PRIVACY POLICY

Comprehensive data protection in compliance with GDPR, EU regulations, and Swedish law

Last updated: June 1, 2026
Aligned with GDPR principles

Important Information

This privacy policy is designed to align with the General Data Protection Regulation (GDPR), Swedish Data Protection Act, and other applicable EU regulations. You have specific rights regarding your personal data, and we're committed to protecting your privacy.

Data Controller & Overview

Data Controller

Company: Bromander Global AB

Address: Ringaby 432, 718 92 Frövi, Sweden

Company Reg. No: 559529-7879

VAT No: SE559529787901

Registered for F-tax in Sweden

Contact: support@bromanderglobal.com

Bromander Global AB ("we," "our," or "us") is a Swedish technology holding company registered in Frövi, Sweden. We own and operate digital products including Shinery and Smart Bookkeeping. As the data controller, we determine the purposes and means of processing your personal data.

This Privacy Policy is designed to align with the General Data Protection Regulation (GDPR), the Swedish Data Protection Act (2018:218), and other applicable EU and Swedish regulations. Each of our digital services may have additional specific privacy terms for their respective features.

Data We Collect

We collect personal data in the following categories:

Identity & Contact Information

  • Full name, email address, phone number
  • Company name, job title, professional information
  • Address, postal code, country of residence
  • Account credentials and authentication data

Technical & Usage Data

  • IP address, browser type, device identifiers
  • Operating system, screen resolution, language preferences
  • Website navigation patterns, page views, time spent
  • Referral sources, search terms, click patterns
  • Aggregate, anonymous usage and ad-click statistics, used to measure how our tools and ads perform (we cannot identify you from this data)

Communication & Content

  • Email correspondence, chat messages, support tickets
  • Feedback, surveys, reviews, and testimonials
  • Marketing preferences and communication history

Cookies & Tracking Technologies

  • Essential cookies for website functionality
  • Local storage data for your cookie and language preferences

Special Categories of Data

We do not intentionally collect special categories of personal data (health, racial/ethnic origin, political opinions, religious beliefs, biometric data) unless explicitly required and with your explicit consent.

Payment Information

When you make a purchase, your card details are entered into and processed directly by our payment provider, Stripe, which stores and secures them under the PCI-DSS standard. We never receive or store your full card number on our own systems.

How We Use Your Data

We process your personal data for the following purposes, always based on a valid legal ground:

Service Delivery & Customer Support

  • Providing and maintaining our services
  • Processing transactions and managing accounts
  • Responding to inquiries and providing support
  • Troubleshooting and technical assistance

Service Improvement

  • Improving and maintaining the quality of our services
  • Diagnosing technical issues and fixing bugs

Marketing & Communication

  • Sending product updates and waitlist notifications (with your consent)
  • Responding to event, partnership, or press inquiries

Legal & Security

  • Compliance with legal obligations
  • Fraud prevention and security monitoring
  • Protecting our rights and interests
  • Law enforcement cooperation when required

Data Sharing & Third Parties

We may share your personal data with the following categories of recipients:

Service Providers & Processors

  • Website Hosting: Vercel (website hosting and delivery)
  • Website Analytics: Vercel Web Analytics (cookieless, aggregate statistics only — does not identify individuals)
  • Payments: Stripe (payment processing for our apps and products)
  • Email: Resend (transactional email, EU region)
  • Product Data Hosting: AWS (eu-north-1, Stockholm)
  • Content Delivery & Security: Cloudflare (CDN and DDoS protection)

Legal Requirements

We may disclose your data when required by law, court orders, or to protect our rights, users' safety, or comply with legal processes.

Business Transfers

In case of merger, acquisition, or sale, your data may be transferred as part of the business assets, with continued protection under this privacy policy.

We Do NOT:

  • Sell your personal data to third parties
  • Share data for third-party marketing without consent
  • Transfer data outside EU/EEA without adequate protections
  • Use our analytics to identify you or track you as an individual across other websites

Your Data Protection Rights

Under GDPR and Swedish law, you have the following rights regarding your personal data:

Right of Access (Art. 15)

Request access to your personal data and information about how we process it.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17)

Request deletion of your personal data ('right to be forgotten').

Right to Restrict Processing (Art. 18)

Request limitation of processing in certain circumstances.

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Right to Object (Art. 21)

Object to processing based on legitimate interests or direct marketing.

How to Exercise Your Rights

Email: support@bromanderglobal.com

Response Time: Within 30 days (may be extended to 60 days for complex requests)

We may need to verify your identity before processing your request. If we refuse your request, we'll explain why and inform you of your right to complain to the Swedish Authority for Privacy Protection (IMY).

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

Account Data

Active accounts: Until account deletion + 30 days for backup recovery

Inactive accounts: 3 years from last login, then automatic deletion

Communication Data

Customer support: 7 years (Swedish business record requirements)

Marketing communications: Until consent withdrawal + 30 days

Legal & Financial

Financial records: 7 years (Swedish Bookkeeping Act)

Legal documentation: As required by applicable law

Security Measures

We implement comprehensive technical and organizational measures to protect your personal data:

Technical Safeguards

  • TLS 1.3 encryption for data in transit
  • AES-256 encryption for data at rest
  • Multi-factor authentication (MFA)
  • Regular security reviews
  • Automated threat detection and monitoring
  • Secure cloud infrastructure

Access Controls

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews and audits
  • Secure authentication protocols

Organizational Measures

  • Regular staff training on data protection
  • Incident response and breach procedures
  • Privacy by design and by default
  • Vendor security assessments

Compliance

  • GDPR compliance monitoring
  • Swedish data protection standards
  • Regular compliance audits

Data Breach Response

In the unlikely event of a data breach, we will notify the Swedish Authority for Privacy Protection (IMY) within 72 hours and affected individuals without undue delay, as required by GDPR Article 33-34.

Cookies & Tracking

We use cookies and similar tracking technologies to enhance your browsing experience. You can manage your cookie preferences at any time.

Essential Cookies (Required)

These cookies are necessary for the website to function and cannot be switched off.

  • Authentication and session management
  • Security and fraud prevention
  • Load balancing and performance

Cookie Management

You can control cookies through:

  • Our cookie banner and preference center
  • Browser settings (may affect website functionality)
  • Opt-out links for specific services
  • Contact us at privacy@bromanderglobal.com

Our Digital Services

Bromander Global AB develops and operates these digital services, each with specific privacy considerations:

Shinery

Privacy-first digital wellness platform with local data storage and zero tracking philosophy.

Smart Bookkeeping

Financial management platform with bank-level security and encrypted data processing.

Vividly

Motivation and reminder companion for neurodivergent users, designed with privacy by default.

Contact & Support

For questions about this Privacy Policy, data processing, or to exercise your rights, please contact us:

General Contact

Bromander Global AB

Ringaby 432, 718 92 Frövi, Sweden

support@bromanderglobal.com

Company Reg. No: 559529-7879

VAT No: SE559529787901

Registered for F-tax in Sweden

File a Complaint

If you're unsatisfied with our response, you can file a complaint with:

Swedish Authority for Privacy Protection (IMY)

Website: imy.se

Email: imy@imy.se

Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated via email and prominently displayed on our website. Continued use after changes constitutes acceptance.

Quick Response

We aim to respond to all privacy-related inquiries as soon as reasonably possible, and always within the timeframe required by law (typically 30 days, extendable to 60 days for complex requests).