Privacy policy
Last updated: 2026-06-01
Before production: Configure LEGAL_* environment variables so contact details in sections 2–3 are complete. Sections referencing the data model reflect tables installed via InstallDb.php.
1. Introduction
This privacy policy describes how ArcWind AB processes personal data when you use our websites, applications and APIs.
We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Swedish legislation.
If you are aged 9–12
You may use the service from age 9, but a parent or legal guardian must first approve the account through their own email address. We use your date of birth to apply the right protections. We do not send you marketing, load PostHog while you are signed in, or show automatic push onboarding. You or your guardian can contact hello@arcwind.se with questions or to request correction, withdraw consent or delete the account. Never enter someone else's email address without permission.
2. Data controller
Organisation: ArcWind AB
Organisation number: 559287-4894
Address: ArcWind AB, Box 152, 116 74 Stockholm, Sweden
Email: hello@arcwind.se
Phone: +46 8 - 121 486 70
3. Contact and data protection
Privacy enquiries:
hello@arcwind.se
Data protection officer (if applicable):
4. Categories of personal data (data model)
Identity and account data (users)
- Name
- Username
- Email address
- Alternative usernames and email addresses
- Alternative phone numbers
- Verification status, hashed verification tokens and expiry times for alternative email addresses
- Phone number (optional)
- Date of birth (required for self-service signup for age assurance)
- Password (hashed only)
- MFA settings and metadata (TOTP secret stored encrypted)
- Roles and permissions
- Administrative labels
- Internal administrator comments about the account
- Last sign-in time
Parent or guardian consent (guardian_consents)
- For users aged 9–12: the parent or legal guardian's email address
- Time of verified consent to the terms and necessary personal data processing
- Verification method and any withdrawal time
- The one-time code is only stored as a hash in the short-lived signup session and is not retained in the consent record
Session and security data (user_sessions, audit_logs)
- IP address
- Browser / user agent
- Session timestamps (created, last activity, revoked)
- Audit log entries (action, time, actor)
Session secrets (session_id) are stored internally for operations but are never included in data exports.
Authentication data (auth_otps, mfa_recovery_codes)
- OTP codes (hashed) for email/SMS sign-in and account creation
- MFA recovery codes (hashed)
Email preferences (email_preferences)
- Email address
- Marketing consent and unsubscribe token
Orbit Life and Hub data (orbit_lives, orbit_hubs, orbit_hub_memberships, orbit_sharing_scopes)
- Life profile linked to the user account
- Display name, language, timezone and accessibility profile for the Life
- Hubs the user creates or participates in
- Hub name, Hub type and membership role/status
- Sharing settings that define which information categories a Life shares to a Hub
- Fingerprint/hash for external sources when a sharing scope needs to reference a calendar, task list or other resource
Messaging and call metadata
- Delivery status for outbound email/SMS/push when those channels are used
- Incoming SMS/MMS via 46 Elks may be stored for administrative follow-up with message text, from/to numbers and image links for MMS
- Incoming calls via 46 Elks may create call logs with call id and from/to numbers; audit logs use short fingerprints instead of raw numbers
News and press content (news_items)
- Public article metadata, publication dates and language variants
- Optional author reference to a user account
- Audit references to the administrator who created or last updated the article
- Optional publication notification sent through the existing notification preference system
Cookie and preference data (browser)
- Cookie choices and consent version
- Language, theme and font size (after preferences consent)
- Limited anonymous page-view statistics via PostHog (in-memory, before analytics consent)
- Full analytics via PostHog (after analytics consent)
- Push subscription via OneSignal (browser notification permission and choices under
/me; not tied to marketing cookies)
- Security verification via Cloudflare Turnstile during sign-in and account creation when enabled
See the cookie policy for details.
5. Purposes and legal basis
| Purpose |
Legal basis |
| Provide the service |
Contract |
| Account and access management |
Contract |
| Orbit Life, Hub and sharing features |
Contract |
| Age assurance and guardian consent for users aged 9–12 |
Contract, parent or guardian consent and legal obligation |
| Information security and audit |
Legitimate interest / Legal obligation |
| Operations, monitoring and troubleshooting |
Legitimate interest |
| Limited anonymous web analytics (PostHog, in-memory) |
Legitimate interest |
| Extended analytics and product statistics (PostHog) |
Consent |
| Push notifications (OneSignal) |
Consent (browser notification permission) |
| Marketing email |
Consent |
| Incoming SMS/MMS follow-up (46 Elks) |
Legitimate interest / Contract where enabled |
| Incoming call control (46 Elks) |
Legitimate interest / Contract |
6. Logging and security
To maintain security, stability and traceability we may record:
- Application logs
- API logs
- Security and audit logs (
audit_logs)
Logs may include timestamps, IP addresses, user identifiers and technical error messages — not raw session IDs in exports or audit detail fields.
