Legal
Privacy Policy
Contents
01Overview
This policy explains what personal data we handle, why we handle it, and the rights you have over it.
It covers our website, the people who contact us, job applicants, and your use of the MinCFO platform.
02Controller and processor
There are two roles to keep separate, because they decide who is responsible for your data.
- We are the controller for data about visitors to our website, people who contact us or book a demo, job applicants, and the users who log in to the platform. We decide why and how that data is used, and this policy describes it.
- We are the processor for the financial and personal data inside a client’s books, payroll and reporting. The client decides the purpose, and we process it only to deliver the service, under a written data processing agreement (personuppgiftsbiträdesavtal).
Where we act as a processor, the client’s own privacy notice governs that data, and we support the client in handling any request.
03The data we collect
We collect different data depending on how you reach us. Most of it comes directly from you, some automatically through limited cookies, and some from the systems you connect.
- Visitors and prospects: your name, work email, company name and size, anything you write in a message or demo request, and basic technical data such as IP address, browser and pages viewed.
- Clients and platform users: account and contact details, login and security information, and a record of how the platform is used, such as logins, features opened and actions taken, so we can run and support it.
- Job applicants: your name and contact details, your CV, the information in your application, and notes from the hiring process.
- Client finances (as processor): accounting records, invoices, bank and card transactions, and payroll. Payroll includes employee names, salaries, Swedish personal identity numbers, bank details and absence. We handle this for the client, not for our own purposes.
When you become a client, you also give us secure access to tools like your bank, Skatteverket and Fortnox so we can run your finances.
04Use and legal basis
We use personal data only for clear purposes, and each has a legal basis under the GDPR.
- To deliver the service (contract): running your bookkeeping, reporting, payroll and CFO support, and giving you access to the platform.
- To respond to you (legitimate interest): answering demo requests, questions and sales conversations.
- To run our hiring (legitimate interest): reviewing applications and managing recruitment.
- To keep the service secure (legitimate interest): preventing fraud, abuse and unauthorised access, and keeping records of activity.
- To meet legal duties (legal obligation): Swedish bookkeeping, tax and anti-money-laundering rules require us to keep certain records.
- For marketing you agreed to (consent): sending updates only where you opt in. You can withdraw consent at any time.
05AI processing
We never use your data to train AI models. Your financial and personal data are not used to train our models or any third party’s models.
- Grounded in your own data: the AI assistant answers from your numbers and stays traceable to the underlying transactions. It explains and surfaces, it does not decide for you.
- No decisions with legal effect: we do not make decisions about you based solely on automated processing that would have legal or similarly significant effects.
- Processed in the EU, under strict terms: the AI features run within our cloud infrastructure in the EU, and any provider is bound by terms that prohibit training on, or retaining, your data beyond returning a result.
07Where it's processed
We host the platform and your financial data with our cloud infrastructure provider in the EU, and we keep personal data in the EU or EEA wherever we can.
Some providers we rely on, such as communication and CRM tools, may process limited personal data outside the EEA. Where that happens, we put approved safeguards in place first, such as the European Commission’s Standard Contractual Clauses, so your data keeps the same level of protection.
08How long we keep it
- Accounting records: Swedish law (Bokföringslagen) requires accounting information to be kept for seven years, and we keep it for that period.
- Client account data: for as long as you are a client, and a limited period afterwards to meet legal duties and resolve disputes.
- Prospect and contact data: for as long as we are in contact, and a reasonable period after, unless you ask us to remove it sooner.
- Job applications: for the length of the process and a limited period afterwards. With your consent we may keep your application on file for future roles.
- Website and security logs: for a short period needed to run and protect the service.
09How we protect it
We handle sensitive financial data every day, so security is built into how we work, not bolted on after.
- Encryption in transit and at rest
- Strict, logged access on a need to know basis
- Continuous monitoring and regular reviews
- Vetted providers, each under contract
- A documented incident response process
If a personal data breach happens, we act on it and notify the authority and anyone affected where the GDPR requires it. No system can be guaranteed completely secure, but we protect your data carefully and respond quickly if something goes wrong.
10Your rights
Under the GDPR you have rights over your personal data. You can:
- Access a copy of the data we hold about you
- Correct data that is inaccurate or incomplete
- Ask us to delete it
- Restrict or object to how we process it
- Receive your data in a portable format
- Withdraw consent at any time, where we rely on it
To use any of these rights, email us at victor@mincfo.com. We respond within the time the law allows, normally within one month. If we hold your data on behalf of a client, please contact that client and we will support them.
You can also complain to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se, or to your local data protection authority.
12Children
Our service and platform are made for businesses and are not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has given us personal data, contact us and we will remove it.
13Changes to this policy
We may update this policy as our service, the law or our providers change. When we make a material change, we update the date above and, where appropriate, let you know directly. The current version always lives on this page.
14Contact
MinCFO Sverige AB (company registration number 559525-9259) is the controller for the personal data described here.
For any privacy question, or to use your rights, email us at victor@mincfo.com, or write to us at one of our offices: Västra Hamngatan 11, Gothenburg, or Stora Nygatan 33, Stockholm.