Privacy Policy
Last Updated: Sep 15, 2025
Version Lens Sweden AB (“Version Lens”, “Nalvin”, “we”, “our”, “us”) respects your privacy and is committed to protecting any personal data we hold about you. This Privacy Policy (“Policy”) explains how we collect, use, store, and share personal data whenever you access or use Nalvin products, services, features, or technologies, including our website (the “Site”), platform, integrations, and plug-ins (together, the “Services”).
By using our Services, you acknowledge and accept this Policy. If you have any questions, please contact us at dpo@versionlens.com.
1. Roles and Responsibility
Nalvin is designed for companies and other organizations (“Subscribers”). Our Subscriber Agreements (defined under Terms of Service) govern the delivery and use of the Services.
This Privacy Policy applies when Version Lens acts as a data controller, determining how and why personal data is processed. This typically includes account management, communication, analytics, and compliance activities.
When Subscribers input, upload, or exchange data through the Services (“Content”), we act as a data processor and process such Content solely on behalf of the Subscriber in accordance with the relevant Subscriber Agreement. For any rights requests related to Content, please contact the Subscriber directly.
This Policy applies only to nalvin.com, app.nalvin.com, and other official subdomains we operate. It does not apply to third-party websites accessible through links from Nalvin.
2. What Information We Collect
2.1 Information You Provide to Us
We collect personal data you provide when creating an account, interacting with our Services, or communicating with us:
User account information: Name, company email, role, language preferences, account credentials.
Billing information: Payment method details, billing contact details (if applicable).
Communication information: Customer support inquiries, emails, chats, or calls. We may retain correspondence to improve service quality.
Survey & feedback information: Data from satisfaction surveys, reviews, or testimonials (with your consent).
Social media information: Data you voluntarily provide through interactions with Nalvin on platforms such as LinkedIn or YouTube.
2.2 Information We Automatically Collect
When you use our Services, we automatically collect certain technical and usage data:
Log data: IP address, browser type, date and time of requests, interaction details.
Device information: Device identifiers, operating system, browser settings, referral URLs.
Usage data: Features used, actions taken, time spent in the Services, time zone, location, and integrations accessed.
Cookies and similar technologies: We use cookies for authentication, functionality, analytics, and performance optimization. See Section 2.4 for more details.
2.3 Information from Third Parties
We may receive information about you from:
Subscribers (your employer or organization).
Integration partners (e.g., Jira, Slack, Hubspot).
Service providers (e.g., payment processors, analytics vendors).
Event organizers or marketing partners where you interact with Nalvin.
2.4 Cookies and Tracking Technologies
We use cookies and similar tools to enhance your experience. These include:
Essential cookies: For login and secure access.
Performance & analytics cookies: To analyze traffic and improve usability.
Functional cookies: To remember language, region, and preferences.
You may disable cookies in your browser settings, but some features may not work properly.
2.5 Aggregated and Anonymized Information
We may aggregate usage patterns and statistics for product improvement, provided that such data cannot be used to identify individuals.
3. How We Use Your Personal Data
We process personal data for the following purposes:
To provide, operate, and maintain the Services.
To authenticate users and manage accounts.
To provide customer support and respond to inquiries.
To analyze usage and improve product performance.
To prevent fraud, misuse, or unauthorized access.
To comply with legal obligations.
To communicate service updates, administrative notices, and—where permitted—marketing information.
Important: We do not use customer data to train AI models, nor do we allow third parties to use it for model training. Data is processed only to serve each Subscriber’s account.