PHP and JavaScript errors may be sent to PostHog for operations and incident response regardless of cookie choices. A stack trace is always sent. Without analytics consent it is sanitized and other technical properties are anonymized; with consent, the error message, full stack trace, user agent and IP address may be included. Server errors may also be sent to MQTT under the organization's logging procedures.
For repeated production errors, the error message, file and line number may be sent to OneUptime regardless of cookie choices. These details are shown only internally in private alerts or internal incident notes. A public status page may show a generic incident description without error details.
Cloudflare Turnstile may be used during sign-in and account creation to distinguish legitimate users from automated abuse. When enabled, the verification token and technical data such as IP address are sent to Cloudflare for security verification.
7. Analytics and statistics
PostHog is not loaded for signed-in users aged 9–12. Marketing channels and automatic push onboarding are also disabled for these accounts.
PostHog may operate at two levels:
Before analytics consent: the SDK may load with in-memory persistence (memory) and pseudonymous $pageview events without a persistent profile or identifying cookies. The distinct id is derived from date and page path — not from account or email.
After analytics consent: full PostHog analytics with persistent storage (cookies/localStorage), $identify on sign-in and extended event properties as described in the cookie policy.
Data is stored in the configured PostHog instance (see the cookie policy for retention).
8. Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects for users.
9. Recipients of data
Personal data may be shared with:
- Hosting and operations providers
- Email provider (SMTP)
- 46 Elks (SMS and incoming call control when enabled)
- Cloudflare Turnstile (sign-in and account creation security verification)
- PostHog (analytics — in-memory before consent; full profile after analytics consent)
- OneSignal (push, after browser notification permission)
- Authorities when required by law
10. Data processors
When external providers process personal data on our behalf, data processing agreements are entered into.
11. Transfers outside the EU/EEA
When data is transferred outside the EU/EEA, appropriate safeguards are used such as the EU Commission's Standard Contractual Clauses (SCC) or adequacy decisions.
12. Retention periods
Normal retention periods according to current service configuration (RETENTION_*) are listed below.
| Data type |
Normal retention |
| Account |
While the account is active |
| Parent or guardian consent |
While the child's account is active or until consent is withdrawn and the account has been handled |
| Orbit Life, Hub membership and sharing scope data |
While the account, Life or Hub is active |
| OTP codes (sign-in) |
7 days |
| Used MFA recovery codes |
90 days |
| Audit logs |
365 days |
| Incoming SMS/MMS |
30 days |
| Revoked sessions |
90 days |
| Inactive sessions (auto-revoked after absolute timeout) |
90 days after revocation |
| Rate-limit data (files) |
7 days |
| Application logs (files) |
30 days |
After account deletion the user record is anonymized so audit logs retain traceability without remaining identifiable personal data.
13. Your rights
Under GDPR you have the right to access, rectification, erasure, restriction, objection, data portability and to withdraw consent.
Self-service (signed-in user on /me)
| Right |
How it is handled in the service |
| Access / portability |
Export JSON via Export my data |
| Rectification |
Update name, primary phone and alternative identifiers in your profile; date of birth is corrected manually after verification |
| Erasure |
Delete my account (anonymizes the account and removes identifiable data) |
| Consent |
Cookie settings in the footer or on /cookies |
Manual handling
For rights requiring manual review — e.g. restriction of processing, objection, correction of email/username, or questions about audit logs — contact:
hello@arcwind.se
We respond within one month under GDPR unless an extension is communicated.
14. Complaints
You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).
https://www.imy.se
15. Security measures
We use measures including:
- Encryption
- Access control and MFA
- Logging and audit
- Backups
- Security updates
16. Changes
The latest version is always published on our website.
17. Contact
ArcWind AB
ArcWind AB, Box 152, 116 74 Stockholm, Sweden
hello@arcwind.se
+46 8 - 121 486 70