Privacy Policy

1.1. This Privacy Policy explains how Ronja Technologies AB ("Ronja", "we", "us") collects, uses, shares, and protects personal data when you visit ronja.tech (the "Website"), request a demo, subscribe to our communications, or use the Ronja data platform (together, the "Services").

1.2. Ronja is the Data Controller for personal data processed through the Website and marketing activities. When you use the Ronja data platform under a customer agreement, Ronja acts as Data Processor on your organization's behalf; that processing is governed by the Data Processing Agreement.

1.3. We process personal data in accordance with Regulation (EU) 2016/679 (the "GDPR") and applicable Swedish data protection law.

Ronja Technologies AB (Org.nr 559471-4692)
Luntmakargatan 26, 111 37 Stockholm, Sweden
Email: hello@ronja.tech

For any question relating to this Privacy Policy or the processing of your personal data, please contact us at the email address above.

3.1. Data you provide to us. When you fill in a form on the Website (for example to request a demo, subscribe to updates, or contact us), we collect the information you submit, such as your name, business email address, company name, job title, country, and the content of your message.

3.2. Data collected automatically. When you access the Website, we and our service providers automatically collect certain technical data, including:

• IP address, approximate location (country, region, city, postal code, metro area)
• Browser type, device information, operating system, language preferences
• Pages visited, referring URL, session duration, and other usage data
• Identifiers stored in cookies and similar technologies
• Interaction signals used by spam and bot protection (clicks, keypress events, mouse movements, scroll position, touch events, motion sensor events)

3.3. Platform account data. If you register for a Ronja account, we process the data required to create and administer the account (name, business email, company, authentication credentials, workspace role, and activity logs).

3.4. Customer Data inside the platform. Data that customers connect to or upload into the Ronja platform is processed on the customer's instructions under the Data Processing Agreement and is not governed by this Privacy Policy.

4.1. We process personal data for the following purposes:

• To operate, maintain, and secure the Website and the Ronja platform
• To respond to demo requests, sales enquiries, and support messages
• To send product updates, newsletters, and marketing communications where permitted
• To measure and improve the performance of the Website and our marketing (analytics)
• To deliver and measure online advertising, including on LinkedIn
• To protect the Website and our forms against spam, abuse, and fraud
• To provision and administer customer accounts and billing
• To comply with legal, tax, and regulatory obligations

5.1. We rely on the following legal bases under Article 6 of the GDPR:

• Consent (Art. 6(1)(a)) for non-essential cookies, interest-based advertising, analytics, and marketing emails where required by law.
• Contract (Art. 6(1)(b)) to provide the Services you request and to administer your account.
• Legal obligation (Art. 6(1)(c)) to comply with tax, accounting, and other statutory duties.
• Legitimate interests (Art. 6(1)(f)) to secure the Website, prevent abuse, respond to your enquiries, and carry out limited direct marketing to existing business contacts. We balance these interests against your rights and freedoms.

5.2. You may withdraw consent at any time with effect for the future by using the cookie preference controls on the Website or by contacting us at hello@ronja.tech.

6.1. The Website uses cookies and similar technologies for strictly necessary functionality, analytics, and advertising. Strictly necessary cookies are set automatically. Analytics and advertising cookies are only set after you give consent through our cookie banner.

6.2. You can review, change, or withdraw your consent at any time by clicking the privacy preferences link in our cookie banner. You can also block or delete cookies through your browser settings; doing so may affect the functionality of the Website.

6.3. The categories of cookies and trackers used correspond to the third-party services listed in Section 8.

7.1. We share personal data only as described in this Privacy Policy. Categories of recipients include:

• Service providers that host, operate, analyze, and secure the Website and the platform, acting as processors on our behalf (see Section 8).
• Professional advisors such as auditors, accountants, and lawyers, under confidentiality obligations.
• Authorities where disclosure is required by law, court order, or to protect our legal rights.
• Corporate transactions such as a merger, acquisition, or asset sale, subject to appropriate confidentiality protections.

7.2. We do not sell personal data.

7.3. Third parties that receive data as processors are bound by written agreements that are no less protective than this Privacy Policy and that meet the requirements of Article 28 of the GDPR.

8.1. The table in Annex 1 lists the third-party services used on the Website and the categories of personal data processed through each. Sub-processors used to provide the Ronja data platform itself are listed in Annex 3 of the Data Processing Agreement.

8.2. Each listed provider processes personal data in accordance with its own privacy policy, which we encourage you to review.

9.1. Website hosting, content delivery, and platform infrastructure are provided by Amazon Web Services within the EU/EEA.

9.2. Some Website service providers (for example Google, LinkedIn, Vimeo, and iubenda) are established in, or may transfer personal data to, countries outside the EU/EEA, including the United States. Where such transfers occur, they are protected by appropriate safeguards under Chapter V of the GDPR, including Standard Contractual Clauses adopted by the European Commission and, where applicable, reliance on the EU–US Data Privacy Framework.

