Privacy Policy
This Privacy Policy explains how Abioflow (CVR no. 46236017) ("Abioflow", "we", "us", "our") processes personal data in connection with our services.
1. Data Controller
Abioflow
CVR no. 46236017
Enghavevej 4, 3200
Denmark
Email: abioflow@support.com
Abioflow is the data controller for personal data described in this Policy.
2. Personal Data We Collect
We may collect and process the following categories of personal data:
a) Account Information
- Name
- Email address
- Account credentials
- Profile settings
b) Subscription & Payment Information
- Subscription plan
- Billing status
- Transaction metadata
- Payment confirmation details
Payments are processed by Stripe Payments Europe Ltd or other payment providers. We do not store full card numbers.
c) Service Content
- Flashcards, notes, and other study content you create
- User preferences
- Activity logs and feature usage
d) Technical & Device Information
- IP address
- Browser type
- Operating system
- Device identifiers
- Diagnostic data
e) Support Communications
- Information provided when contacting support
3. Legal Basis for Processing (GDPR Art. 6)
We process personal data based on:
- Performance of a contract (Art. 6(1)(b)) - to provide and manage the subscription service.
- Legal obligation (Art. 6(1)(c)) - accounting, bookkeeping, and regulatory compliance.
- Legitimate interests (Art. 6(1)(f)) - service security, fraud prevention, analytics, product improvement.
- Consent (Art. 6(1)(a)) - where required (e.g., optional marketing communications).
Where processing is based on legitimate interests, we ensure that such interests are not overridden by your fundamental rights and freedoms.
4. How We Use Personal Data
We use personal data to:
- Provide and operate the service
- Create and manage accounts
- Process payments, renewals, and cancellations
- Maintain platform security and prevent abuse
- Improve features and performance
- Respond to support inquiries
- Comply with legal obligations
5. Disclosure of Personal Data
We may share personal data with:
- Payment providers (e.g., Stripe Payments Europe Ltd)
- Hosting and infrastructure providers
- Analytics and monitoring providers
- Professional advisers (legal, accounting)
- Authorities where required by law
We disclose only what is necessary for the specific purpose.
6. International Transfers
If personal data is transferred outside the EU/EEA (for example to US-based providers), we rely on appropriate safeguards such as:
- Standard Contractual Clauses (SCCs)
- EU-US Data Privacy Framework (where applicable)
- Other legally recognized transfer mechanisms
7. Data Retention
We retain personal data only as long as necessary for:
- Providing the service
- Legal, accounting, and compliance obligations
- Dispute resolution and enforcement of agreements
When no longer required, data is securely deleted or anonymized.
8. Security Measures
We implement appropriate technical and organizational measures, including:
- Encryption in transit (TLS/HTTPS)
- Access controls and role-based permissions
- Monitoring and logging
- Contractual safeguards with processors
No system is completely secure, but we apply reasonable industry-standard protections.
9. Cookies and Tracking
We use cookies and similar technologies to:
- Operate the service
- Maintain login sessions
- Analyze performance and usage
Further details are available in our Cookie Policy.
10. Your Rights
Under GDPR, you may have the right to:
- Access your data
- Rectify inaccurate data
- Request deletion
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent at any time
To exercise your rights, contact: abioflow@support.com
You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet) or your local EU supervisory authority.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the service or other appropriate channels.