Privacy Policy

Silverpine Solutions AB is the data controller for the personal data processed through our service.

• Organization Number: 559519-4019
• Email: privacy@taxflow.se
• Data Protection Officer: dpo@taxflow.se
• Address: [Company Address]

2.1. Essential Data:

• Full name
• Email address
• Personal identification number (personnummer)
• Authentication credentials

2.2. Financial Data:

• Trading history and transactions
• Account balances and positions
• Tax-related information
• Payment information (processed by Stripe)

2.3. Technical Data:

• IP addresses and device information
• Browser type and settings
• Operating system information
• Usage patterns and preferences

2.4. Communication Data:

• Support conversations
• Feedback and survey responses
• Service-related notifications

3.1. Service Provision (Article 6(1)(b) GDPR):

• Account creation and management
• Processing of trading data
• Generation of tax reports
• Customer support

3.2. Legal Obligations (Article 6(1)(c) GDPR):

• Tax reporting requirements
• Financial record keeping
• Regulatory compliance

3.3. Legitimate Interests (Article 6(1)(f) GDPR):

• Service improvement and development
• Security and fraud prevention
• Analytics and statistics

4.1. Technical Measures:

• End-to-end encryption (TLS 1.3)
• Multi-factor authentication
• Regular security audits
• Automated threat detection

4.2. Organizational Measures:

• Staff training and awareness
• Access control policies
• Data protection impact assessments
• Incident response procedures

5.1. Service Providers:

• Clerk (Authentication)
• Stripe (Payment Processing)
• MongoDB Atlas (Database)
• AWS (Cloud Infrastructure)

5.2. Legal Requirements:

• Tax authorities when required
• Law enforcement upon valid request
• Regulatory bodies as mandated

6.1. Retention Periods:

• Account data: Duration of service plus 12 months
• Financial records: 7 years (Bokföringslagen)
• Technical logs: 12 months
• Communication records: 24 months

6.2. Data Deletion:

• Automated deletion after retention period
• Manual deletion upon request
• Secure erasure procedures

Under GDPR, you have the following rights:

• Access (Article 15)
• Rectification (Article 16)
• Erasure (Article 17)
• Restriction (Article 18)
• Data Portability (Article 20)
• Objection (Article 21)

To exercise these rights:

• Email: privacy@taxflow.se
• Response within 30 days
• Identity verification required
• No fee (except for excessive requests)

We process data within the EU/EEA. If any transfer outside occurs, we ensure:

• Adequate safeguards
• Standard contractual clauses
• Privacy Shield compliance
• Regular transfer impact assessments

9.1. Essential Cookies:

• Authentication status
• Security tokens
• Session management

9.2. Optional Cookies (require consent):

• Analytics (anonymized)
• Preference storage
• Performance monitoring

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• Notify users of material changes
• Provide 30 days notice for significant updates
• Maintain policy version history
• Obtain new consent when required