FiveMinutes
Compliance & Legal

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: 2025-09-15
Document

Definitions

Fiveminutes.io ("we," "us," "our," "Company") respects our users' privacy and is committed to protecting it as outlined by this Privacy Policy.

Our direct customers ("you," "your," "developer") acknowledge that any use of our services requires them to accept and comply with this privacy policy in relation to their users.

Our indirect customers ("users," "their," "end users") must under this privacy policy be presented with and allowed to accept or reject a privacy policy that complies with this privacy policy.

Data Collection

While providing our services, we may collect certain data, including but not limited to:

  • Information about your account and subscription details
  • Your usage data and analytics
  • End users' data and analytics
  • Technical data such as IP addresses belonging to your and/or your users

We do not collect or have access to any of your personal data unless it is necessary to provide our services.

We do not actively collect the personal data of your users; however, such data may be collected and stored whenever freely submitted to our services by end users as this is necessary to providing our services.

We do not control or restrict what data end users choose to submit through our services, but also do not use or process this data in any way other than is necessary to providing our services.

We do collect and process anonymized metadata and statistics about you and end users alike whenever necessary to provide our services.

Lawful Basis for Processing

We process personal data only where we have a lawful basis to do so under the GDPR:

  • Contract performance — processing necessary to provide the services you have contracted with us for, including account management, service delivery, and billing
  • Legal obligation — processing required to comply with applicable laws, such as retaining financial records
  • Legitimate interests — processing for purposes such as service security, fraud prevention, capacity planning, and improving our services, where our interests are not overridden by your rights and interests

Use of Data

We use the data we collect solely for the purpose of providing, maintaining, and improving our services. Collected anonymized metadata can and will be used for purposes including but not limited to:

  • Capacity planning and allocation
  • Quality of Service
  • Maintenance and/or Operations
  • Billing

We will not use, sell, or distribute your or your users' personal data or any data related to you or your users, including anonymized metadata, for any other purposes.

Data Storage and Security

We implement robust security measures to protect your data. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute data security. This is especially true since parts of the data transport is the responsibility of you, the developer.

Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

  • Account and subscription data — retained for the duration of your contract and for up to 12 months after termination, to allow for dispute resolution
  • Financial and billing records — retained for 7 years as required by Swedish accounting law (bokföringslagen)
  • Technical and log data — retained for up to 14 days, after which it is automatically deleted

Upon expiry of the applicable retention period, personal data is securely deleted or anonymized.

Data Controller and Processor

The Company acts as the data controller for personal data collected directly from you, our developer customers, such as account information and billing details.

With respect to data belonging to your end users that passes through or is stored by our services, the Company acts as a data processor on your behalf. In this capacity, you are the data controller and are responsible for ensuring that your end users are informed of their rights and that a lawful basis exists for processing their data.

Our processing of your end-user data on your behalf is governed by a Data Processing Agreement (DPA), which forms part of the agreement between you and the Company.

Your Rights

As a direct customer, you have the following rights regarding your personal data that we hold as data controller:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data, subject to legal retention obligations
  • Portability — receive your data in a structured, commonly used, machine-readable format
  • Objection — object to processing based on our legitimate interests
  • Restriction — request that we limit processing of your data in certain circumstances

To exercise any of these rights, please contact us at privacy@fiveminutes.io. We will respond within 30 days.

Sharing and Disclosure

We do not share or disclose any of your or your users' data or any data related to your or your users, unless it is necessary to provide our services, or we are required to do so by law in any applicable jurisdiction.

We engage the following third-party data processors to help us deliver our services:

  • Microsoft Azure — cloud infrastructure provider used to store financial, organization, profile, and subscription records
  • Stripe — payment processor used to handle billing and subscription payments; Stripe processes payment data directly and is subject to its own privacy policy
  • Google Analytics — analytics service used on our platform with your consent; processes anonymized usage data

Each of these processors is bound by contractual obligations to process data only as instructed and in accordance with applicable data protection law.

International Data Transfers

Some of our third-party processors, including Microsoft Azure and Stripe, may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) — approved by the European Commission as a transfer mechanism for personal data to third countries
  • EU-US Data Privacy Framework (DPF) — where processors are certified under this adequacy framework, which has been recognized by the European Commission

Cookies

Our website uses cookies and similar tracking technologies. We use the following categories of cookies:

  • Strictly necessary cookies — required for the website to function and cannot be disabled
  • Analytics cookies — we use Google Analytics to understand how visitors use our platform. These cookies are only set with your consent.

Analytics cookies are used across our platform — including authenticated areas — only when you have given your consent via the cookie banner. You may withdraw consent at any time by declining or withdrawing consent via the cookie banner, or by using Google's opt-out tool.

Changes to this Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

It is up to you to stay up to date and compliant with any changes made to this privacy policy.

Complaints

If you believe we are processing your personal data in a manner inconsistent with applicable data protection law, you have the right to lodge a complaint with the data protection authority competent in your country of residence or establishment. A directory of EU/EEA supervisory authorities is available at edpb.europa.eu. We would, however, appreciate the opportunity to address your concerns directly before you contact an authority — please reach out to us at privacy@fiveminutes.io.

Contact Us

If you have any questions or concerns about this Privacy Policy, you can contact us at privacy@fiveminutes.io.

← Back to home Go to dashboard