Skeptiva AB ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we handle personal data when you use our website (skeptiva.com) and our email security software ("the Service").

Data Controller:
Skeptiva AB
Registration number: 559523-4831
Address: Backgatan 3, 724 60 Västerås, Sweden
Email: info@skeptiva.com

Our core philosophy is privacy by design. Skeptiva processes your email data locally on your device ("On-Edge"). We do not indiscriminately upload your emails to the cloud. We do not read your email content during normal operation. All real-time scanning and analysis are performed within your own IT environment. However, strictly for support, debugging, and improving our detection algorithms, specific data may be processed centrally as described below.

A. Account & Billing Data (Information you provide)
When you purchase a license or book a demo, we collect:

• Name of contact person and any names used in the admin dashboard
• Business email addresses
• Company name and billing details
• Payment information (processed securely via Stripe)

B. Service Metadata & Logs
To ensure the Service functions correctly and to provide support, our software collects technical logs and metadata. This may include:

• License validation keys and device identifiers.
• Technical error logs (e.g., if the software crashes).
• Email Metadata: Headers, timestamps, and sender information involved in a detection event. Note: We use this strictly for diagnostics and support purposes.

C. User-Reported Threats (Voluntary Data)
You have the option to voluntarily report specific emails to us (e.g., false positives or undetected phishing attempts) to help us train our AI and improve the Service.

• Consent: By manually submitting an email to Skeptiva, you consent to us processing the content and metadata of that specific email.
• Usage: This data is used solely for threat analysis and model training.

D. Website Analytics
We use Plausible Analytics, a privacy-focused tool. It does not use cookies and does not collect any personal data (no IP addresses are stored).

We use your data for the following purposes:

• Service Delivery: Validating licenses and enabling software functionality.
• Product Improvement: Using reported threats and metadata to refine our detection algorithms.
• Support: Diagnosing technical issues based on logs.
• Billing: Processing payments via our payment provider.
• Compliance: Fulfilling legal obligations (e.g., Swedish Bookkeeping Act).

We prioritize keeping data within the EU. We share data only with trusted third-party providers needed to operate our business:

• Hosting & Infrastructure: Hetzner Online GmbH (Germany). All central servers and databases are hosted within the EU.
• Payment Processing: Stripe (Global). Used for secure payment processing.
• Internal Communication: [e.g., Google Workspace / Slack].

We have signed Data Processing Agreements (DPA) with all sub-processors to ensure they protect your data according to GDPR.

We take a "Privacy First" approach.

Marketing/Tracking: We do not use tracking cookies or pixels (like Facebook Pixel or Google Analytics) on our website.

Essential Cookies: We may use strictly necessary cookies only to keep you logged into our admin/customer portal.

Under the GDPR, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data ("Right to be forgotten"), subject to legal retention requirements.

To exercise these rights, contact us at info@skeptiva.com.

We may update this policy as we launch new features. The latest version will always be available on our website.