Legal
Privacy policy
Last updated: 20 May 2026
1. Overview
Raptix AB ("we", "us", "Raptix") operates the website raptix.se and the software Reveal (reveal.raptix.se). This privacy policy explains what information we collect when you use our services, why we collect it, who it's shared with, and what rights you have.
We comply with the EU General Data Protection Regulation (GDPR) and corresponding Swedish data protection law.
2. Data controller
Raptix AB
Company registration number: 559513-6846
Registered address: Soldatvägen 89, 423 49 Torslanda, Sweden
Email for data requests: hello@raptix.se
3. What information we collect
3.1 raptix.se (this website)
raptix.se is a static informational site. We use no cookies, no tracking pixels and no analytics platform. The only information that passes through us:
- Standard server logs from our host (Netlify): IP address, browser type, timestamp, page visited. Retained per Netlify's policy (typically 30 days) and used for security and troubleshooting.
- Email you voluntarily send us via mailto links. We retain these in our inbox per our normal email retention policy.
3.2 reveal.raptix.se (the Reveal app)
When you create an account and use Reveal, we collect:
- Account information: email address, name, organisation name and your role.
- Tenant information: store names, locations, which Alta cameras and sensors are connected.
- Avigilon Alta connection credentials: API URL, username and password — encrypted at rest.
- Sensor and counter data: visitor counts, queue times, temperatures and occupancy. This data is anonymous and contains no personal information about your store visitors.
- Payment information: handled directly by Stripe. We only store the customer ID, subscription ID and invoice history — no card details.
- Service usage: which pages you visit and which features you use, for support and product improvement.
4. Why we collect it (legal basis)
- Performance of a contract (GDPR art. 6.1.b): account information and service data required to deliver Reveal.
- Legitimate interest (GDPR art. 6.1.f): security logs, troubleshooting, customer support and product improvement.
- Legal obligation (GDPR art. 6.1.c): invoice data retained per Swedish bookkeeping law (7 years).
- Consent (GDPR art. 6.1.a): when we specifically ask for it, e.g. marketing emails.
5. Who we share data with (sub-processors)
We use the following sub-processors to run the service:
| Service | What they do | Region |
|---|---|---|
| Supabase | Database, authentication, edge functions | EU (Frankfurt) |
| Stripe | Payments and billing | USA + global |
| Netlify | Hosting for the website and the app | USA + global CDN |
| Resend | Transactional email (login links, reports, invoices) | USA + global |
| SMHI | Weather data (no personal data shared) | Sweden |
We never share your data with third-party advertisers or with Avigilon Alta beyond the connection you've configured yourself.
6. International transfers
Stripe, Netlify and Resend have infrastructure outside the EU. All three apply Standard Contractual Clauses (SCCs) per GDPR Chapter V, and Stripe and Netlify are also certified under the EU-US Data Privacy Framework.
7. How long we keep data
- Active account: as long as the subscription is active.
- After subscription ends: 90 days, then everything is deleted except what's legally required.
- Invoice data: 7 years (Swedish bookkeeping law).
- HACCP temperature logs: at least 3 years (industry standard for traceability).
- Server logs: 30 days.
- Support email: 2 years.
8. Cookies and similar technologies
raptix.se — this website — uses no cookies or tracking technologies.
reveal.raptix.se (the app) uses the following strictly necessary cookies:
- Supabase authentication — required to keep you signed in.
- Stripe checkout cookies — required during the payment process.
No marketing or analytics cookies are used.
9. Your rights
Under GDPR you have the right to:
- Know what information we hold about you (access)
- Have incorrect information corrected (rectification)
- Have your data deleted (erasure, the "right to be forgotten")
- Receive a copy of your data in a portable format (data portability)
- Object to our processing (objection)
- Withdraw consent (when processing is based on consent)
Send requests to hello@raptix.se and we'll respond within 30 days.
10. Complaints to the supervisory authority
If you believe we're handling your personal data incorrectly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY):
- Website: imy.se
- Email: imy@imy.se
- Phone: +46 8 657 61 00
If you're outside Sweden, you may also contact your local data protection authority.
11. Security
- All data encrypted in transit (TLS 1.3)
- All data encrypted at rest (Supabase standard)
- Avigilon Alta credentials encrypted with a separate key
- Role-based access — only people who need the data have access
- Security incidents reported per GDPR art. 33 within 72 hours
12. Changes to this policy
We update this policy as the service evolves. Material changes are communicated by email or in the app. The "last updated" date is at the top.
13. Contact us
For questions about this policy or your personal data:
hello@raptix.se
Raptix AB