Skip to main content

Privacy policy

How we process personal data. For cookies and consent, see the cookie policy.

Privacy policy

Last updated: 2026-06-01

Before production: Configure LEGAL_* environment variables so contact details in sections 2–3 are complete. Sections referencing the data model reflect tables installed via InstallDb.php.

1. Introduction

This privacy policy describes how ArcWind AB processes personal data when you use our websites, applications and APIs.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Swedish legislation.

If you are aged 9–12

You may use the service from age 9, but a parent or legal guardian must first approve the account through their own email address. We use your date of birth to apply the right protections. We do not send you marketing, load PostHog while you are signed in, or show automatic push onboarding. You or your guardian can contact hello@arcwind.se with questions or to request correction, withdraw consent or delete the account. Never enter someone else's email address without permission.

2. Data controller

Organisation: ArcWind AB Organisation number: 559287-4894 Address: ArcWind AB, Box 152, 116 74 Stockholm, Sweden Email: hello@arcwind.se Phone: +46 8 - 121 486 70

3. Contact and data protection

Privacy enquiries: hello@arcwind.se

Data protection officer (if applicable):

4. Categories of personal data (data model)

Identity and account data (users)

  • Name
  • Username
  • Email address
  • Alternative usernames and email addresses
  • Alternative phone numbers
  • Verification status, hashed verification tokens and expiry times for alternative email addresses
  • Phone number (optional)
  • Date of birth (required for self-service signup for age assurance)
  • Password (hashed only)
  • MFA settings and metadata (TOTP secret stored encrypted)
  • Roles and permissions
  • Administrative labels
  • Internal administrator comments about the account
  • Last sign-in time

Parent or guardian consent (guardian_consents)

  • For users aged 9–12: the parent or legal guardian's email address
  • Time of verified consent to the terms and necessary personal data processing
  • Verification method and any withdrawal time
  • The one-time code is only stored as a hash in the short-lived signup session and is not retained in the consent record

Session and security data (user_sessions, audit_logs)

  • IP address
  • Browser / user agent
  • Session timestamps (created, last activity, revoked)
  • Audit log entries (action, time, actor)

Session secrets (session_id) are stored internally for operations but are never included in data exports.

Authentication data (auth_otps, mfa_recovery_codes)

  • OTP codes (hashed) for email/SMS sign-in and account creation
  • MFA recovery codes (hashed)

Email preferences (email_preferences)

  • Email address
  • Marketing consent and unsubscribe token

Orbit Life and Hub data (orbit_lives, orbit_hubs, orbit_hub_memberships, orbit_sharing_scopes)

  • Life profile linked to the user account
  • Display name, language, timezone and accessibility profile for the Life
  • Hubs the user creates or participates in
  • Hub name, Hub type and membership role/status
  • Sharing settings that define which information categories a Life shares to a Hub
  • Fingerprint/hash for external sources when a sharing scope needs to reference a calendar, task list or other resource

Messaging and call metadata

  • Delivery status for outbound email/SMS/push when those channels are used
  • Incoming SMS/MMS via 46 Elks may be stored for administrative follow-up with message text, from/to numbers and image links for MMS
  • Incoming calls via 46 Elks may create call logs with call id and from/to numbers; audit logs use short fingerprints instead of raw numbers

News and press content (news_items)

  • Public article metadata, publication dates and language variants
  • Optional author reference to a user account
  • Audit references to the administrator who created or last updated the article
  • Optional publication notification sent through the existing notification preference system

Cookie and preference data (browser)

  • Cookie choices and consent version
  • Language, theme and font size (after preferences consent)
  • Limited anonymous page-view statistics via PostHog (in-memory, before analytics consent)
  • Full analytics via PostHog (after analytics consent)
  • Push subscription via OneSignal (browser notification permission and choices under /me; not tied to marketing cookies)
  • Security verification via Cloudflare Turnstile during sign-in and account creation when enabled

See the cookie policy for details.

