Last updated: March 2, 2026
Eyevinn Technology AB ("we", "us", or "our") operates the Open Source Cloud platform at osaas.io. This privacy policy explains how we collect, use, disclose, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Eyevinn Technology AB
Organization number: 559035-0847
Address: Vasagatan 52, 111 20 Stockholm, Sweden
Email: info@eyevinn.se
Website: www.osaas.io
Name, email address, username, profile information (authentication via passwordless methods: passkey, OAuth, or email verification)
Application configurations, service instances, deployment settings, API tokens
Service usage metrics, resource consumption, access logs, analytics data (collected via Umami Analytics - privacy-focused, GDPR-compliant)
Support tickets, chat logs, email correspondence (via Freescout)
Payment data processed by PayPal (we do not store credit card details directly)
Contract Performance: Processing necessary to provide services you have requested
Consent: For marketing communications and optional analytics
Legitimate Interests: Fraud prevention, security, service improvement
Legal Obligation: Compliance with tax, accounting, and regulatory requirements
To deliver our services, we work with the following third-party providers. Where they process personal data on our behalf, we have entered into Data Processing Agreements (DPAs) in accordance with GDPR Article 28. Where they act as independent data controllers, their own privacy policies govern the use of your data.
Purpose: Hosting, infrastructure, storage
Role: Data Processor
Data Residency: Stockholm region (Sweden - EU)
Safeguards: GDPR-compliant Data Processing Agreement (DPA)
Purpose: Payment processing
Role: Independent Data Controller
Note: When you make a payment, PayPal processes your payment data under their own privacy policy and as an independent data controller. We do not receive or store your full payment details.
Safeguards: Standard Contractual Clauses (SCCs), PCI DSS certified
PayPal Privacy Policy
Purpose: OAuth authentication, repository integration
Role: Data Processor (for OAuth authentication); Independent Data Controller (for any data processed under GitHub's own terms)
Safeguards: Standard Contractual Clauses (SCCs)
GitHub Privacy Statement
Purpose: Privacy-focused website analytics
Role: Data Processor
Data Residency: Hosted on OSC platform (Stockholm, Sweden - EU)
Note: Umami does not use cookies, does not track individuals across sites, and does not collect personal data. Analytics data is anonymised by design.
Purpose: Customer support ticket management
Role: Data Processor
Data Residency: Hosted on OSC platform (Stockholm, Sweden - EU)
Safeguards: GDPR-compliant Data Processing Agreement (DPA) in place
A current list of our sub-processors is available on request by contacting privacy@eyevinn.se. We will notify enterprise customers of any intended changes to our sub-processors in accordance with their Data Processing Agreements.
Your personal data is primarily stored within the EU (Stockholm, Sweden). Where data is transferred to providers outside the EU β specifically PayPal and GitHub β we ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) as approved by the European Commission, in accordance with GDPR Article 46.
Right of Access (Article 15): Request a copy of your personal data
Right to Rectification (Article 16): Correct inaccurate data
Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
Right to Object (Article 21): Object to certain processing activities
Right to Restriction (Article 18): Request restriction of processing
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise your rights, contact us at privacy@eyevinn.se. We will respond within 30 days.
We implement industry-standard security measures to protect your data:
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with GDPR Article 34. We will also notify the Swedish Authority for Privacy Protection (IMY) within 72 hours as required by Article 33.
Active Accounts: Data retained while your account is active
Closed Accounts: Personal data deleted within 90 days of account closure
Legal Requirements: Billing and transaction records retained for 7 years (Swedish accounting law)
Analytics: Anonymized usage statistics may be retained indefinitely
Under Swedish law (the Electronic Communications Act / LEK) and the EU ePrivacy Directive, prior consent is required before placing non-essential cookies on your device. Below we describe the cookies and tracking technologies used on our platform.
These cookies are essential for the platform to function and cannot be switched off. No consent is required for these cookies.
| Cookie | Purpose | Duration |
|---|---|---|
| Session token | Keeps you logged in | Session |
| Auth token | Passwordless authentication | 30 days |
We use Umami Analytics to understand how our platform is used. Umami is privacy-focused: it does not use cookies, does not track you across other websites, and does not collect personal data. Because no cookies or personal data are involved, your consent is not required for this analytics tool.
When you first visit our platform, you will be shown a cookie notice that allows you to accept or decline any non-essential cookies. You can change your preferences at any time by clicking the "Cookie Settings" link in the footer of our website. You may also control cookies through your browser settings.
Your data is primarily stored in Akamai Cloud Compute (Stockholm, Sweden) within the EU. When data is transferred to third parties outside the EU (PayPal, GitHub), we ensure appropriate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission.
Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at privacy@eyevinn.se.
We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you in advance of material changes and give you the opportunity to review them before they take effect.
For privacy-related inquiries, data subject requests, or security concerns:
Privacy contact: privacy@eyevinn.se
General inquiries: info@eyevinn.se
Address: Eyevinn Technology AB, Vasagatan 52, 111 20 Stockholm, Sweden
Under GDPR Article 37, Eyevinn Technology AB is not required to appoint a Data Protection Officer given the nature and scale of our data processing activities. For all privacy-related inquiries, please contact us at privacy@eyevinn.se.
If you believe we have violated your data protection rights, you have the right to lodge a complaint with:
Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY)
Website: www.imy.se
Email: imy@imy.se
Enterprise customers requiring a Data Processing Agreement (DPA) for GDPR Article 28 compliance should contact privacy@eyevinn.se to request our standard DPA template. The DPA includes provisions for sub-processors, security measures, data breach notification, and audit rights.
Note: This privacy policy has been prepared to comply with GDPR requirements. For the most current information about our data practices, please contact privacy@eyevinn.se.