STORE
0

Privacy Policy

Emoco Labs AB Last updated: 2025-11-12

Emoco Labs AB, registered in Sweden (org. no. 559117-7596), having its principal place of business at Valhallavägen 5, 181 51 Lidingö, Sweden ("us", "we", or "our") operates the https://emoco.com website and SaaS application (hereinafter referred to as the "Service").

This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 - and other applicable data protection laws.

Your Rights: You have important rights regarding your personal data, including the right to access, correct, delete, and port your data. See the "Your Data Protection Rights" section below for details.

Data Controller: Emoco Labs AB acts as the Data Controller for personal data collected through the Service. For data you upload or create within the Service, you act as the Data Controller and we act as the Data Processor under our Data Processing Agreement.

We use strictly necessary cookies required for the operation of our service, including session cookies for authentication and security, and Stripe cookies used to process payments and prevent fraud. These cookies do not require consent under GDPR, as they are essential to service functionality.

Definitions

Service

Service is the https://emoco.com website operated by Emoco Labs AB

Personal Data

Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Cookies

Cookies are small files stored on your device (computer or mobile device).

Data Controller

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.

For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

Data Processors (or Service Providers)

Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.

We may use the services of various Service Providers in order to process your data more effectively.

Data Subject (or User)

Data Subject is any living individual who is using our Service and is the subject of Personal Data.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number (if provided)
  • Address (if provided for billing/delivery purposes)
  • Usage Data
  • Support messages
  • Account credentials (username, hashed password)
  • User-generated content (documents, files, shared data within the Service)
  • Payment information (processed and stored by Stripe, Inc.)

Usage Data

We may also collect information on how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Location Data

  • IP Address: When you access our website, our server temporarily reads your IP address to determine your approximate country. We do not retain or store your IP in a persistent manner for this purpose.
  • Country Code: We then pass the country code (e.g., "US" or "SE") to our frontend application via HTTP headers or as a parameter in the URL. This allows us to provide location-dependent features, such as displaying prices in local currency or applying the correct taxes.
  • No Cookies for Location: We do not store your IP address or location data in cookies. Instead, we keep the derived country code only during your session (e.g., as a header value or part of the page's query string) to maintain consistency across pages.
  • Purpose: We use your approximate location data strictly to improve your user experience and comply with legal or tax obligations.
  • Retention: We do not store the IP address or country code beyond what is needed for your active session. If logs or backups contain IP addresses (for security or debugging), we process them according to our general retention policies outlined below.
  • Legal Basis: We rely on legitimate interest (Article 6(1)(f) GDPR) to display correct tax/currency information and comply with legal obligations.

Tracking & Cookies Data

We use strictly necessary cookies required for the operation of our service, including session cookies for authentication and security, and Stripe cookies used to process payments and prevent fraud. These cookies do not require consent under GDPR (Article 5(3) of the ePrivacy Directive), as they are essential to service functionality.

Use of Data

Emoco Labs AB uses the collected data for various purposes:

  • To provide and maintain our Service
  • To notify you about changes to our Service
  • To allow you to participate in interactive features of our Service when you choose to do so
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent and address technical issues
  • To send you important service notifications and updates
  • To provide technical support

Legal Basis for Processing Personal Data (GDPR)

Under the GDPR, Emoco Labs AB's legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

We process your Personal Data under one or more of the following legal bases:

Performance of a Contract (Article 6(1)(b) GDPR)

  • Creating and managing your account
  • Providing the Service and its features
  • Processing payments and managing subscriptions
  • Delivering customer support

Consent (Article 6(1)(a) GDPR)

  • When you explicitly agree to specific processing activities
  • You may withdraw consent at any time by contacting us at info@emoco.com

Legal Obligation (Article 6(1)(c) GDPR)

  • Complying with tax and accounting requirements
  • Responding to lawful requests from authorities
  • Retaining data as required by applicable laws

Legitimate Interests (Article 6(1)(f) GDPR)

In certain cases, we process your Personal Data on the basis of our legitimate interests. A "legitimate interest" means we have a valid business reason to use your information in a way that does not unfairly impact your rights or interests. Examples of our legitimate interests include:

  • Fraud prevention and security: detecting, preventing, and responding to unlawful activities, fraudulent behavior, and security threats.
  • Fair usage: We enforce a fair usage policy to ensure that no single user’s activity adversely impacts service performance, and if usage substantially exceeds normal limits, we may apply additional constraints or charges.
  • Internal analytics: analyzing user behavior and trends to improve our internal processes and understand our customers’ needs.
  • Improvement of services: enhancing and customizing our Service offerings, developing new features, and refining our user experience.
  • To manage subscription trials, billing cycles, and payment methods, including notification before billing

Before we process your Personal Data for these purposes, we perform a balancing test to ensure that our legitimate interests are not outweighed by your interests, fundamental rights, or freedoms. You have the right to object to this type of processing at any time (see "Your Data Protection Rights" section), and we will carefully review your request in accordance with applicable data protection laws. If you have questions about how we apply our balancing test, or you wish to object to processing based on legitimate interests, please contact us at info@emoco.com.

