Legal

Privacy Policy

Last updated: 17 May 2026

1. Data controller

Arxify AB, company no. 559399-8122, is the data controller for the processing of personal data within the Fitout Service. Address: Solnavägen 29G, Solna, Sweden. Email: info@fitout.se.

When your employer has invited you as a user in Fitout, the employer is the data controller for the contents of their organisation, while Arxify AB acts as data processor.

2. What data do we collect

  • Account data: name, email address, optional phone number, encrypted password, permissions and role in the organisation.
  • Organisation and customer data: data you or your employer enter about customers, vehicles, builds, service and time entries.
  • Payment data: handled by Stripe; Fitout does not store card details.
  • Technical information: IP address, browser, sign-in time, for security and troubleshooting purposes.

3. Purposes and legal basis

  • Provide the Service — performance of contract (article 6.1.b GDPR).
  • Send operational messages and magic-link sign-ins — legitimate interest and performance of contract.
  • Handle payments and invoices — performance of contract and legal obligation.
  • Prevent abuse and security threats — legitimate interest.

4. Retention

Personal data is stored as long as your account is active and for 30 days after cancellation, after which it is deleted. Accounting records are retained for seven years per the Swedish Accounting Act.

5. Recipients of data

To provide the Service we engage the following data processors:

  • Vercel (Frankfurt, EU): hosting and operation of the application.
  • Neon (Frankfurt, EU): database.
  • Stripe (Ireland, EU): payments and subscription management.
  • Resend (USA, with Standard Contractual Clauses): transactional email.

6. Cookies and tracking

We use only strictly necessary cookies for sign-in and session management. No third-party marketing or tracking cookies are used.

7. Your rights

Under GDPR you have the right to:

  • request access to your personal data,
  • request correction of inaccurate data,
  • request erasure ("the right to be forgotten") where the conditions apply,
  • restrict or object to processing,
  • request data portability,
  • file a complaint with the Swedish Authority for Privacy Protection (imy.se).

Send your request to info@fitout.se. We respond within 30 days.

8. Security

We use encryption in transit (HTTPS) and at rest for sensitive fields such as passwords (bcrypt). Access to data is limited to authorised personnel and logged.

9. Changes

We may update this policy. For material changes we will inform you by email or within the Service.