to operate the Platform and optional analytics cookies only with your explicit consent. Necessary cookies are required for core website functionality and cannot be disabled.

    Analytics cookies are activated only after you provide consent via the cookie banner. You may refuse non-essential cookies or withdraw your consent at any time through the cookie settings available on our website.

    Google Analytics & Google Tag Manager

    We use Google Tag Manager (GTM) to manage website scripts and Google Analytics 4 (GA4) to collect pseudonymized usage data about how visitors interact with our website.

    This may include information such as:

    • Pages visited
    • Time spent on the site
    • Referring sources
    • Device and browser type
    • General geographic location (country or city level)

    Google Analytics uses cookies and similar technologies to collect this information. No Google Analytics tracking is activated unless you accept non-essential cookies in the cookie banner. If you reject non-essential cookies in the cookie banner, no Google Analytics tracking will take place.

    Data collected through Google Analytics is processed by Google LLC. This may involve transfers of personal data outside the EU/EEA. Where such transfers occur, appropriate safeguards are implemented, including Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms.

    We have configured Google Analytics 4 to minimize data collection, including IP anonymization and limited data retention settings.

    For more information about how Google processes personal data, please refer to Google's Privacy Policy.

    10. Data Security

    We implement appropriate technical and organizational security measures including:

    • Encrypted connections (SSL/TLS)
    • Role-based access control
    • Secure authentication and session handling
    • Regular monitoring and backups

    11. Contact

    If you have questions, requests, or concerns about this Privacy Policy or how we handle your data, contact:

    Artyflow AB

    Email: contact@artyflow.com

    12. Updates to This Policy

    We may update this Privacy Policy from time to time. Changes will be published on our website, and where appropriate, notified to you via email or through the Platform.