Privacy Policy
Last updated: 5 June 2026
Swavvy AB (“Perimeter”, “we”, “us”) is committed to protecting your personal data. This policy explains what data we collect, why we collect it, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable law.
1. Who we are
Swavvy AB is the data controller for personal data collected through the Perimeter website and platform. We are a Swedish company (Org.nr: 559008-3670) and our infrastructure is hosted on Google Cloud within the European Union.
Data protection contact: privacy@useperimeter.com
2. Data we collect and why
Account and billing data
When you create an account we collect your name, email address, and billing information. Payment card data is processed by our payment provider and is not stored on our systems. We use this to provide the Service, send transactional emails, and manage your subscription. Legal basis: performance of a contract.
Usage and platform data
We collect data about how you use the platform — pages visited, features used, scan activity — to operate and improve the Service, diagnose errors, and understand aggregate usage patterns. Legal basis: legitimate interests.
Scan input data
Domains and assets you register are processed to conduct external scans. Scan results are stored and associated with your account. This data is processed on your behalf under our Data Processing Agreement. Legal basis: performance of a contract.
Communications
If you contact us by email or through the platform, we retain those communications to respond and for record-keeping. Legal basis: legitimate interests.
Cookies and analytics
We use cookies to operate the website and, with your consent, for analytics. You can manage your preferences at any time. See our Cookie Policy for full details. Legal basis: consent (analytics); legitimate interests (strictly necessary cookies).
3. How long we keep your data
We retain account data for the duration of your subscription and for 30 days after cancellation to allow for data export. Billing records are retained for 7 years to meet Swedish legal accounting obligations. Usage logs are retained for up to 12 months.
After retention periods expire, data is deleted or anonymised.
4. Who we share data with
We share personal data only with sub-processors who provide infrastructure and services necessary to operate the platform. These currently include Google Cloud (EU hosting and infrastructure). All sub-processors are contractually bound to appropriate data protection obligations. A current list of sub-processors is available on request.
We do not sell personal data to third parties and do not use your data for advertising.
We may disclose data if required by applicable law, a court order, or a regulatory authority, and will notify you where legally permitted to do so.
5. International transfers
All personal data is stored and processed on Google Cloud infrastructure located within the European Economic Area. We do not transfer personal data to countries outside the EEA.
6. Your rights under GDPR
If you are located in the EEA, you have the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data where there is no legitimate reason to retain it.
- Restriction — ask us to restrict processing in certain circumstances.
- Portability — receive a copy of data you provided to us in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at privacy@useperimeter.com. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.
7. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These include encryption in transit and at rest, access controls, and regular security reviews. We are working toward ISO 27001 alignment. More detail is available in our Security & Disclosure Policy.
8. Changes to this policy
We may update this policy from time to time. Material changes will be communicated by email or by a notice in the platform. The “Last updated” date at the top of this page indicates when the policy was last revised.
9. Cookie declaration
A full list of cookies in use on this website, including their purpose and storage duration, is available on our Cookie Policy page. You can also manage or withdraw your consent there at any time.