Start Free

Privacy Policy

Protecting Your Personal Data

Learn how we collect, process, and safeguard personal data across FigureFlow's services.

1. Introduction

This Privacy Policy describes how FigureFlow AB ("we," "our," or "us") processes your personal data, including data collected through our website and the provision of our AI-powered financial services, when we are acting as the controller of such personal data, in accordance with the General Data Protection Regulation (GDPR).

FigureFlow AB is a company registered in Sweden with organization number 559426-9499. Our registered office is at Bryggargatan 6c, LGH 1303, 149 41 Nynäshamn, Sweden.

Important Note: This Privacy Policy does not apply when we process your personal data as a processor (within the meaning of Article 28 of the GDPR) when providing our services to business customers who use our platform for professional purposes. The terms for such processing are set out in our Terms and Conditions and separate Data Processing Agreement pursuant to Article 28(3) GDPR.

Our services include:

  • FigureFlow website (figureflow.app and all subdomains)
  • FigureFlow web application and AI-powered financial dashboard
  • Regulatory submission services (including Bolagsverket filings)
  • All related AI-powered financial tools and features

2. Information We Collect

In the course of carrying on our business, including in our direct interactions with you, when providing our AI-powered financial services, and through our website and applications, we collect and receive personal data in different ways and from different sources.

2.1 Customer Management Data

To administer, manage, and cultivate relationships with our customers, we process personal data about you as a customer or potential customer. This includes:

  • Account Information: Name, email address, company details, contact information
  • Authentication Data: Login credentials, security questions, authentication tokens
  • Subscription Data: Payment information, billing history, service plan details
  • Support Communications: Customer service interactions, feedback, and correspondence

2.2 Financial Services Data

In connection with providing our AI-powered financial assistance and regulatory submission services:

  • Financial Records: Accounting data, financial statements, transaction records
  • Business Information: Company registration details, director information, ownership data
  • Regulatory Data: Information required for Bolagsverket submissions and compliance
  • AI Processing Data: Financial patterns, insights, and automated recommendations generated by our AI systems

2.3 Marketing and Communication Data

We process personal data in connection with marketing activities, including courses, events, newsletters, and service communications:

  • Contact Information: Email addresses, communication preferences
  • Engagement Data: Newsletter interactions, event participation, website behavior
  • Marketing Analytics: Campaign effectiveness, user journey tracking

2.4 Business Operations Data

In connection with our internal business operations, we process personal data of owners or employees of our suppliers, customers, and business partners:

  • Professional Contacts: Business contact information, role details
  • Transaction Data: Purchase orders, invoices, payment information
  • Partnership Information: Collaboration details, integration data

2.5 Website and Application Usage Data

When you visit our website and use our cloud-based software, we collect information through cookies and analytics:

  • Technical Data: IP addresses, browser information, device details, session data
  • Usage Analytics: Feature usage, performance metrics, user interactions
  • Security Data: Access logs, security monitoring, fraud prevention data

3. Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

  • Contract Performance: To provide our services and fulfill our contractual obligations
  • Legitimate Interests: To improve our services, ensure security, and conduct business operations
  • Legal Compliance: To comply with applicable laws and regulations
  • Consent: Where you have provided explicit consent for specific processing activities

4. How We Use Your Information

We use your personal data for the following purposes:

  • Providing and maintaining our applications and services
  • Creating and managing your user account
  • Processing transactions and managing subscriptions
  • Communicating with you about our services and updates
  • Providing customer support and technical assistance
  • Improving our services and user experience
  • Ensuring security and preventing fraud
  • Complying with legal obligations
  • Analytics and product development

5. Data Sharing and Disclosure

5.1 Service Providers

We may share your personal data with trusted third-party service providers who assist us in operating our services, including hosting providers, payment processors, and analytics services. All service providers operate under strict data processing agreements and are required to maintain appropriate security measures.

5.2 Legal Requirements

We may disclose your personal data if required by law, court order, or government regulation, or to protect our rights, property, or safety.

5.3 Geographic Processing

Your personal data is processed within the European Union or European Economic Area. Any transfer to third countries requires appropriate safeguards and compliance with applicable data protection laws.