9.3. A copy of the safeguards used for any specific transfer is available on request by contacting hello@ronja.tech.

10.1. We retain personal data only for as long as necessary for the purposes described in this Privacy Policy and to comply with our legal obligations.

10.2. Typical retention periods:

• Demo and contact form submissions: up to 24 months from the last contact, unless a longer commercial relationship develops.
• Marketing email subscriptions: until you unsubscribe or we determine the subscription is inactive, after which your data is deleted or anonymized.
• Analytics data: up to 14 months in Google Analytics 4 and aggregated thereafter.
• Advertising identifiers: according to the retention settings of the advertising provider (typically up to 180 days for LinkedIn Insight Tag).
• Server and security logs: up to 12 months.
• Account data for active customers: for the duration of the customer agreement, subject to the Data Processing Agreement.
• Accounting and tax records: 7 years as required by Swedish law (Bokföringslagen).

11.1. Subject to applicable law, you have the following rights in relation to your personal data:

• Access to the personal data we hold about you (Art. 15 GDPR)
• Rectification of inaccurate or incomplete data (Art. 16)
• Erasure of your data where one of the grounds in Article 17 applies
• Restriction of processing (Art. 18)
• Portability of data you have provided to us (Art. 20)
• Objection to processing based on our legitimate interests, including direct marketing (Art. 21)
• Withdrawal of consent at any time, without affecting the lawfulness of processing carried out before withdrawal
• Not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (Art. 22)

11.2. To exercise any of these rights, email hello@ronja.tech. We will respond within one month in accordance with Article 12 of the GDPR.

11.3. You also have the right to lodge a complaint with a supervisory authority. The lead authority for Ronja is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY), Box 8114, 104 20 Stockholm, Sweden, imy@imy.se, www.imy.se.

12.1. We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, alteration, and disclosure. These include encryption in transit and at rest, role-based access controls, multi-factor authentication for personnel, network segmentation, centralized logging, and regular vulnerability testing.

12.2. Further detail on the security measures applied to Customer Data processed through the platform is set out in Annex 2 of the Data Processing Agreement.

We do not use personal data collected through the Website to make decisions based solely on automated processing that produce legal or similarly significant effects concerning you.

The Services are directed to businesses and professionals and are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact hello@ronja.tech and we will delete it without undue delay.

We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or applicable law. We will post the updated version on this page and revise the "Last updated" date above. Material changes affecting registered users will be communicated by email or through the Services at least 30 days before they take effect.

Questions, requests, or complaints about this Privacy Policy can be directed to:

Ronja Technologies AB
Luntmakargatan 26, 111 37 Stockholm, Sweden
Email: hello@ronja.tech

Last updated: April 2026

Advertising

Service	Purpose	Personal data	Provider
LinkedIn Ads	Delivery and measurement of advertising on LinkedIn	Trackers; Usage Data	LinkedIn Ireland Unlimited Company (Ireland)
LinkedIn Insight Tag	Conversion tracking and retargeting	Device information; Trackers; Usage Data	LinkedIn Ireland Unlimited Company (Ireland)

Analytics

Service	Purpose	Personal data	Provider
Google Analytics 4	Website usage measurement (with IP anonymization)	Number of users; session statistics; Trackers; Usage Data	Google Ireland Limited (Ireland)
AWStats	Server-side access analytics	Country; operating systems; Usage Data	Self-hosted on AWS infrastructure (EU)

Privacy preferences

Service	Purpose	Personal data	Provider
iubenda Privacy Controls and Cookie Solution	Collection and storage of privacy preferences and consent records	IP address; Trackers	iubenda s.r.l. (Italy)

Content from external platforms

Service	Purpose	Personal data	Provider
Vimeo video	Embedded video playback	Trackers; Usage Data	Vimeo.com, Inc. (USA)

Hosting and infrastructure

Service	Purpose	Personal data	Provider
Amazon Web Services (AWS)	Cloud hosting and backend infrastructure	Various types of data as specified in the AWS privacy notice	Amazon Web Services EMEA SARL (Luxembourg); EU region
Amazon S3	Object storage for Website assets	Usage Data	Amazon Web Services EMEA SARL (Luxembourg); EU region
Amazon CloudFront	Traffic optimization and content delivery	Browser information; city; country; county; device information; geography/region; IP address; latitude and longitude of city; metro area; operating systems; state; Usage Data; ZIP/postal code	Amazon Web Services EMEA SARL (Luxembourg)

Spam and bot protection

Service	Purpose	Personal data	Provider
Google reCAPTCHA	Protection of forms against spam and automated abuse	Answers to questions; clicks; keypress events; motion sensor events; mouse movements; scroll position; touch events; Trackers; Usage Data	Google Ireland Limited (Ireland)

We share personal data only with providers that offer protection equivalent to that required by this Privacy Policy and applicable data protection law. Further information on each provider's processing is available in its own privacy policy.