Privacy Policy

Effective Date: August 27, 2025

Controller

Kasper Frödin Persson (trading as NorrexIT)
Enbäcksvägen 12a
norrexit@gmail.com

Scope & Role

This policy covers the PII Guardian website and evaluation demo. For this scope, the controller is the entity above. The product itself is designed for self-hosting by buyers.

What we collect

  • Website logs (IP address, user-agent) to operate and secure the site.
  • Demo inputs (text/files) that you choose to submit during evaluation. Please use synthetic or obfuscated data in the demo.
  • Analytics: none.
  • Contact forms: none on this site.

Purposes & lawful bases (GDPR)

  • Site operation & security legitimate interests.
  • Responding to inquiries / buyer diligence legitimate interests.
  • Demo evaluation processing legitimate interests to provide the evaluation experience.
  • Analytics — not used.

Recipients / processors

We use reputable service providers to host and operate infrastructure:

  • DigitalOcean — frontend hosting (Region: London)
  • Google Cloud — backend hosting, container registry, secret management (Regions: europe-north1, europe-west1)
  • Neon — database (Region: AWS Europe West 2, London)
  • Cloudflare R2 — object storage (Region: Eastern Europe, EEUR)
  • Upstash — cache & message broker (Region: eu-west-2)

International transfers

Where we transfer personal data outside the EEA/UK, we rely on the EU Standard Contractual Clauses (SCCs) and implement appropriate safeguards.

Retention

  • Website logs: 30 days for security and abuse monitoring.
  • Demo inputs: content is not stored; usage metadata is retained as part of logs (see above).
  • Contact forms: not collected on this site.

Your rights

You can request access, rectification, deletion, restriction, portability, or object to processing. Contact norrexit@gmail.com. You may also lodge a complaint with Integritetsskyddsmyndigheten (IMY): https://www.imy.se/.

Security

We implement technical and organizational measures appropriate to risk. See our Security page for more detail.

Cookies

We do not use analytics or marketing cookies on this site.

Children

This site is not directed to children; we do not knowingly collect minors’ data.

Changes

We may update this policy from time to time. We will indicate the effective date at the top of the page.