Privacy Policy

Last updated: May 28, 2026

1. Data Controller

SOPs Hub AB (Reg. No. 559456-7890) is the data controller for the processing of your personal data under this Privacy Policy. Our registered address is:

Kungsgatan 48
111 35 Stockholm
Sweden

For any privacy-related inquiries, contact our Data Protection Officer at dpo@sopshub.com.

2. Personal Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: name, job title, company name.
  • Contact Data: email address, phone number (if provided).
  • Account Data: username, password, billing information (for future paid subscriptions).
  • Usage Data: information about how you use our website and services, including pages visited, features used, and interaction patterns.
  • Technical Data: IP address, browser type, device information, operating system.
  • Communication Data: any information you provide when contacting us via our contact form, email, or Telegram bot.

3. How We Collect Your Data

We collect personal data through the following means:

  • Waitlist Form: When you sign up for early access, we collect your email address.
  • Contact Form: When you send us a message, we collect your name, email address, and the contents of your message. These messages are processed via our Telegram bot for internal handling.
  • Automated Technologies: As you navigate our website, we automatically collect technical data about your equipment and browsing patterns via cookies and similar technologies.
  • Third Parties: We may receive data from analytics providers (such as Cloudflare Web Analytics) and advertising networks.

4. Lawful Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data on the following lawful bases:

  • Consent (Art. 6(1)(a)): For marketing communications, cookie placement (where required), and optional data sharing.
  • Contractual Necessity (Art. 6(1)(b)): To provide our services, manage your account, and fulfill our obligations under our Terms of Service.
  • Legal Obligation (Art. 6(1)(c)): To comply with applicable laws, such as bookkeeping and tax reporting requirements under Swedish law.
  • Legitimate Interests (Art. 6(1)(f)): To improve our website and services, ensure network and information security, and for direct marketing to existing customers.

5. Purposes of Processing

We use your personal data for the following purposes:

  • To register you for early access and manage the waitlist.
  • To respond to your inquiries submitted via the contact form or Telegram bot.
  • To provide, maintain, and improve our services.
  • To process payments and manage billing (for future paid subscriptions).
  • To send administrative information, including changes to our terms, conditions, and policies.
  • To send marketing communications where you have consented or where we have a legitimate interest.
  • To detect, prevent, and address technical issues, fraud, and abuse.
  • To comply with legal obligations, including bookkeeping under the Swedish Bookkeeping Act.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for satisfying legal, accounting, or reporting requirements:

  • Waitlist data: Retained until you withdraw consent or until the waitlist is closed, whichever occurs first.
  • Contact form inquiries: Retained for 2 years after the last communication.
  • Account data: Retained for the duration of your account plus 7 years (to comply with Swedish bookkeeping requirements).
  • Usage and technical data: Retained for 26 months.
  • Marketing data: Retained until you opt out or unsubscribe.

7. Your Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data, subject to legal retention obligations.
  • Right to Restriction of Processing (Art. 18): Request restriction of processing in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, contact us at dpo@sopshub.com. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at www.imy.se.

8. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to improve user experience, analyze traffic, and for security purposes. We use the following types of cookies:

  • Essential Cookies: Required for the website to function properly. These cannot be disabled.
  • Analytics Cookies: We use Cloudflare Web Analytics (privacy-friendly, no cookie banner required) to understand aggregate usage patterns. No personal data is stored by this service.
  • Functional Cookies: Used to remember your preferences and settings.

You can control cookies through your browser settings. Please note that blocking certain cookies may affect website functionality.

9. Third-Party Processors

We engage the following third-party processors who may have access to your personal data. All processors are contractually bound to process data only on our documented instructions and to implement appropriate technical and organizational security measures:

  • Cloudflare, Inc. — CDN, DNS, web analytics, and DDoS protection. Data may be transferred globally via Cloudflare's global network. Privacy Policy
  • Telegram (Telegram Messenger Inc.) — Contact form messages are forwarded to our internal Telegram bot for team response. Privacy Policy
  • Vercel Inc. — Web hosting and deployment. Privacy Policy
  • Stripe, Inc. — Payment processing (for future paid subscriptions). Privacy Policy

10. International Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer your data to third parties outside the EEA, we ensure an adequate level of protection through one or more of the following safeguards:

  • The recipient is located in a country that the European Commission has deemed to have adequate data protection (adequacy decision under Art. 45 GDPR).
  • The recipient has signed Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR).
  • The recipient is certified under the EU-US Data Privacy Framework (where applicable).

Specifically, data transferred to Cloudflare (US) and Stripe (US) is protected by SCCs. You can request a copy of the relevant safeguards by contacting dpo@sopshub.com.

11. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256).
  • Access controls and authentication requirements for personnel.
  • Regular security assessments and penetration testing.
  • Data minimization and pseudonymization where feasible.

12. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you. Should this change in the future, we will notify you and obtain your consent where required by law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and, where appropriate, by email notification. We encourage you to review this page periodically for the latest information on our privacy practices.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

SOPs Hub AB
Attn: Data Protection Officer
Kungsgatan 48
111 35 Stockholm
Sweden
Email: dpo@sopshub.com