Privacy and cookies

1. Introduction

This privacy policy describes how Designmaskinen collects, uses, stores, and protects personal data. Designmaskinen is committed to safeguarding users' privacy in accordance with applicable laws and regulations, including the General Data Protection Regulation (GDPR). This policy is a supplement to the data processing agreement and the terms of service for Designmaskinen.

2. About Designmaskinen

Designmaskinen is a multi-tenant Software-as-a-Service (SaaS) solution designed to simplify design processes within an organization’s visual identity. The usage rights are non-exclusive and non-transferable. By using the service, the customer accepts the terms of service and this privacy policy.

3. Collection and Use of Personal Data

3.1 Collection and Use of Personal Information

  • Personal Information: Designmaskinen collects minimal personal data, primarily email addresses for identification and communication.

  • Usage Data: Behavioral and usage data is collected to improve the service.

3.2 Purpose of data collection

The data is used for:

  • To provide access to and manage the Service.

  • To improve the user experience.

  • To ensure the security and stability of the service.

4. Privacy by default

Designmaskinen is designed with privacy as standard. This includes:

  • Limited data collection.

  • Anonymization where possible.

  • Control for users over their own data.

5. Security measures

5.1 Technical measures

  • Encryption: All data between client and server is encrypted via HTTPS.

  • API Security: Access to the backend API requires an access token.

  • Access control: User authentication and authorization are handled via external tokens, with strict access rules for organizational data.

6. Storage and transfer of data

6.1 Storage location

  • Databases: PostgreSQL database at Heroku, stored in Europe.

  • Images: AWS S3 for image upload.

6.2 Transfer outside the EU

Designmaskinen utilizes Clerk.com for authentication, which stores email addresses outside Europe. Clerk is certified under the Data Privacy Framework (DPF) program, which provides a framework for the protection of personal data transferred between the European Union and the United States.

What does Data Privacy Framework mean?
The Data Privacy Framework is a set of rules and principles that ensure that personal data transferred from the EU to the US is handled in a way that provides adequate protection, in line with GDPR. By being on the DPF list, Clerk is committed to complying with these strict privacy requirements, providing additional security for data transfers.

The transfer takes place in accordance with GDPR Article 6 (1) (b) and 6 (1) (f).

7. User's rights

  • Insight: Users can gain access to their own data by contacting us.

  • Deletion: Users and superusers can delete their own data. Deletion of data is permanent and not reversible.

8. Consent and Obligation to Inform

By registering or using the Service, users consent to the processing of their personal data in accordance with this Statement. It is the user's responsibility to comply with relevant privacy policies when using the Service.

9. Use of cookies

Designmaskinen uses cookies to collect data about user behavior for the purpose of analyzing and improving the service. Cookies help us understand how users interact with the service and to improve the user experience.

9.1 Types of Cookies We Use

  • Analytics cookies: Used to collect anonymized data on usage patterns. This helps us understand which parts of the service are most visited and how we can improve them.

9.2 Consent to the use of cookies

By using Designmaskinen, you consent to our use of cookies. You can control and delete cookies through your browser settings. Note that disabling cookies may affect the functionality of the service.

10. Subcontractors

Designmaskinen utilizes third-party vendors for storing and processing data:

  • Heroku: Storage of application data (no personal data).

  • AWS S3: Storage of images.

  • Clerk.com: Authentication and storage of email addresses. Clerk is certified under the Data Privacy Framework program.

  • Posthog: User Patterns Analysis Tool.

12. Data Retention and Deletion

Personal data will only be stored for as long as it is necessary to fulfill the purposes described in this statement. In case of account deletion, all personal data will be permanently removed.

13. Changesto the Privacy Policy

Designmaskinen reserves the right to update this Privacy Statement in accordance with changes to regulations or our services. Significant changes will be communicated to users.