OffertEase
← Back to OffertEase

Privacy policy

Last updated: April 2025

1. Data controller

OffertEase (hereinafter "we", "us" or "the service") is the data controller for the processing of your personal data.

Contact: contact@offertease.com

2. What data we collect

  • Account data: email address, company name, organisation number, address, bank account/IBAN.
  • Customer data: name, email address and address of your customers that you register in the service.
  • Documents: quotes and invoices you create, including amounts and descriptions.
  • Technical data: IP address and timestamps at login and API calls (for security and error tracking).

3. How we use the data

  • Provide and improve the service.
  • Send transactional emails (quote links, invoices, payment reminders) on your behalf.
  • Manage your subscription and payment via Stripe.
  • Fulfil accounting law requirements to retain invoice information.

4. Legal basis

  • Contract: processing required to deliver the service you subscribe to.
  • Legal obligation: invoices and accounting documentation (Bookkeeping Act, 7 years).
  • Legitimate interest: security, error tracking and abuse prevention.

5. Storage and transfers

All data is stored in Supabase (PostgreSQL) in the EU region eu-north-1 (Stockholm) and never leaves the EU/EEA. We use the following sub-processors:

  • Supabasedatabase and authentication (EU)
  • Vercelapplication hosting (EU region selected)
  • Resendtransactional email
  • Stripepayment processing (independent data controller)

6. Your rights (GDPR)

  • Right of access: you can request a copy of your personal data.
  • Right to rectification: you can correct inaccurate data in settings.
  • Right to erasure: you can delete your account in settings. Accounting documents are anonymised but retained for 7 years as required by law.
  • Right to data portability: you can export your data as CSV/JSON.
  • Right to object: contact us if you object to specific processing.

Contact us at contact@offertease.com to exercise your rights. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

7. Cookies

We only use technically necessary cookies for authentication (session cookie from Supabase Auth). No tracking cookies or advertising cookies are used.

8. We do not sell your data

We do not share, sell or rent your personal data to third parties for marketing purposes. (We do not sell your personal information – per CCPA.)

9. Changes

If we make material changes to this policy, we will notify you by email at least 30 days in advance.