Privacy Policy
This Privacy Policy was last updated on 2026-01-28.
Introduction
Epiminds AB (“Epiminds”), Swedish organization number 559532-6942, is dedicated to safeguarding your privacy and protecting information relating to you. This privacy policy (“Privacy Policy”) governs the manner in which we handle personal data concerning you in connection with your access to or utilization of Epiminds’ products, services, features, and technologies, including without limitation our website, platform, and plug-ins that interface with Epiminds. This Privacy Policy further encompasses all other engagements between you and Epiminds and sets forth your rights and the procedures for exercising such rights.
Personal data means any information that can be linked to an identified or identifiable natural person, such as name, email address, contact details, photographs, and personal identification number.
We may update this Privacy Policy from time to time. When the Privacy Policy is updated, we will post an updated version on this page, unless another type of notice is required by applicable law or contractual agreement. By continuing to use our services or providing us with personal data after we have posted an updated Privacy Policy, or notified you by other means, you consent to the revised Privacy Policy.
What personal data does Epiminds process about you and why?
By engaging with Epiminds, you may provide certain information to us. This section describes what personal data we process about you, the purposes for which we process your data, the legal basis for such processing, and the retention periods applicable to your personal data. We collect only what is necessary to deliver our services to you.
In cases where we process your personal data based on a balancing of interests, we have made the assessment that our legitimate interest in the processing outweighs your interests and fundamental rights and freedoms. We have described our legitimate interest in this policy. If you would like to know more about how we conducted the balancing of interests, you can contact us. Our contact details are at the bottom of this policy.
For you who is a customer of Epiminds
What is the purpose of processing the personal data?
What data do we process about you?
To provide our services and fulfill our agreement with you as a customer.
Name, email address, company name and role, user account information, contact or authentication data, billing address, and billing information.
Legal basis: The processing is necessary for the performance of a contract with you as a customer.
Retention period: The data is stored for as long as required to provide the services in accordance with the agreement and as set out in the Agreement.
What is the purpose of processing the personal data?
What data do we process about you?
To collect usage data for service improvement, support, and operations.
Marketing campaign data you choose to upload, content briefs and research requests, platform interactions and feature usage, IP address and browser type, log data for security and performance.
Legal basis: Legitimate interest. Epiminds’ legitimate interest is to develop, improve, support, and operate the services.
Retention period: The data is stored for as long as required for the purposes described.
What is the purpose of processing the personal data?
What data do we process about you?
Accounting purposes.
Name, email address, company name and role, user account information, contact or authentication data, billing address, and billing information.
Legal basis: The processing is necessary to comply with a legal obligation under applicable bookkeeping accounting legislation.
Retention period: The data is deleted seven years after the invoice is issued, or as required by applicable law.
For you who contact our customer support or interact with our social media
What is the purpose of processing the personal data?
What data do we process about you?
To provide customer support and other services.
Name, email address, contact details, and information about your use of our services.
Legal basis: Legitimate interest. Epiminds’ legitimate interest is to provide customer support and other services to customers.
Retention period: The data is deleted no later than 30 days after the customer support matter has been closed, or as long as necessary for the purposes described or as required by law.
For you who receive marketing and other communications from Epiminds
What is the purpose of processing the personal data?
What data do we process about you?
Marketing purposes. To provide customers and potential customers with information about relevant services and offers.
Email address and name.
Legal basis: Legitimate interest. Epiminds’ legitimate interest is to market our services to customers and potential customers. You can opt out of marketing communications at any time.
Retention period: The data is stored until the recipient unsubscribes from marketing communications or as long as necessary for the purposes described.
For you who is a supplier to Epiminds
What is the purpose of processing the personal data?
What data do we process about you?
To fulfill agreements with suppliers.
Name, email address, address, title, telephone number, and where applicable, personal identification number.
Legal basis: The processing is necessary for the performance of a contract with you as a supplier. Personal identification numbers are processed where applicable on the basis that it is clearly justified with regard to the importance of secure identification.
Retention period: The data is stored during the supplier relationship and 12 months after the supplier relationship has ended.
What is the purpose of processing the personal data?
What data do we process about you?
To maintain business relationships with existing suppliers and partners.
Name, email address, address, title, and telephone number.
Legal basis: Legitimate interest. Epiminds’ legitimate interest is to maintain business relationships with existing suppliers and partners.
Retention period: The data is stored during the supplier relationship and 12 months after the supplier relationship has ended.
What is the purpose of processing the personal data?
What data do we process about you?
Accounting purposes.
Name, email address, address, title, and telephone number of contact persons at suppliers.
Legal basis: The processing is necessary to fulfill a legal obligation under applicable bookkeeping and accounting legislation.
Retention period: The data is deleted seven years after the invoice is issued, or as required by applicable law.
For you who apply for employment with Epiminds
What is the purpose of processing the personal data?
