Legal

Last updated: June 5, 2026

Privacy Policy

Symbioen is committed to protecting your personal data. This policy explains what we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and applicable Swedish law.

1. Who we are

Symbioen is an independent EV charging reliability and benchmarking platform operating in Sweden and Norway. For questions about this policy, contact us at hello@symbioen.com.

2. Data we collect

We collect the following categories of personal data:

  • Account data — email address and password when you create an account or sign in with a social provider.
  • Monitoring preferences — the stations and operators you choose to monitor, and your notification settings.
  • Usage data — pages visited, features used, and interaction events collected via analytics tools.
  • Communications — messages you send us through the contact form.

We do not collect sensitive personal data (health, financial, or biometric data).

3. How we use your data

We use your data to:

  • Provide, maintain, and improve the Symbioen platform.
  • Send weekly monitoring updates and reports you have subscribed to.
  • Respond to inquiries and support requests.
  • Understand how the platform is used and improve the user experience.
  • Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal effects.

4. Legal basis for processing

We process your data on the following legal grounds under GDPR Article 6:

  • Contract — processing necessary to provide the service you signed up for.
  • Legitimate interests — analytics and platform improvement, provided these do not override your rights.
  • Consent — for optional communications and marketing emails, which you can withdraw at any time.
  • Legal obligation — where required by applicable law.

5. Data retention

We retain your account data for as long as your account is active. Monitoring subscriptions and associated data are deleted within 30 days of unsubscribing. Contact form submissions are retained for up to 12 months. You may request deletion of your data at any time (see Section 7).

6. Third-party services

We use the following sub-processors:

  • Supabase — authentication and database storage (EU region).
  • Vercel — hosting and edge infrastructure.
  • Resend — transactional email delivery.

All sub-processors are contractually bound to process data only on our instructions and in compliance with GDPR.

7. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure ("right to be forgotten") of your data.
  • Restriction of processing in certain circumstances.
  • Data portability in a structured, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time without affecting prior processing.

To exercise any of these rights, email us at hello@symbioen.com. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.

8. Cookies

We use technically necessary cookies for authentication and session management. We may use analytics cookies to understand platform usage. You can disable non-essential cookies in your browser settings at any time.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or by a prominent notice on the platform. The date at the top of this page reflects the most recent revision.