Integritetspolicy

Senast uppdaterad: 29 mars 2026 — Version 1.0

Data Controller

Minion AB, Stockholm, Sweden. Contact: privacy@minion.se

Data We Collect

Swedish personal number (personnummer), first name, last name, email address (optional), phone number (optional), delegation history, BankID signature data, device tokens for push notifications, usage logs.

Legal Basis

Art. 6(1)(b) — contract performance (delegation management); Art. 6(1)(c) — legal obligation (7-year document archiving per Swedish law); Art. 6(1)(a) — consent (marketing communications).

Retention Periods

Account data: retained for the duration of the account plus 30 days after deletion. Delegation documents (signed PDF/A): 7 years as required by Swedish law. After retention, documents are anonymised. Usage logs: 90 days.

Third-Party Processors

Finansiell ID-teknik BID AB (BankID authentication and signing); Microsoft Azure (data storage and hosting, EU region); Google Firebase (push notifications).

Your Rights

Access: export your data via Profile → Export Data. Rectification: update via Profile page. Erasure: request via Profile → Delete Account (legal archive documents are anonymised, not deleted). Portability: data export in JSON format. Objection: contact privacy@minion.se.

Cookies

We use only a session cookie for authentication and a single localStorage entry for cookie consent preference. No tracking, analytics, or advertising cookies are used.

Security

Personal numbers are encrypted at rest using AES-256. All data is transmitted using TLS 1.3. Data is stored in Microsoft Azure Sweden Central region.

Contact

For data protection enquiries: privacy@minion.se. Response within 30 days as required by GDPR Art. 12.