Skip to main content

Privacy Policy

Last updated: 19/05/2026

Tagible AB (“Tagible”, “we”) is the data controller for the personal data we process about visitors to our marketing website and account holders on the Tagible platform. This policy explains what we collect, why, how long we keep it, and how to exercise your rights under the EU General Data Protection Regulation (GDPR).

1. Data we collect

  • Account data: name, email, hashed password, organization affiliation, preferred locale and timezone.
  • Usage data: API request logs, audit-trail events tied to your account, IP address (hashed before storage), and pseudonymous analytics events.
  • Content data: submissions, photos, voice recordings, sensor readings, and other content you create. You remain the controller of this data.

2. Legal bases

We process account and content data under Article 6(1)(b) — contract performance. We process analytics and security logs under Article 6(1)(f) — legitimate interest in maintaining a secure service.

3. Where data lives

All data is stored in the European Union (Supabase EU, Frankfurt and Cloudflare R2 EU). We never transfer personal data outside the EEA without an adequacy decision or Standard Contractual Clauses.

4. Retention

  • Audit log entries: 7 years (regulatory).
  • Submissions and Product Passport data: product lifetime + 10 years (ESPR).
  • Account data after deletion request: 30-day soft delete then permanent erasure.
  • Analytics events: 26 months max.

5. Your rights (Articles 15–22)

  • Right of access — export your data via Account → Profile.
  • Right to rectification — edit account details in-app.
  • Right to erasure — initiate from Settings; 30-day grace window then irreversible.
  • Right to data portability — CSV/JSON exports.
  • Right to object — opt out of marketing in Account → Profile.
  • Right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

6. Sub-processors

Current sub-processors include Supabase (EU hosting), Stripe (payments, EU), Resend (transactional email, EU), Anthropic (AI features, with no training on customer data), and Cloudflare (CDN + Turnstile). The full list is updated at tagible.io/sub-processors.

7. Contact

Data Protection Officer: privacy@tagible.io.

← Back to home