Privacy Policy

This Privacy Policy explains how Studio FRIHÄVA AB, org.nr 559393-2733 ("Pollio", "we", "us", or "our") collects, uses, and protects your personal data when you use our service at pollio.se.

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR).

The data controller for your personal data is:

Studio FRIHÄVA AB
Grev Turegatan 54
114 38 Stockholm
Sweden
Email: henrik.staahle@gmail.com

For Presenters (Account Holders)

• Email address (required for account creation)
• Name (optional, if provided)
• Payment information (processed securely by Stripe)
• Presentation content you create
• Session history and response data

For Audience Participants

• Anonymous responses to presentation questions
• A random participant ID stored in your browser (no personal identification)

Note: Audience participants do not need to create an account or provide any personal information. All responses are anonymous by default.

We use your data to:

• Provide and operate the Pollio service
• Process payments and manage subscriptions
• Send important service-related communications
• Improve our service and fix issues
• Comply with legal obligations

We do not sell your data to third parties or use it for advertising purposes.

We process your personal data based on:

• Contract: To provide the service you signed up for
• Legitimate interest: To improve our service and ensure security
• Legal obligation: To comply with applicable laws (e.g., accounting)
• Consent: Where explicitly requested (e.g., marketing emails)

We share data only with trusted service providers who help us operate Pollio:

• Supabase (EU) - Database and authentication
• Stripe (US, with EU data processing) - Payment processing
• Vercel (US, with EU edge) - Website hosting
• Google - OAuth login (only if you choose Google sign-in)

All providers are bound by data processing agreements and comply with GDPR requirements.

• Active accounts: Data is retained while your account is active
• Deleted accounts: Personal data is deleted within 30 days of account deletion
• Payment records: Retained for 7 years as required by Swedish accounting law
• Audience responses: Retained as long as the presentation exists

Under GDPR, you have the right to:

• Access - Request a copy of your personal data
• Rectification - Correct inaccurate data
• Erasure - Request deletion of your data
• Portability - Receive your data in a portable format
• Object - Object to certain processing activities
• Withdraw consent - Where processing is based on consent

To exercise these rights, contact us at henrik.staahle@gmail.com. We will respond within 30 days.

We use essential cookies only to keep you logged in and remember your preferences. We do not use tracking or advertising cookies.

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (HTTPS) and at rest, secure authentication, and regular security reviews.

Your data is primarily stored in the EU. Where data is transferred outside the EU (e.g., to US-based processors), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

We may update this policy from time to time. We will notify you of significant changes via email or a notice on our website.

For questions about this policy or to exercise your rights, contact us at:

Email: henrik.staahle@gmail.com

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at www.imy.se.