5. Purposes and legal basis

Purpose Legal basis
Provide the service Contract
Account and access management Contract
Orbit Life, Hub and sharing features Contract
Age assurance and guardian consent for users aged 9–12 Contract, parent or guardian consent and legal obligation
Information security and audit Legitimate interest / Legal obligation
Operations, monitoring and troubleshooting Legitimate interest
Limited anonymous web analytics (PostHog, in-memory) Legitimate interest
Extended analytics and product statistics (PostHog) Consent
Push notifications (OneSignal) Consent (browser notification permission)
Marketing email Consent
Incoming SMS/MMS follow-up (46 Elks) Legitimate interest / Contract where enabled
Incoming call control (46 Elks) Legitimate interest / Contract

6. Logging and security

To maintain security, stability and traceability we may record:

  • Application logs
  • API logs
  • Security and audit logs (audit_logs)

Logs may include timestamps, IP addresses, user identifiers and technical error messages — not raw session IDs in exports or audit detail fields.

PHP and JavaScript errors may be sent to PostHog for operations and incident response regardless of cookie choices. A stack trace is always sent. Without analytics consent it is sanitized and other technical properties are anonymized; with consent, the error message, full stack trace, user agent and IP address may be included. Server errors may also be sent to MQTT under the organization's logging procedures.

For repeated production errors, the error message, file and line number may be sent to OneUptime regardless of cookie choices. These details are shown only internally in private alerts or internal incident notes. A public status page may show a generic incident description without error details.

Cloudflare Turnstile may be used during sign-in and account creation to distinguish legitimate users from automated abuse. When enabled, the verification token and technical data such as IP address are sent to Cloudflare for security verification.

7. Analytics and statistics

PostHog is not loaded for signed-in users aged 9–12. Marketing channels and automatic push onboarding are also disabled for these accounts.

PostHog may operate at two levels:

Before analytics consent: the SDK may load with in-memory persistence (memory) and pseudonymous $pageview events without a persistent profile or identifying cookies. The distinct id is derived from date and page path — not from account or email.

After analytics consent: full PostHog analytics with persistent storage (cookies/localStorage), $identify on sign-in and extended event properties as described in the cookie policy.

Data is stored in the configured PostHog instance (see the cookie policy for retention).

8. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects for users.

9. Recipients of data

Personal data may be shared with:

  • Hosting and operations providers
  • Email provider (SMTP)
  • 46 Elks (SMS and incoming call control when enabled)
  • Cloudflare Turnstile (sign-in and account creation security verification)
  • PostHog (analytics — in-memory before consent; full profile after analytics consent)
  • OneSignal (push, after browser notification permission)
  • Authorities when required by law

10. Data processors

When external providers process personal data on our behalf, data processing agreements are entered into.

11. Transfers outside the EU/EEA

When data is transferred outside the EU/EEA, appropriate safeguards are used such as the EU Commission's Standard Contractual Clauses (SCC) or adequacy decisions.

12. Retention periods

Normal retention periods according to current service configuration (RETENTION_*) are listed below.

Data type Normal retention
Account While the account is active
Parent or guardian consent While the child's account is active or until consent is withdrawn and the account has been handled
Orbit Life, Hub membership and sharing scope data While the account, Life or Hub is active
OTP codes (sign-in) 7 days
Used MFA recovery codes 90 days
Audit logs 365 days
Incoming SMS/MMS 30 days
Revoked sessions 90 days
Inactive sessions (auto-revoked after absolute timeout) 90 days after revocation
Rate-limit data (files) 7 days
Application logs (files) 30 days

After account deletion the user record is anonymized so audit logs retain traceability without remaining identifiable personal data.

13. Your rights

Under GDPR you have the right to access, rectification, erasure, restriction, objection, data portability and to withdraw consent.

Self-service (signed-in user on /me)

Right How it is handled in the service
Access / portability Export JSON via Export my data
Rectification Update name, primary phone and alternative identifiers in your profile; date of birth is corrected manually after verification
Erasure Delete my account (anonymizes the account and removes identifiable data)
Consent Cookie settings in the footer or on /cookies

Manual handling

For rights requiring manual review — e.g. restriction of processing, objection, correction of email/username, or questions about audit logs — contact:

hello@arcwind.se

We respond within one month under GDPR unless an extension is communicated.

14. Complaints

You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

https://www.imy.se

15. Security measures

We use measures including:

  • Encryption
  • Access control and MFA
  • Logging and audit
  • Backups
  • Security updates

16. Changes

The latest version is always published on our website.

17. Contact

ArcWind AB ArcWind AB, Box 152, 116 74 Stockholm, Sweden hello@arcwind.se +46 8 - 121 486 70

{
    "csrf_token": "[redacted]"
}
{
    "PHPSESSID": "[redacted]"
}