Legal

Privacy Policy

Last updated: 1 January 2025

RentelFlow AB (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect information when you use RentelFlow. We comply with the General Data Protection Regulation (GDPR) and Swedish data protection law (Dataskyddslagen).

Data Controller

RentelFlow · Sweden · privacy@rentalflow.se

1. Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, company name, phone number
  • Billing data: Payment method details (processed by Stripe — we do not store card numbers)
  • Usage data: Log files, feature usage, session data
  • Customer data you input: Your customers' names, contact details, and Personnummer/Organisationsnummer stored in your RentelFlow account

2. How We Use Your Data

We use your personal data to:

  • Provide and improve the RentelFlow service
  • Process payments and manage subscriptions
  • Send transactional emails (invoices, booking confirmations, alerts)
  • Provide customer support
  • Comply with legal obligations (Swedish tax law, GDPR)
  • Send product updates and marketing communications (with your consent)

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract performance: Processing necessary to deliver the service you subscribed to
  • Legal obligation: Compliance with Swedish tax and accounting law
  • Legitimate interests: Improving our service, fraud prevention, security
  • Consent: Marketing communications (you can withdraw consent at any time)

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase: Database hosting (EU data centers, SOC 2 certified)
  • Stripe: Payment processing (PCI DSS Level 1 certified)
  • Resend: Transactional email delivery
  • Vercel: Application hosting (EU region)

All sub-processors are bound by data processing agreements compliant with GDPR Article 28.

5. Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Account and usage data is deleted within 30 days
  • Invoice and financial data is retained for 7 years as required by Swedish accounting law (Bokföringslagen)
  • Backups are purged within 90 days

6. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request that we limit processing of your data

To exercise any of these rights, contact us at privacy@rentalflow.se. We will respond within 30 days.

7. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (with your consent) to understand how the service is used. You can manage cookie preferences in your browser settings.

8. Security

We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, regular security audits, and access controls. We will notify you of any data breaches within 72 hours as required by GDPR.

9. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten, IMY) at imy.se.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect.

11. Contact

For privacy-related questions, contact our Data Protection Officer at privacy@rentalflow.se or visit our contact page.

trust.vat
trust.ocr
trust.export
trust.backups
trust.tls
trust.gdpr
RentelFlow — Uthyrningssystem för maskin- och utrustningsuthyrning