Payments and Stored Payment Methods

When you make a purchase, sign up for a free trial or sign up for a subscription, we process your payment using Stripe, Inc., a PCI-DSS compliant payment processor. We do not store your full credit or debit card details on our own servers.

If you start a free trial that will convert to a paid subscription, your payment method will be securely stored by Stripe and automatically charged at the end of the trial period unless you cancel in advance.

You will be informed before any such charge is made. You may cancel your subscription at any time in your account settings to prevent future charges.

Legal basis: The storage and future use of your payment method is based on your consent (Article 6(1)(a) GDPR when you agree during checkout) and the performance of a contract (Article 6(1)(b) GDPR when processing payments). Stripe acts as a subprocessor on our behalf. For more details, see our Data Processing Agreement and Stripe's Privacy Policy.

Data Processors and Third-Party Service Providers

We engage the following third-party service providers to process Personal Data on our behalf:

Service ProviderPurposeLocationSafeguards
Stripe Payments Europe Ltd.Payment processing, fraud preventionEU / GlobalStandard Contractual Clauses (SCCs)
Glesys ABHosting and database infrastructureSwedenEU Data Residency
Oderland ABTransactional email deliverySwedenEU Data Residency

All service providers are contractually bound to process data only on our instructions and in compliance with GDPR requirements. For business customers using the Service, our role as Data Processor is governed by our Data Processing Agreement.

International Data Transfers

Your information, including Personal Data, may be transferred to and maintained on computers located outside of your country where data protection laws may differ.

If you are located in the European Economic Area (EEA) or Switzerland, and your data is transferred outside these regions, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses in accordance with Articles 46 and 49 of the GDPR.
  • Adequacy Decisions: We may transfer data to countries deemed adequate by the European Commission.
  • Additional Safeguards: Technical and organizational measures to protect data during international transfers.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to such transfers.

Additional Information for U.S. Residents

California Privacy Rights

If you are a resident of California, you may have certain rights regarding your personal information under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). At this time, we do not believe we meet the applicability thresholds under these laws. However, we strive to be transparent about our data collection practices.

Categories of Personal Information: We collect identifiers (such as name, email address), and other information you provide to us. We do not collect sensitive personal information as defined by California law, nor do we use tracking cookies beyond what is necessary for session and authentication. No Sale or Sharing of Personal Information: We do not sell or share your personal information with third parties for cross-context behavioral advertising or any other commercial purposes.

Purposes for Collection: We collect personal information solely to provide and improve our services (e.g., facilitating account authentication, ensuring the security of our website).

Your Rights:

  • Access: You may have the right to request that we disclose what personal information we have collected about you.
  • Deletion: You may have the right to request that we delete personal information we collected from you.
  • Correction: You may have the right to request correction of inaccuracies in your personal information.
  • Non-Discrimination: We will not discriminate against you for exercising any of these rights.

How to Exercise Your Rights: If you are a California resident and wish to exercise any rights that may apply to you, please contact us at [email/URL/phone]. We will take reasonable steps to verify your identity before responding to your request.

Other U.S. State Laws

Several other U.S. states (e.g., Colorado, Virginia, Connecticut, Utah) have enacted or will enact consumer privacy laws. If you reside in one of these states, you may have similar rights to access, delete, or correct your personal information. If you wish to exercise these rights (where applicable), please contact us at [email/URL/phone].

Do Not Track

Certain web browsers may transmit “Do Not Track” (DNT) signals. We do not currently respond to DNT signals, because no industry standard has been established on how to interpret them. If a standard emerges, we will revisit this policy.

Cookies and Tracking Technologies

We only use session cookies (and similar technologies) for essential functions such as authentication and maintaining your session on our website. These cookies do not track your activities across third-party websites and are not used for advertising or analytics beyond our internal operational needs.

Data Retention

Emoco Labs AB will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy and as required by applicable laws.

Retention Periods:

For SaaS Application Users:

  • Account Data and User Content: Retained for the duration of your account plus 30 days after account closure (unless you request earlier deletion)
  • Usage Data and Logs: Retained for up to 90 days for security and service improvement purposes
  • Backups: Containing Personal Data are securely deleted according to backup retention schedules (maximum 90 days after account closure)

For E-commerce Transactions (Physical Products):

  • Transaction Records and Billing Data: Retained for 7 years to comply with tax, accounting, and consumer protection requirements
  • Purchase History: Retained for the duration necessary to fulfill warranty obligations (minimum 2 years for EU/EEA consumers)
  • Shipping Information: Retained for the duration of the transaction and warranty period

Applicable to All Services:

  • Payment Processing Data: Stored by Stripe, Inc. and retained according to payment regulations and our agreement with Stripe
  • Support Communications: Retained for 3 years to maintain service quality and resolve disputes

Important Note: If you use both our SaaS application and purchase physical products, different retention periods apply to different types of data. Canceling your SaaS subscription does not affect the retention of data related to physical product purchases, which must be retained for legal and warranty purposes.

