Privacy Policy

Last updated: February 10, 2025

1. Introduction

Eventpipe AB ("we", "us", "our"), org.nr. 559 421-3847, registered in Stockholm, Sweden. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and the Swedish Data Protection Act (Dataskyddslagen).

2. Data We Collect

• Account data: name, email address, company name (optional)
• Usage data: API call logs, event delivery metrics, feature usage patterns
• Payment data: processed by Stripe — we do not store full card details
• Technical data: IP address, browser type, device information

3. How We Use Your Data

• Provide and maintain the Eventpipe service
• Process and deliver webhook events
• Monitor service performance and uptime
• Send service-related communications (outage notifications, security alerts)
• Comply with legal obligations under Swedish and EU law

4. Data Processing

All personal data is processed and stored within Sweden and the European Economic Area (EEA). We do not transfer data outside the EEA without ensuring adequate safeguards as required under GDPR Chapter V. Our primary data center is located in Stockholm, Sweden, operated on infrastructure powered by renewable energy.

5. Data Retention

• Account data: retained while your account is active, plus 30 days after deletion
• Event delivery logs: retained according to your plan (24 hours to 30 days)
• Payment records: retained for 7 years as required by Swedish tax law (Bokföringslagen)
• Technical logs: retained for 90 days for security and debugging purposes

6. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate personal data
• Erase your personal data ("right to be forgotten")
• Port your data to another service
• Restrict processing of your personal data
• Object to processing based on legitimate interest
• Withdraw consent at any time

To exercise these rights, contact us at privacy@eventpipe.dev. We will respond within 30 days.

7. Cookies

Eventpipe uses only essential cookies required for the service to function:

• Session cookies for authentication
• CSRF protection tokens

We do not use tracking cookies, third-party analytics, or advertising cookies. We do not participate in cross-site tracking.

8. GDPR Compliance

• Legal bases: contract performance (Art. 6(1)(b)), legitimate interest (Art. 6(1)(f)), consent where required (Art. 6(1)(a))
• Data Protection Officer: privacy@eventpipe.dev
• Data Processing Agreement (DPA) available on request for business customers
• Supervisory authority: IMY (Integritetsskyddsmyndigheten, Swedish Authority for Privacy Protection), www.imy.se

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or through a notice on our website. Your continued use of the service after such notification constitutes acceptance of the updated policy.

10. Contact

Eventpipe AB
Birger Jarlsgatan 57
113 56 Stockholm, Sweden
Email: privacy@eventpipe.dev