SV / EN

Legal

Privacy Policy

This privacy policy explains how Passly handles personal data when you use our website, platform, integrations, and support channels.

Last updated: March 15, 2026

1. Data controller

Passly is operated by LABS Beyond AB ("Passly", "we", "us"). LABS Beyond AB is the data controller for the processing of personal data described in this policy.

If you have questions about this policy or how we process your personal data, contact us at hello@passly.se.

2. What personal data we collect

We collect personal data that you provide directly and data generated when you use the service.

We may also receive data from connected systems, for example Shopify and Fortnox, when you enable integrations.

  • Identity and account data, such as name, email address, and login information.
  • Tenant and business data, such as company details and service configuration.
  • Integration data from Shopify and Fortnox, such as orders, products, inventory changes, invoices, and accounting-related records.
  • Ticket and event data, such as ticket IDs, QR/check-in status, and customer-provided event information.
  • Support and communication data from email and other contact channels.
  • Technical and security data, such as IP address, browser/device data, logs, and event timestamps.

3. Why we process personal data

We process personal data to provide, operate, and improve Passly.

  • To create and manage accounts and tenant access.
  • To deliver Shopify and Fortnox synchronization features.
  • To manage ticket administration and check-in functionality.
  • To provide support and respond to questions.
  • To prevent abuse and maintain security, reliability, and traceability.
  • To comply with legal obligations, including accounting and tax rules.

4. Legal bases for processing

We process personal data based on one or more of the following legal bases:

  • Contract: processing is necessary to provide services under an agreement with you or your organization.
  • Legitimate interest: for example to provide support, maintain operations, and improve security.
  • Legal obligation: for example bookkeeping, accounting, and legal compliance requirements.
  • Consent: when required, for example for optional cookies or similar technologies.

5. Who we share personal data with

We may share personal data with trusted partners when needed to provide the service.

  • Processors acting on our instructions, such as hosting, infrastructure, support, and technical service providers.
  • Independent controllers, such as authorities, banks, payment providers, or other parties that are legally responsible for their own processing.
  • Authorities or other recipients when required by law, regulation, or valid legal request.

6. Where we process personal data

We primarily process personal data within the EU/EEA.

If a transfer outside the EU/EEA is necessary, we ensure lawful safeguards are in place, such as standard contractual clauses and supplementary protection measures where required.

7. How long we keep personal data

We keep personal data only for as long as needed for the purposes described in this policy.

  • Account and tenant data is normally kept while the account is active.
  • Support and communication records are normally deleted or anonymized within 12 months unless longer storage is required.
  • Bookkeeping and accounting data is stored for at least seven years when required by law.
  • Security and technical logs are retained for limited periods based on operational and security needs.

8. Cookies and similar technologies

Our website and platform use cookies and similar technologies for core functionality, security, and analytics.

Where required by law, we collect consent before placing non-essential cookies.

9. Your rights

Under applicable data protection law, you may have the right to:

  • Access your personal data (register extract).
  • Request rectification of inaccurate or incomplete personal data.
  • Request erasure of personal data in certain situations.
  • Request restriction of processing in certain situations.
  • Object to processing based on legitimate interest.
  • Object to direct marketing.
  • Receive your data in a portable format where legally applicable.

10. How to exercise your rights

To submit a request, email hello@passly.se from your registered address when possible.

We may ask for additional information to verify your identity and handle your request securely.

We respond without undue delay and normally within one month (30 days).

11. Supervisory authority and contact

In Sweden, the supervisory authority for data protection is Integritetsskyddsmyndigheten (IMY). You can read more at imy.se.

If you believe we process personal data incorrectly, you may contact IMY or contact us first at hello@passly.se.

Contact: hello@passly.se