We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

You may request deletion of your account and Personal Data at any time through your account settings or by contacting info@emoco.com. Upon such request, we will delete your data within 10 business days, except where retention is required by law.

Disclosure of Data

Business Transaction

If Emoco Labs AB is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, Emoco Labs AB may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

Emoco Labs AB may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation

  • To protect and defend the rights or property of Emoco Labs AB

  • To prevent or investigate possible wrongdoing in connection with the Service

  • To protect the personal safety of users of the Service or the public

  • To protect against legal liability

Security of Data

The security of your data is important to us. We implement appropriate technical and organizational security measures to protect your Personal Data, including:

  • Encryption: Data in transit using TLS 1.3+ and data at rest using AES-256 or equivalent encryption
  • Access Control: Role-based access control and least-privilege permissions
  • Authentication: Multi-factor authentication for administrative access
  • Security Testing: Regular security testing and vulnerability assessments
  • Monitoring: Continuous security monitoring and incident response procedures
  • Data Backups: Secure backup and disaster recovery procedures
  • Personnel Training: Regular training on data protection for all personnel

While we strive to use commercially acceptable means to protect your Personal Data, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data in accordance with industry best practices and GDPR requirements.

Data Breach Notification: In the event of a Personal Data breach, we will notify affected users and, where required, the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with Article 33 and 34 of the GDPR.

Your Data Protection Rights under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the GDPR. Emoco Labs AB is committed to respecting these rights and will respond to requests within one month.

Your Rights Include:

1. Right of Access (Article 15)

  • You have the right to obtain confirmation of whether we process your Personal Data and access to that data.
  • You can request a copy of your Personal Data through your account settings or by contacting info@emoco.com.
  • Repeated Requests: If you make repeated requests for copies of your personal data within a short time frame, Emoco Labs AB reserves the right to refuse the request or charge a reasonable administrative fee in accordance with Article 12(5) GDPR.

2. Right to Rectification (Article 16)

  • You have the right to have inaccurate Personal Data corrected and incomplete data completed.
  • You can update your information directly in your account settings.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

  • You have the right to request deletion of your Personal Data when it is no longer necessary, when you withdraw consent, or when you object to processing.
  • You can request deletion through your account settings or by contacting info@emoco.com.
  • Exception: We cannot delete data that we are legally required to retain (e.g., transaction records for tax purposes, warranty records, or data subject to ongoing legal obligations). In such cases, we will inform you of the legal basis preventing deletion.

4. Right to Restriction of Processing (Article 18)

  • You have the right to request restriction of processing in certain circumstances, such as when contesting accuracy or legality of processing.

5. Right to Data Portability (Article 20)

  • You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format.
  • You have the right to transmit this data to another controller.

6. Right to Object (Article 21)

  • You have the right to object to processing based on legitimate interests or for direct marketing purposes.
  • We will cease processing unless we demonstrate compelling legitimate grounds.

7. Right to Withdraw Consent (Article 7(3))

  • Where processing is based on consent, you have the right to withdraw consent at any time.
  • Withdrawal does not affect the lawfulness of processing before withdrawal.

8. Right to Lodge a Complaint (Article 77)

  • You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, place of work, or place of alleged infringement.
  • In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY): https://www.imy.se

How to Exercise Your Rights

To exercise any of these rights, please:

  • Use your account settings (for access, rectification, deletion, and portability), or
  • Contact us at info@emoco.com with your request

We may ask you to verify your identity before responding to requests to protect your Personal Data from unauthorized access.

We will respond to your request within one month. In complex cases, we may extend this by two additional months and will inform you of any such extension.

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's Privacy

Our Service does not address anyone under the age of 18 ("Children").

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us at info@emoco.com. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take immediate steps to delete that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

For material changes that affect your rights, we will provide at least 30 days' notice before the changes take effect.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we process your Personal Data, please contact us:

Emoco Labs AB

  • Email: info@emoco.com
  • Address: Valhallavägen 5, 181 51 Lidingö, Sweden
  • Organization Number: 559117-7596

Data Protection Officer: For data protection inquiries, please contact info@emoco.com

Supervisory Authority: If you are located in the EEA and have concerns about our data processing practices, you have the right to lodge a complaint with your local data protection authority. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY): https://www.imy.se