3.1 Purposes of Processing
Purpose | Types of Personal Data | Legal Basis | Data Retention |
|---|---|---|---|
To provide and operate the Services (account creation, authentication, access, platform functionality). | From you/your employer: User account information, communication information. From other sources: Usage data, device information. | Contractual necessity (Art. 6(1)(b) GDPR). | For the duration of the Subscription Agreement. |
To provide customer support and respond to inquiries (emails, support chats, troubleshooting). | Communication information, account information. | Contractual necessity (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR) in assisting users. | For as long as necessary to resolve the inquiry, then archived for up to 12 months. |
To improve the Services and analyze product usage (feature adoption, performance, product development). | Usage data, device information, log data. | Legitimate interest (Art. 6(1)(f) GDPR) in product improvement and customer experience. | For as long as you are using the Services. Aggregate/anonymized data may be stored indefinitely. |
To manage billing and payments. | Billing information, account data. | Contractual necessity (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR). | Retained for legally required bookkeeping periods (generally 7 years under Swedish law). |
To maintain security and prevent misuse (fraud detection, abuse prevention, access monitoring). | User account data, log data, device information. | Legitimate interest (Art. 6(1)(f) GDPR) in protecting accounts, Subscribers, and Nalvin systems. | For as long as you are using the Services, then deleted or anonymized. |
To perform surveys, request feedback, or publish testimonials. | Survey information, communication data, testimonial/review data. | Legitimate interest (Art. 6(1)(f) GDPR) in collecting feedback. Consent (Art. 6(1)(a) GDPR) for publishing testimonials. | Until feedback is anonymized or you withdraw consent. |
To provide service-related communications (security updates, service notices). | User account data, communication information. | Legitimate interest (Art. 6(1)(f) GDPR) in keeping users informed. | For as long as you are a user of the Services. |
To send marketing communications (if permitted by law). | Communication data, social media information. | Consent (Art. 6(1)(a) GDPR). | Until you withdraw consent or opt-out. |
To comply with legal obligations (audits, law enforcement requests, tax rules). | All categories of personal data as required by law. | Legal obligation (Art. 6(1)(c) GDPR). | Retained as required under applicable law. |
To protect our legal rights and resolve disputes. | All categories, including additional data relevant in a dispute. | Legitimate interest (Art. 6(1)(f) GDPR) in defending rights and claims. | For the duration of the dispute and applicable statutory limitation periods. |
3.2 Retention Principles
Data is only kept for as long as necessary for the purposes described above.
Where data must be retained by law (e.g., billing records), it will be kept only for the legally mandated period.
Backup copies may persist temporarily before secure deletion.
When possible, we anonymize or aggregate personal data to reduce risks.
4. Sharing and Disclosure
We may share personal data with:
Affiliates: Within Version Lens corporate structure.
Service providers & subprocessors: For hosting, cloud infrastructure, integrations, analytics, and support. The current list is available at nalvin.com/sub-processors.
Integration partners: If you choose to connect Nalvin with third-party tools.
Legal authorities: Where required to comply with legal obligations or protect rights and security.
Business transfers: In connection with mergers, acquisitions, or restructuring.
We never sell personal data.
5. International Data Transfers
Most data is processed within the EU/EEA. When transfers occur outside the EU/EEA, we apply safeguards such as:
Standard Contractual Clauses (SCCs).
Adequacy decisions by the European Commission.
Additional safeguards (technical and organizational measures) where needed.
6. Your Rights
Under GDPR, CCPA, and other applicable laws, you may have the following rights:
Right to access: Request a copy of your data.
Right to rectification: Correct inaccurate data.
Right to deletion (“erasure”): Request deletion of your data.
Right to restriction: Request limited processing in certain circumstances.
Right to portability: Receive your data in a portable format.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: For processing based on consent (e.g., marketing).
Right to lodge a complaint: With your supervisory authority (e.g., IMY in Sweden).
We may need to verify your identity before processing requests. Contact dpo@versionlens.com to exercise these rights.
7. Security
We implement appropriate technical and organizational measures, including:
Encryption at rest and in transit.
Role-based access controls.
Audit logs and monitoring.
Regular vulnerability assessments.
Incident response procedures.
8. Data Retention
Data is retained only as long as required to fulfill contractual obligations, comply with legal requirements, or resolve disputes.
After account termination, data is deleted in accordance with GDPR and CCPA.
Customers may request earlier deletion.
Backup data may persist for a limited time before secure erasure.
9. Updates to this Policy
We may update this Policy from time to time. Updates will be posted on our website and, where required, communicated to users. By continuing to use our Services, you consent to the revised Policy.
10. Contact Us
For privacy-related inquiries or rights requests, please contact:
Data Protection Officer
Fredrik Stockman
Email: dpo@versionlens.com
Version Lens Sweden AB
Sveavägen 35, 111 34, Stockholm, Sweden