What data do we process about you?
Recruitment.
Name, contact details, CV, and cover letter.
Legal basis: Legitimate interest. Epiminds’ legitimate interest is to administer recruitment of employees.
Retention period: The data is stored until the position is filled, or as agreed with the candidate.
What is the purpose of processing the personal data?
What data do we process about you?
Retention of applications for a longer period for future recruitment processes.
Name, contact details, CV, and cover letter.
Legal basis: Consent.
Retention period: The data is stored for a maximum of two years or until consent is withdrawn.
What is the purpose of processing the personal data?
What data do we process about you?
To comply with rules on providing information about qualifications under applicable anti-discrimination legislation.
Name, contact details, CV, and cover letter.
Legal basis: The processing is necessary to fulfill a legal obligation under applicable anti-discrimination legislation.
Retention period: The data is stored for two years from when the position is filled.
Who can access your personal data?
We at Epiminds will process your personal data. When a third party, such as our IT and system providers, processes your information on our behalf, we have entered into a data processing agreement with them. This means that they are obliged to process the information securely, correctly, and with confidentiality.
Our data processors are:
Stripe (payment processing)
Cloud computing and hosting providers
AI platforms (including Anthropic, Google Cloud AI, OpenAI, and Perplexity)
Data analytics providers, and data storage providers.
We also transfer your personal data to recipients who are not data processors. The recipients are independent data controllers for their processing. Such recipients include, for example, authorities if such disclosure is prescribed by law, banks, and payment service providers, and business partners in connection with mergers, acquisitions, or other business transfers.
Are your personal data transferred to countries outside the EU or EEA (third countries)?
We and our suppliers/partners process your personal data within the EU/EEA and, to some extent, outside the EU/EEA. The technical and organizational measures that we use to safeguard personal data outside the EU/EEA are available at your request.
How do we protect your personal data?
We implement comprehensive technical security measures including EU-based encrypted storage (both in transit and at rest), row-level security for database separation, agent sandboxing where each agent is scoped per client, and role-based access control. Our organizational security framework follows SOC2-level principles and includes logged and monitored team access, need-to-know access restrictions, and regular security audits. We maintain strict client isolation across all layers to ensure cross-client protection. Agents never access other workspaces, which is technically prevented via row-level security and agent sandboxing.
For further information, please see our Data Handling Documentation.
What rules apply to how long your personal data is stored?
Information about how long Epiminds stores data relating to you specifically in different situations can be found in Section 2 above. We never process your personal data for longer than is permitted under applicable law, regulation, practice, or authority decision. We automatically delete unused data after 12 months of inactivity unless otherwise agreed. Personal data that we process in order to fulfill our agreement with you is processed as a starting point for the time necessary for us to fulfill the agreement with you. To comply with legal requirements, because you have given your consent to it, or because we have the right to do so according to a balancing of interests, we may, however, store your personal data for a longer period.
Your rights
The following describes your rights regarding our processing of your personal data. To exercise your rights, you are welcome to contact us (see contact details below).
Right to withdraw your consent
You can at any time withdraw all or part of the consent you have given, with effect from the withdrawal.
Right to object to processing
You can object to your data being processed for direct marketing. We will then cease to process your data for such purposes. You also have the right to object to your data being processed based on a balancing of interests. If we cannot demonstrate that there are compelling legitimate reasons to continue processing the data, we must cease processing.
Right of access
You have the right to request information about what personal data we process about you and how the data is processed (a so-called register extract). You also have the right to request a copy of the personal data processed by us.
Right to rectification
You have the right to have incorrect data corrected without undue delay and to ask us to complete incomplete data by providing us with correct data.
Right to erasure (right to be forgotten) and restriction
You have the right at any time to request erasure of your personal data, for example if the processing is no longer relevant in relation to the purpose for which the data was collected or if you withdraw your consent.
You can also request that certain processing of your data be restricted, for example if you object to the accuracy of the data.
Right to data portability
If you have given your consent or if we base the processing on an agreement with you, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transfer this data to another data controller or to receive our help in transferring the data to another data controller when this is technically possible.
Right to lodge a complaint
If you have any complaints regarding our processing of your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten) (http://www.imy.se) or the supervisory authority in your jurisdiction.
Cookies
We use cookies and similar technologies (e.g., pixels, web beacons, tags) to operate, secure, and improve the Services, remember preferences, and perform analytics. We may permit certain third parties to use these technologies for analytics and advertising purposes. Where required by law, you can opt out or adjust preferences through your browser/device settings or by contacting us at support@epiminds.com. For more detailed information about our use of cookies, please see our separate cookie notice available on www.epiminds.com.
Contact us
If you wish to exercise your rights as set out above or wish to contact us regarding our personal data processing, you can do so by contacting us by email at data@epiminds.com.
Contact information:
Epiminds AB
Franstorpsvägen 27
172 66 Stockholm
Sweden
This Privacy Policy was last updated on 2026-01-28.
