Privacy Policy

Privacy Policy

Last updated: January 13, 2026

1. Who we are

Utecca ApS

Kristen Bernikows Gade 4, 2.

Denmark

CVR / Company registration number: DK41412003
Email: [email protected]

Utecca ApS is the data controller for the personal data described in this policy.

2. Scope of this policy

This Privacy Policy describes how we process personal data when:

  • you visit our website
  • you create or use an account in our SaaS product
  • you communicate with us (e.g. support, sales, billing)

Personal data processed on behalf of our customers as part of the SaaS service is governed by our Data Processing Agreement (DPA).

3. Personal data we process

We process the following categories of personal data:

Account and contact data

  • Name
  • Email address
  • Company name
  • User role and permissions

Usage and technical data

  • IP address
  • Login timestamps
  • Session identifiers
  • Application logs necessary for security, troubleshooting, and operation

Communication data

  • Emails and messages sent to support or sales

4. Purposes and legal bases

We process personal data for the following purposes:

PurposeLegal basis
Providing and operating the serviceContract (GDPR Art. 6(1)(b))
Account administration and customer supportLegitimate interest (Art. 6(1)(f))
Security, abuse prevention, and loggingLegitimate interest (Art. 6(1)(f))
Billing and accountingLegal obligation (Art. 6(1)(c))

5. Cookies

We use cookies for:

  • user authentication
  • maintaining login sessions
  • ensuring secure access to the service
  • analytics and website performance
  • sales and marketing purposes

Some cookies are strictly necessary for the operation of the service, while others (such as analytics and sales cookies) are optional and require your consent.

For more detailed information about our use of cookies, please see our Cookie Policy.

6. Data sharing and subprocessors

We may share personal data with trusted subprocessors for the purpose of operating and maintaining the service, such as:

  • hosting and infrastructure providers
  • email delivery services
  • monitoring and logging services

All subprocessors are subject to contractual data protection obligations and process personal data only on our instructions.

7. International data transfers

Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards, such as:

  • EU Standard Contractual Clauses (SCCs)

8. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy:

  • account data: for the duration of the customer relationship
  • technical and log data: retained for limited periods for security and operational purposes
  • billing data: retained as required by applicable law

9. Your rights

Under the GDPR, you have the right to:

  • access your personal data
  • rectification of inaccurate data
  • erasure
  • restriction of processing
  • data portability
  • object to processing based on legitimate interests

To exercise your rights, contact us at: [email protected]

You also have the right to lodge a complaint with your local data protection authority.

10. Customer data processing

Personal data processed on behalf of customers as part of the SaaS service is governed by our Data Processing Agreement (DPA). In these cases, customers act as data controllers and the customer acts as a data processor.

11. Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available on our website.