GDPR & data protection — simply explained.

OffertEase is built from day one to comply with GDPR. This page explains what that means in practice for you.

Data in the EU

All data is stored in Supabase Stockholm (eu-north-1) and never leaves the EU/EEA.

Encryption

TLS 1.3 in transit, AES-256 at rest. Passwords are hashed with bcrypt via Supabase Auth.

Your rights

Access, correction, deletion and portability — all available directly in the app.

No third-party trackers

We do not run advertising cookies or trackers. Only what is required for the service to work.

Your rights under GDPR

Right of access: request an export of everything we hold about you (Article 15).
Right to rectification: update incorrect information directly in settings (Article 16).
Right to erasure: delete your account completely. Accounting documents are anonymized but retained for 7 years under bookkeeping law (Article 17).
Right to data portability: export all your data as JSON/CSV (Article 20).
Right to object: object to specific processing (Article 21).

You exercise your rights by emailing contact@offertease.com. We respond within 30 days.

Data controller and processors

OffertEase AB is the data controller. We use the following processors (sub-processors), all of whom have signed a DPA (Data Processing Agreement):

Supabase — database and authentication (EU, eu-north-1)
Vercel — application hosting (EU region selected)
Resend — transactional email
Stripe — payment processing (independent controller)

Data Protection Officer (DPO)

Our DPO can be reached at dpo@offertease.com.

Supervisory authority

You always have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) if you believe we handle your personal data incorrectly.

More information

For the full description of our processing, see our Privacy policy.