Introduction
What personal data does Epiminds process about you and why?
For you who is a customer of Epiminds
What is the purpose of processing the personal data? | What data do we process about you? |
To provide our services and fulfill our agreement with you as a customer. | Name, email address, company name and role, user account information, contact or authentication data, billing address, and billing information. |
Legal basis: The processing is necessary for the performance of a contract with you as a customer. | |
Retention period: The data is stored for as long as required to provide the services in accordance with the agreement and as set out in the Agreement. | |
What is the purpose of processing the personal data? | What data do we process about you? |
To collect usage data for service improvement, support, and operations. | Marketing campaign data you choose to upload, content briefs and research requests, platform interactions and feature usage, IP address and browser type, log data for security and performance. |
Legal basis: Legitimate interest. Epiminds’ legitimate interest is to develop, improve, support, and operate the services. | |
Retention period: The data is stored for as long as required for the purposes described. | |
What is the purpose of processing the personal data? | What data do we process about you? |
Accounting purposes. | Name, email address, company name and role, user account information, contact or authentication data, billing address, and billing information. |
Legal basis: The processing is necessary to comply with a legal obligation under applicable bookkeeping accounting legislation. | |
Retention period: The data is deleted seven years after the invoice is issued, or as required by applicable law. | |
For you who contact our customer support or interact with our social media
What is the purpose of processing the personal data? | What data do we process about you? |
To provide customer support and other services. | Name, email address, contact details, and information about your use of our services. |
Legal basis: Legitimate interest. Epiminds’ legitimate interest is to provide customer support and other services to customers. | |
Retention period: The data is deleted no later than 30 days after the customer support matter has been closed, or as long as necessary for the purposes described or as required by law. | |
For you who receive marketing and other communications from Epiminds
What is the purpose of processing the personal data? | What data do we process about you? |
Marketing purposes. To provide customers and potential customers with information about relevant services and offers. | Email address and name. |
Legal basis: Legitimate interest. Epiminds’ legitimate interest is to market our services to customers and potential customers. You can opt out of marketing communications at any time. | |
Retention period: The data is stored until the recipient unsubscribes from marketing communications or as long as necessary for the purposes described. | |
For you who is a supplier to Epiminds
What is the purpose of processing the personal data? | What data do we process about you? |
To fulfill agreements with suppliers. | Name, email address, address, title, telephone number, and where applicable, personal identification number. |
Legal basis: The processing is necessary for the performance of a contract with you as a supplier. Personal identification numbers are processed where applicable on the basis that it is clearly justified with regard to the importance of secure identification. | |
Retention period: The data is stored during the supplier relationship and 12 months after the supplier relationship has ended. | |
What is the purpose of processing the personal data? | What data do we process about you? |
To maintain business relationships with existing suppliers and partners. | Name, email address, address, title, and telephone number. |
Legal basis: Legitimate interest. Epiminds’ legitimate interest is to maintain business relationships with existing suppliers and partners. | |
Retention period: The data is stored during the supplier relationship and 12 months after the supplier relationship has ended. | |
What is the purpose of processing the personal data? | What data do we process about you? |
Accounting purposes. | Name, email address, address, title, and telephone number of contact persons at suppliers. |
Legal basis: The processing is necessary to fulfill a legal obligation under applicable bookkeeping and accounting legislation. | |
Retention period: The data is deleted seven years after the invoice is issued, or as required by applicable law. | |
For you who apply for employment with Epiminds
What is the purpose of processing the personal data? | What data do we process about you? |
Recruitment. | Name, contact details, CV, and cover letter. |
Legal basis: Legitimate interest. Epiminds’ legitimate interest is to administer recruitment of employees. | |
Retention period: The data is stored until the position is filled, or as agreed with the candidate. | |
What is the purpose of processing the personal data? | What data do we process about you? |
Retention of applications for a longer period for future recruitment processes. | Name, contact details, CV, and cover letter. |
Legal basis: Consent. | |
Retention period: The data is stored for a maximum of two years or until consent is withdrawn. | |
What is the purpose of processing the personal data? | What data do we process about you? |
To comply with rules on providing information about qualifications under applicable anti-discrimination legislation. | Name, contact details, CV, and cover letter. |
Legal basis: The processing is necessary to fulfill a legal obligation under applicable anti-discrimination legislation. | |
Retention period: The data is stored for two years from when the position is filled. | |
Who can access your personal data?
Stripe (payment processing)
Cloud computing and hosting providers
AI platforms (including Anthropic, Google Cloud AI, OpenAI, and Perplexity)
Data analytics providers, and data storage providers.
Are your personal data transferred to countries outside the EU or EEA (third countries)?
How do we protect your personal data?
What rules apply to how long your personal data is stored?
Your rights
Cookies
Contact us
Privacy
Terms