Privacy Policy

Deus Labs Stockholm AB · Effective 6 April 2026

1. Data Controller

Deus Labs Stockholm AB, Stockholm, Sweden. Contact: privacy@timelaw.io.

2. Data We Collect

Account data: Email, name (via Google OAuth), auth provider, sign-in timestamps.

Profile data: NACE industry codes, company name/registration number (if used), country.

Usage data: Pages visited, search queries, acts viewed/saved, session timestamps, device/browser type.

Technical data: IP address (security only, not stored long-term), auth session tokens.

We do not collect payment card details.

3. Legal Basis

DataLegal basis
Account & authenticationContract performance (Art. 6(1)(b) GDPR)
PersonalisationContract performance / consent
Analytics & improvementLegitimate interest (Art. 6(1)(f))
Marketing emailsExplicit consent (Art. 6(1)(a))
SecurityLegitimate interest

4. How We Use Your Data

Service delivery: Authenticate, personalise your feed, display relevant EU acts.

Company lookup: Query national registries on your behalf. We don't store registry data beyond your session unless you save it.

Email: Magic links, account confirmations, service updates. No marketing without consent.

Security: Detect abuse and protect service integrity.

5. Third-Party Processors

ProcessorPurposeLocation
SupabaseDatabase & authEU (Frankfurt)
Google OAuthSign-inEU/US
ResendEmail deliveryEU/US
VercelWeb hostingEU/US
RailwayBackend servicesEU/US

Where processors operate outside the EU/EEA, we rely on Standard Contractual Clauses.

6. Data Retention

Account data: Until deletion + 30 days for backup clearance.

Usage logs: 12 months, then anonymised or deleted.

Deleted accounts: Purged within 30 days.

7. Your Rights

Under GDPR you can: access, rectify, erase, port, restrict, or object to your data processing, and withdraw consent anytime. Email privacy@timelaw.io — we respond within 30 days.

You may also complain to your national authority. In Sweden: Integritetsskyddsmyndigheten (IMY) at imy.se.

8. Cookies

NamePurposeDuration
Auth sessionKeeps you signed inSession
PreferencesIndustry settingsPersistent (local storage)

No advertising or cross-site tracking cookies.

9. Security

HTTPS/TLS throughout, Supabase row-level security, limited production access, regular processor security review. Report issues: security@timelaw.io.

10. Changes

Material changes notified 14 days in advance. Current version always at timelaw.io/privacy.

11. Contact

Deus Labs Stockholm AB · privacy@timelaw.io · Stockholm, Sweden

Last updated: 6 April 2026