Privacy

Privacy Policy

Last updated: March 28, 2026

1. Introduction

Auryn AB, a Swedish limited liability company with organization number [ORG-NUMBER], registered office at Gothenburg, Sweden ("Auryn", "we", "us", or "our") operates the Auryn platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. We comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Swedish data protection laws.

2. Data Controller

Auryn AB is the data controller for the personal data processed through the Service. You can contact us regarding data protection matters at:

  • Email: privacy@auryn.se
  • Address: Auryn AB, Gothenburg, Sweden

3. Information We Collect

3.1 Personal Information

We collect the following categories of personal information:

  • Account Information: Name, email address, job title, company affiliation
  • Profile Data: Professional background, investment preferences, organizational role
  • Communication Data: Messages, comments, and other communications within the platform
  • Business Data: Investment decisions, company evaluations, KPI reports, financial forecasts

3.2 Technical Information

We automatically collect:

  • Usage Data: Pages visited, features used, time spent on platform, click patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access logs, error logs, security events
  • Cookies and Tracking: Session cookies, functional cookies, analytics cookies

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract Performance (Art. 6(1)(b)): To provide the Service and fulfill our contractual obligations
  • Legitimate Interest (Art. 6(1)(f)): To improve our Service, ensure security, and conduct business analytics
  • Consent (Art. 6(1)(a)): For marketing communications and optional features (withdrawable at any time)
  • Legal Obligation (Art. 6(1)(c)): To comply with financial regulations and legal requirements

5. How We Use Your Information

  • Provide and maintain the Auryn platform and its features
  • Process investment applications and facilitate deal flow management
  • Generate AI-powered insights and recommendations
  • Enable collaboration between VC firms and portfolio companies
  • Communicate about your account and Service updates
  • Improve and optimize our Service through analytics
  • Ensure platform security and prevent fraud
  • Comply with legal and regulatory obligations

6. Data Sharing and Disclosure

6.1 Within Your Organization

Data is shared within your VC firm or portfolio company based on your organizational access controls and user permissions.

6.2 Service Providers

We may share data with trusted third-party service providers who assist us in:

  • Cloud hosting and infrastructure (AWS, Supabase)
  • AI and machine learning services (OpenAI)
  • Analytics and monitoring
  • Communication services

6.3 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights and the safety of our users.

7. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). We ensure adequate protection through:

  • EU Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Appropriate safeguards as required by GDPR

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Specific retention periods include:

  • Account Data: Duration of account plus 3 years
  • Transaction Records: 7 years (Swedish accounting laws)
  • Communication Data: 2 years after account closure
  • Technical Logs: 12 months

9. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for consent-based processing

10. Security Measures

We use the following technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Employee training on data protection
  • SOC 2 compliance standards

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. You can manage cookie preferences through your browser settings. Essential cookies required for platform functionality cannot be disabled.

12. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

13. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify the Swedish Data Protection Authority (Integritetsskyddsmyndigheten) within 72 hours and affected individuals without undue delay, where required by law.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Supervisory Authority

You have the right to lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten) if you believe we have processed your personal data in violation of applicable data protection laws. Integritetsskyddsmyndigheten (IMY) Box 8114 104 20 Stockholm, Sweden Website: imy.se

16. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@auryn.se
  • Address: Auryn AB, Gothenburg, Sweden

Your Rights: Under GDPR, you have the right to access, rectify, or delete your personal data at any time. To exercise these rights, contact us at privacy@auryn.se. We will respond within 30 days.