Legal

Privacy Policy

Last updated: May 10, 2026

1. Who We Are

Vintera Labs AB ("Vintera Labs", "we", "our", "us") is a Swedish company providing an AI-powered payment recovery and churn prevention platform for subscription businesses. Our registered address is in Sweden.

For questions about this Privacy Policy, contact us at: hello@vinteralabs.io

2. What Data We Collect

2.1 Data You Provide Directly

  • Account information: Name, email address, and password when you create an account.
  • Business information: Company name and other details you provide during onboarding.

2.2 Data We Collect via Integrations

When you connect third-party services to our platform, we access data from those services on your behalf:

  • Stripe: Payment transaction data, subscription status, customer email addresses, invoice history, and billing events from your connected Stripe account.
  • HubSpot: Contact records, deal stage, and open ticket information from your connected HubSpot account.
  • Slack: OAuth credentials to send notifications to your connected Slack workspace.

2.3 Data We Process on Behalf of Your Customers

In the course of providing our service, we process personal data belonging to your end customers (name, email address, payment history). This makes you the data controller and us the data processor under GDPR. A Data Processing Agreement (DPA) governs this relationship.

2.4 Technical Data

  • Log data (API requests, error logs)
  • Usage data (features used, actions taken in the dashboard)

3. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and improve the Vintera Labs platform
  • Detect failed payments and send recovery communications on your behalf
  • Score customer health and generate churn predictions
  • Send Slack notifications to your team
  • Communicate with you about your account and our service
  • Comply with legal obligations

We do not sell your data or your customers' data to third parties.

4. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract: Processing necessary to deliver the service you have subscribed to.
  • Legitimate interests: Improving our platform, preventing fraud, and ensuring security.
  • Legal obligation: Complying with applicable laws and regulations.

5. Data Storage and Security

  • All data is stored in the European Union. Our database infrastructure is hosted on Supabase in West EU (Ireland), ensuring data never leaves the EU.
  • We use row-level security to ensure that your data is never accessible to other customers.
  • API keys and secrets are stored encrypted and never exposed in client-side code.
  • Access to production systems is restricted and logged.

6. Data Retention

  • We retain your account data for as long as your account is active.
  • Upon account termination, we delete your data within 30 days unless we are required to retain it for legal reasons.
  • Payment event logs may be retained for up to 12 months for audit purposes.

7. Third-Party Sub-Processors

We use the following sub-processors to deliver our service:

Sub-processorPurposeLocation
SupabaseDatabase and authenticationEU (Ireland)
VercelApplication hostingEU / Global
ResendTransactional email deliveryEU / Global
AnthropicAI processing for agent decisionsUSA
StripePayment infrastructureUSA / Global

Where sub-processors are located outside the EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses).

8. Your Rights Under GDPR

As a data subject, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate personal data
  • Erase your personal data ("right to be forgotten")
  • Restrict processing of your personal data
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at hello@vinteralabs.io. We will respond within 30 days.

You also have the right to lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten, IMY) at imy.se.

9. Cookies

Our platform uses only technically necessary cookies required for authentication and session management. We do not use advertising or tracking cookies. No cookie consent banner is required for technically necessary cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice on our platform. The date of the latest update is always shown at the top of this page.

11. Contact

Vintera Labs AB
hello@vinteralabs.io
vinteralabs.io

Questions? Contact us at hello@vinteralabs.io