Legal
Corners Sverige AB, a company incorporated under Swedish law, trading as Artivex, is the data controller for personal data processed through the Artivex platform at artivex.io.
This Privacy Policy explains how we collect, use, store, and protect your data when you use our platform. We are committed to your privacy and to compliance with the General Data Protection Regulation (GDPR) and applicable Swedish data protection law.
If you have any questions about this policy, please contact us at david@artivex.io.
We collect the following categories of data:
Account data
Billing data
Build data
Usage data
Technical data
We use data collected from you for the following purposes:
We do not sell your personal data. We do not use your data for advertising purposes.
We share data with the following sub-processors to deliver the Platform. Each is bound by appropriate data processing terms. The current, complete list of subprocessors is published at artivex.io/subprocessors and updated whenever a subprocessor is added, removed, or replaced.
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database and storage — stores your Build data, System data, and account data | EU-West-1 (Ireland) |
| Stripe | Payment processing — handles all financial transactions and subscription management | US / EU |
| Resend | Transactional email — sends welcome emails, password resets, receipts, and alerts | US |
| Vercel | Hosting — hosts deployed Systems and the Platform itself | Global (edge network) |
| Anthropic | AI processing — when your workflows include AI steps using Claude, data from those steps is processed by Anthropic | US |
| OpenAI | AI processing — when your workflows include AI steps using GPT models, data from those steps is processed by OpenAI | US |
All primary data — your account data, Build data, System data, and usage data — is stored in the EU via Supabase EU-West-1 (Ireland). This is our primary data store.
Vercel may serve your deployed Systems from edge locations globally to minimise latency for your end users. Static assets and cached responses may be distributed across Vercel's global edge network.
AI providers (Anthropic, OpenAI) process data in the US per their own data processing terms. Data sent to AI providers in workflow AI steps is processed and returned but not persistently stored by those providers beyond their standard retention periods.
Where data is transferred outside the EU, appropriate safeguards are in place as described in our Data Processing Agreement.
As a data subject under the GDPR, you have the following rights with respect to your personal data:
Right of Access (Art. 15)
Request a copy of the personal data we hold about you.
Right to Rectification (Art. 16)
Request correction of inaccurate or incomplete personal data.
Right to Erasure (Art. 17)
Request deletion of your personal data ("right to be forgotten").
Right to Portability (Art. 20)
Receive your data in a structured, machine-readable format.
Restrict Processing (Art. 18)
Request that we limit how we use your personal data.
Right to Object (Art. 21)
Object to processing of your personal data in certain circumstances.
Withdraw Consent
Withdraw consent at any time where processing is based on consent.
Supervisory Authority
Lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.
To exercise any of these rights, email us at david@artivex.io with a clear description of your request. We will respond within 30 days. We may need to verify your identity before processing the request.
We use a minimal set of cookies that are strictly necessary for the Platform to function:
We do not use third-party tracking cookies. We do not use advertising cookies. We do not use analytics cookies at this time.
A cookie consent banner is shown on your first visit to the Platform. Strictly necessary cookies do not require consent under GDPR but we inform you of their use transparently.
The Artivex Platform is intended for business use and is not directed at children under 18 years of age. We do not knowingly collect personal data from individuals under 18.
If you believe a person under 18 has provided personal data to us, please contact us at david@artivex.io and we will delete that data promptly.
When Customers use Artivex to process personal data on behalf of their own data subjects (for example, storing client contacts in a CRM built on Artivex), Artivex acts as a data processor and the Customer acts as the data controller.
In these circumstances, a Data Processing Agreement (DPA) governs the relationship. Our DPA is available at artivex-dpa.html and is provided on request to paying Customers.
If you are a business using Artivex to process personal data of your customers or employees, please contact david@artivex.io to execute the DPA before processing begins.
In the event of a personal data breach affecting your data, Artivex will:
Our tenant isolation architecture (row-level security, separate access credentials per Customer) is designed to contain the impact of any breach to a single tenant.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 30 days before the changes take effect.
The "Last updated" date at the top of this page will always reflect when the policy was last revised. We encourage you to review this policy periodically.
For all privacy-related enquiries, data subject requests, or questions about this policy:
For complaints that we are unable to resolve, you may contact the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten — IMY) at imy.se.