Paxaden is operated by Jane Doe Communication AB (org. no. 556663-5321), which is the Data Controller responsible for your personal data in Paxaden. We comply with the EU General Data Protection Regulation (GDPR) and applicable data protection laws to safeguard your privacy. This policy describes what we process, for what purposes, on which legal bases, how long we keep it, how we share it, and your rights.
We collect various types of information to provide and improve our services. This information is obtained from your input, your use of our services, and cookies or similar technologies:
We process your personal data only when we have a valid legal basis and for clearly defined purposes under GDPR Article 6. The main purposes and their legal bases are:
Paxaden may send service‑related messages such as booking confirmations, reminders, cancellation and change notices via email and SMS. These messages are necessary for carrying out bookings and are considered part of the contracted service. They therefore do not require separate marketing consent.
Messages are sent to the contact details that you or your customers provide when making a booking. Where available, you can control certain types of notifications in your settings.
Retention: transactional SMS (including delivery logs, sender/recipient details and metadata) are stored for a maximum of 30 days for security, troubleshooting and audit purposes before being deleted automatically.
We engage trusted third-party service providers to assist in operating our services, including Supabase for database management, Stripe for payment processing, and hosting providers. These processors only access the data necessary to perform their functions and are bound by data protection agreements that comply with GDPR requirements, including Standard Contractual Clauses (SCCs) where applicable.
We do not sell your personal data to any third parties.
Your personal data is stored within the European Union or in countries that provide an adequate level of data protection as recognized by the European Commission. Where data is transferred outside these areas, appropriate safeguards are in place to protect your information. Where data is transferred outside the EU/EEA, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and apply supplementary technical and organizational measures.
Retention: Transactional SMS messages (including logs of delivery, sender, recipient, and message metadata) are stored for a maximum of 30 days for security, troubleshooting and audit purposes. After this period, they are automatically deleted.
We implement appropriate technical and organizational measures, including encryption and access controls, to protect your personal data against unauthorized access, alteration, disclosure, or destruction. You are also responsible for maintaining the confidentiality of your account credentials and promptly notifying us of any unauthorized use.
You also have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (IMY), or you may contact your local EU/EEA authority.
To exercise any of these rights, please contact us at info@paxaden.se.
Want to remove your account and all of your data? Please see our data removal page.
All personal data is hosted within the EU/EEA. Our primary database runs on Supabase in Sweden, SMS traffic is delivered by EU-based providers (currently ProSMS) and payments are processed by Stripe’s EU infrastructure. If we ever transfer data outside the EU we rely on Standard Contractual Clauses and equivalent safeguards.
Each processor may only access the data needed to provide their service and is bound by data‑processing agreements.
When the legal basis expires (for example if you delete your account) we delete or anonymise the data as soon as possible while observing statutory retention obligations.
We only use the cookies that are necessary to deliver the Service and—if you consent—analytical and functional cookies. For detailed information about the cookies we use and how to manage them, please refer to our separate Cookie Policy.
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We encourage you to review this page regularly. The date of the latest update is indicated below.