Privacy Policy

Last updated: October 28, 2024

1. Introduction

Welcome to Loheden AI Solutions AB ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application (the "Service"). By accessing or using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, you may not use our Service.

2. Information We Collect

We are committed to the principle of data minimization and only collect personal data that is necessary for the provision of our Service. The types of information we collect include:

2.1 Personal Information

We may collect personal information that you provide to us, such as:

• Name
• Email address
• Payment information
• Company information (if applicable)
• Any other information you choose to provide

Legal Basis: The processing of this data is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR).

2.2 Google Sign-In Information

When you choose to create an account or log in to our Service using Google Sign-In, we may collect additional information from your Google account, including:

• Your Google account email address
• Your Google account ID
• Your Google account profile picture (if available)
• Your name associated with the Google account

Legal Basis: The processing of this data is based on your consent (Article 6(1)(a) GDPR). You can review and manage the permissions granted to our Service through your Google Account settings.

2.3 Usage Data

We may collect information about your interactions with our Service, including:

• IP address
• Browser type and version
• Pages visited and time spent on those pages
• Date and time of your visit
• Referring/exit pages
• Operating system
• Other diagnostic data

Legal Basis: The processing of this data is based on our legitimate interests in improving and securing our Service (Article 6(1)(f) GDPR).

2.4 API Usage Data

When accessing the stock prediction API, we may collect data on usage for monitoring and security, including:

• IP address
• API usage related statistics
• API request logs
• Date and time of requests
• Subscription type

Legal Basis: This data is processed based on our legitimate interests in providing and securing our API (Article 6(1)(f) GDPR).

3. How We Use Your Information

We use the collected information for various purposes, including:

• To provide and maintain our Service
• To process transactions and manage your account
• To improve and personalize our Service
• To communicate with you about Service-related matters
• To provide customer support
• To detect, prevent, and address technical issues
• To comply with legal obligations

4. Data Retention

We will retain your personal information and uploaded content only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

4.1 Account Deletion

You may request the deletion of your account at any time through your account settings. Upon account deletion, we will remove or anonymize most of your personal information from our active databases. However, some information may be retained as outlined below.

4.2 Information Retained After Account Deletion

Even after you delete your account, we may retain certain information for legitimate business purposes or to comply with legal obligations. This includes:

• Payment history and transaction records: We retain these for financial reporting, auditing, and dispute resolution purposes.
• Certain user profile data: We may keep minimal user data necessary for our legitimate business interests, such as preventing fraud or defending against legal claims.
• Aggregated and anonymized data: We may continue to use data in an aggregated and anonymized form for analytical purposes.

We will retain this information only for as long as necessary for the purposes for which we keep it, in accordance with applicable laws and regulations.

4.3 Legal Basis for Retention

The legal basis for this retention under GDPR is:

• Compliance with legal obligations (Article 6(1)(c) of GDPR)
• Our legitimate interests (Article 6(1)(f) of GDPR), which include protecting our business from fraud, maintaining security, and defending against potential legal claims

We have carefully considered and balanced our legitimate interests against your rights and freedoms and believe that retaining this limited information is necessary and proportionate.

5. Sharing Your Information

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

• Payment processing
• Data analysis
• Email delivery
• Hosting services
• Customer service

These service providers are obligated not to use your personal information for any other purpose than to provide services to us. We have Data Processing Agreements in place with all service providers that process personal data on our behalf, ensuring they comply with GDPR and other applicable data protection laws.

5.2 Payment Processing

We use Stripe (https://www.stripe.com/) as our payment processing partner. When you make a purchase, your payment information is collected and processed by Stripe. We do not store your full payment information on our servers. Please review Stripe's privacy policy for more information on how they handle your data.

5.3 Google Sign-In

When you use Google Sign-In to create an account or log in to our Service, we share certain information with Google to facilitate the authentication process. This information exchange is governed by Google's privacy policy. We recommend reviewing Google's privacy policy to understand how they handle your data: https://policies.google.com/privacy

5.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

6. Cookies and Tracking Technologies

We use only essential cookies that are necessary for our website to function properly. These cookies do not collect any personal information and are used solely to provide basic functionality and security features.

6.1 Essential Cookies

Essential cookies are critical for the basic functions of our website. These cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions. Example: sessionid

6.2 No Consent Required

According to the General Data Protection Regulation (GDPR), consent is not required for essential cookies that are strictly necessary for the provision of an information society service explicitly requested by the user. Therefore, we do not ask for your consent to place these essential cookies on your device.

6.3 Managing Cookies

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

7. Data Transfer and Storage

Loheden AI Solutions AB is registered in Sweden, which is a member of the European Union (EU). However, to provide our services efficiently and effectively, we may use cloud service providers with servers located in various countries within and outside the EU.

As of the last update of this policy, we use DigitalOcean as our cloud provider, with servers located in Germany (an EU member state). However, please be aware that:

• We may change our cloud service provider in the future.
• The location of the servers where your data is processed and stored may change.
• Your information may be transferred to --- and maintained on --- computers located outside of your state, province, country, or other governmental jurisdiction.

We are committed to ensuring that your information is protected and handled in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the EU/EEA.

For transfers of data outside the EU/EEA, we use standard contractual clauses approved by the European Commission or other appropriate legal mechanisms to ensure adequate protection of your data. We have appropriate safeguards in place with our cloud providers and other third-party processors to ensure that transfers of personal data to a third country or an international organization are done in accordance with GDPR and other applicable laws.

8. Security of Your Information

The security of your information is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8.1 Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR requirements.

9. Your Data Protection Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal information.

Your rights include:

• The right to access, update, or delete the information we have on you
• The right of rectification - the right to have your information corrected if it is inaccurate or incomplete
• The right to object to our processing of your personal data
• The right of restriction - the right to request that we restrict the processing of your personal information
• The right to data portability - the right to be provided with a copy of your personal data in a structured, machine-readable, and commonly used format (Note: This right only applies to data you have provided to us and that we process based on your consent or for the performance of a contract, and which we process by automated means)
• The right to withdraw consent at any time where we rely on your consent to process your personal information

9.1 How to Submit a Request

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section of this policy. We may need to verify your identity before responding to your request. We will respond to all legitimate requests within one month.

10. Children's Privacy

Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under 18 years of age. If you are a parent or guardian and you are aware that your Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy, our data practices, or you want to exercise your data protection rights, please contact us by sending an email to [email protected]

By using our Service, you acknowledge that you have read, understood, and agreed to this Privacy Policy.