Privacy Policy

Last updated: December 22, 2025

This Privacy Policy ("Policy") describes how Teamboks ApS ("Teamboks", "we", "us", or "our"), as data controller, collects and processes your personal data when you access or use our website, platform, APIs, SDKs, and related services (collectively, the "Services").

This Policy is made available to comply with the General Data Protection Regulation (2016/679 of 27 April 2016) ("GDPR") and its transparency requirements. The Services may be provided as part of early access or beta programs.

1. Who We Are

Teamboks ApS is a company registered in Denmark. We provide infrastructure for product teams, including role management, permissions, feature control, and compliance tooling.

2. Scope and Roles

This Policy applies to:

  • Our public website
  • The Teamboks platform
  • APIs, SDKs, and related developer tooling

When you visit our website or create an account, Teamboks acts as a data controller.

When our customers use Teamboks to manage their own users, organizations, or workspaces, Teamboks acts as a data processor, processing personal data solely on behalf of and under the documented instructions of our customers pursuant to a data processing agreement.

3. Personal Data We Process

Depending on how you interact with the Services, we may process the following types of personal data:

  • Account information (name, email address)
  • Authentication and access metadata
  • Usage data and audit logs generated by the platform
  • Technical information such as IP address and timestamps

If we need to collect additional personal data beyond what is listed above, we will inform you at the time of collection, including by updating this Policy.

4. Purposes of Processing

We only process your personal data when we have a legitimate purpose and in accordance with GDPR. Depending on the circumstances, personal data may be processed for the following purposes:

  • Providing and operating the Services
  • Authentication, authorization, and access control
  • Security, monitoring, and abuse prevention
  • Improving and maintaining the Services
  • Responding to inquiries, support requests, or complaints
  • Complying with legal obligations

5. Legal Basis for Processing

We only process your personal data when we have a lawful basis under GDPR. Depending on the circumstances, processing is based on:

  • Contract performance — processing is necessary for the performance of a contract with you, or to take steps at your request prior to entering into a contract (Art. 6(1)(b)).
  • Legal obligation — processing is necessary to comply with applicable law, such as bookkeeping and record-keeping requirements (Art. 6(1)(c)).
  • Legitimate interests — processing is necessary for purposes of our legitimate interests, such as improving and securing the Services, provided those interests are not overridden by your rights and freedoms (Art. 6(1)(f)).
  • Consent — where you have given explicit consent, for example for non-essential cookies or marketing communications. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal (Art. 6(1)(a)).

6. Data Sharing

We do not sell personal data. We only share personal data with others when permitted or required by law, including with:

  • Trusted subprocessors (e.g. hosting and infrastructure providers)
  • Authorities where required by applicable law
  • Professional advisors where necessary to protect our legal interests

7. International Transfers

Some of our subprocessors may process personal data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your personal data in accordance with GDPR.

8. Data Retention

We ensure that personal data is deleted when it is no longer relevant for the purposes described above. We always retain personal data for the period required by applicable law, including for documentation of compliance with bookkeeping and other legal obligations. If you have questions about our retention and processing practices, please contact us using the details in the last section of this Policy.

9. Security

We implement appropriate technical and organizational measures to protect personal data. However, no system is completely secure, and we cannot guarantee absolute security.

10. Cookies and Local Storage

We use cookies and local storage technologies that are strictly necessary for the operation of the Services, such as session management and authentication. These do not require your consent.

If we introduce non-essential cookies (e.g. for analytics or marketing), we will obtain your consent before placing them and provide further information at that time.

11. Your Rights

As a data subject, you have the following rights under GDPR:

  • The right to access the personal data we process about you, the purposes of processing, and whether we share your data with others.
  • The right to rectification of inaccurate personal data.
  • The right to erasure of your personal data in certain circumstances.
  • The right to restriction of processing, so that we only store your data for a given period.
  • The right to object to processing based on reasons relating to your particular situation.
  • The right to data portability of the personal data you have provided to us.
  • The right not to be subject to a decision based solely on automated processing, including profiling, unless it is necessary for a contract, authorized by law, or based on your explicit consent.
  • Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

These rights may be subject to conditions or limitations. Please use the contact details below if you wish to exercise any of your rights.

Where Teamboks acts as a data processor, data subject requests should be directed to the relevant data controller.

You always have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet). More information about your rights can be found on datatilsynet.dk.

12. Changes to This Policy

We reserve the right to update and amend this Policy. If we make changes, we will update the date at the top of this document. In the case of material changes, we will notify you through a visible notice on our website, by email, or through other communication channels.

13. Contact

You are welcome to contact us if you disagree with our processing, have questions or comments about this Policy, or wish to exercise your rights as a data subject.

Teamboks ApS
Email: [email protected]