6. Data Security

We implement comprehensive technical and organizational measures to protect your personal data:

6.1 Technical Security

  • Encryption for data transmission and storage
  • Secure authentication and access controls
  • Regular security updates and system monitoring
  • Backup and disaster recovery procedures
  • Network security and intrusion detection

6.2 Organizational Measures

  • Employee training on data protection and security
  • Confidentiality agreements for all staff members
  • Regular security assessments and compliance reviews
  • Incident response and breach notification procedures
  • Access controls and data minimization practices

7. Data Retention

We process your information only as long as necessary to fulfill the purpose of the processing. The following specific retention periods apply:

7.1 Customer Data

  • Active customers: Retained while your account is active and for 3 years after account closure or service termination
  • Financial records: Retained for 7 years from the end of the financial year (Swedish legal requirement)
  • Regulatory submissions: Maintained for audit purposes in accordance with Swedish law
  • Support communications: Retained for 3 years for service improvement and legal compliance

7.2 Financial and Business Data

  • Accounting and bookkeeping data: Current year + 7 years (Swedish Bookkeeping Act requirement)
  • Regulatory submission records: 7 years from submission date for compliance purposes
  • AI-generated insights: Retained with underlying financial data for the same periods
  • Audit trails: Maintained for 7 years for regulatory compliance

7.3 Marketing and Communication Data

  • Newsletter subscribers: Up to 6 months after unsubscription
  • Event participants: Up to 1 year after event completion
  • Marketing analytics: Aggregated data retained for service improvement (anonymized after 2 years)

7.4 Business Operations Data

  • Supplier information: Up to 3 years after end of business relationship
  • Partner data: Retained for duration of partnership plus 3 years
  • Contract-related data: Retained for contract duration plus 7 years (legal requirement)

7.5 Technical and Security Data

  • Security logs: Retained for 1 year for security monitoring
  • Performance analytics: Aggregated data retained indefinitely (anonymized)
  • Backup data: Included in all retention schedules above
  • When retention periods expire, personal data is securely deleted using industry-standard methods. Some aggregated, anonymized data may be retained indefinitely for service improvement.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request information about the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data in a structured format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent for specific processing activities
  • To exercise these rights, please contact us using the information provided in Section 11.

9. Cookies and Tracking Technologies

We use cookies and similar technologies across our website and applications to enhance your experience and analyze service usage.

9.1 Website Cookies

Essential Cookies: Required for basic website functionality and security

Analytics Cookies: Help us understand website usage patterns (Google Analytics, etc.)

Marketing Cookies: Support advertising and promotional campaigns

Preference Cookies: Remember your settings and language preferences

9.2 Mobile App Tracking

Analytics SDKs: Track app usage and performance for improvements

Crash Reporting: Help identify and fix technical issues

Push Notification Tokens: Enable relevant notifications and updates

Session Management: Maintain secure login sessions

9.3 Managing Your Preferences

  • Website: Control cookie preferences through your browser settings
  • Mobile Apps: Manage tracking through device privacy settings and in-app preferences
  • Opt-out: You can opt out of non-essential tracking at any time
  • Detailed cookie information is available in our Cookie Policy.

10. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

11. Contact Information

For questions about this Privacy Policy, to exercise your data protection rights, or for any privacy-related concerns, please contact us:

FigureFlow AB

Email: privacy@figureflow.app

Address: Bryggargatan 6c, LGH 1303, 149 41 Nynäshamn, Sweden

We will respond to your inquiry within 30 days or as required by applicable law.

12. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with applicable law.

In Sweden, the relevant authority is: Integritetsskyddsmyndigheten (IMY)

Swedish Authority for Privacy Protection

Website: www.imy.se

Email: imy@imy.se

Phone: +46 8 657 61 00

You may also lodge a complaint directly with your local data protection authority if you are located in another EU/EEA country.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. We will notify you of material changes through our services, by email, or by posting a notice in our applications. The updated policy will be effective from the date specified.

Your continued use of our services after the effective date constitutes acceptance of the updated Privacy Policy.

This Privacy Policy governs the collection, use, and protection of personal data by FigureFlow AB and applies to all our services and applications.

Version date: 10 October 2025