App User Privacy Policy

1. Introduction to our Policy

Solace AB and its affiliates ("Solace," "we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains:

• why and how we may use the personal information that we have obtained from interactions you (or others) may have with us as a business, including when you use our services, visit and use our mobile app (Solace), visit and use the Solace website portal (currently located solace.care) (Solace Portal) or when you contact us.

• with whom we share your personal information; and

• the rights you have in connection with the information we use.

We maintain a separate Website Privacy Policy detailing how we process your personal information in connection with our website, solace.care more generally, please visit our Website Privacy Policy and our Cookies Policy.

Solace is the controller (Controller) of your personal information. This means Solace decides why and how your personal information is processed. If you are a User, please read this Privacy Policy carefully to ensure you fully understand it. By using our Services, you acknowledge and agree to the collection and processing of your personal data as described herein.

This Privacy Policy may change from time to time so please check this Privacy Policy occasionally to ensure that you are happy with any changes. For more information on changes to our Privacy Policy, please see paragraph 11 (Changes to this Privacy Policy).

2. How and why do we process your personal data?

When we use the term "personal data" in this Privacy Policy, we mean information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, to an individual. It does not include anonymized or aggregated data that is not reasonably capable of being associated with an individual.

Solace processes your personal data for specific purposes. This means that we always define “why” we process your personal data. For each purpose, we have identified a legal basis.

In this section we describe our different purposes for processing your personal data. For each purpose we state the following information:

• What personal data is collected (and processed);

• The purpose(s) for processing the data;

• The legal basis Solace relies on to process this data.

Categories of personal data

Solace processes different types of personal data about you which we choose to categorize in the following ways:

• Identity information (for example, first and last name and your social security number)

• Contact information (e.g. email address, telephone number and address)

• Payment information (for example, your bank details and account details, contractual details, and preferences relevant to our engagement.)

• User Information (for example, information about the relationship to a Loved One, geolocation, and insights relevant to the user experience.)

• Device information (such as IP address and browser settings, digital identifiers, device data (such as type, OS, browser version, language settings), and log-in credentials.)

• Work-related data (for example, profession and workplace of you as a contact person in connection with transport assignments)

• Information about Loved Ones (for example, contact person and names of children, date of birth and death, national ID numbers, legal, financial, and health documents, and additional background including gender, religion, marital status, and professional experience.)

• Sensitive personal data (for example, health data)

Where do we obtain personal data from?

Solace’s goal is for you to feel secure when you provide us with your personal information. We are committed to respecting and protecting your personal information and your personal integrity in accordance with applicable legislation, industry agreements or industry practices. To help you better understand how we process information about you, we have set out our basic principles for processing personal information below.

Information your provide to us

When you interact with Solace in various ways, for example by submitting a form or discussing with one of our customer advisors, you will be providing information to us directly. The exact information we receive will depend on the context of our interaction.

Information we record about you

In connection with the case/booked appointment, we will create a case linked to you where we continuously update what we are doing in the case on your behalf.

In addition to information that you actively provide to us, you also provide us with information in other ways, consciously or unconsciously. For example, we use various types of tracking technology on our website and in our e-mails that are intended to provide us with statistics and help us improve our services and offerings.

More information about how our website uses cookies and how to turn them off can be found here.

Information we receive from other sources

We may obtain information about you from publicly available sources. We may obtain information about you in the form of family history from the Tax Agency. We may also collect information about your creditworthiness from credit rating agencies, banks or information companies, where necessary.

When we carry out our Service we may also collect information from third parties such as insurance partners, government agencies, and other service providers such as funeral organising partners.

We collect information about you as a co-planner from the client and may also receive information from other relatives.

We may combine personal data collected from different sources to enhance the accuracy of our records and improve our Services.

2. Processing of Personal Data
2.1 Processing necessary for providing the Basic User Profile
2.1.1 Categories of personal data

Identity information

• Name, social security number, and other personal identifiers

Contact information

• Email address and phone number

Device information

• IP address, device type, and usage patterns (if applicable)

2.1.2 Purpose of processing

Your identity information is processed for the following purposes:

• To provide users with an account and personalized experience.

• To manage user registration and account authentication.

• To ensure compliance with legal obligations (including identification via social security number).

Your contact information is processed for the following purposes:

• To communicate important account-related updates.

• To provide customer support.

Your device information is processed for the following purposes:

• To improve platform functionality based on usage behavior.

• To ensure system security.

2.1.3 Legal basis

The legal basis for this processing is the performance of a contract (GDPR Art. 6.1.b) to provide you with the agreed Service.

The legal basis for processing your social security number is our legal obligation (GDPR Art. 6.1.c) to identify you.

2.2 Processing necessary for providing Legacy Planning
2.2.1 Categories of personal data

Identity information

• Name and any personal identifiers associated with uploaded documents

Contact information

• Email or phone number linked to the user account

Device information

• Device metadata related to uploaded documents

2.2.2 Purpose of processing

Your identity and contact information is processed for the following purposes:

• To associate legacy planning documents with the correct account.

• To enable secure communication about legacy planning.

Your device information is processed for the following purposes:

• To ensure secure uploading and access to legacy planning documents.

2.2.3 Legal basis

The legal basis for this processing is the performance of a contract (GDPR Art. 6.1.b).

We also rely on our legitimate interest (GDPR Art. 6.1.f) to allow users to manage and share their legacy planning safely.

2.3 Processing necessary for providing Loss Support
2.3.1 Categories of personal data

Identity information

• User name (if linked to checklist progress)

Device information

• Usage data and interactions with the checklist

2.3.2 Purpose of processing

Your identity information is processed for the following purposes:

• To identify the user’s checklist progress.

Your device information is processed for the following purposes:

• To track user interactions with the checklist.

• To provide relevant recommendations and improvements.

2.3.3 Legal basis

The legal basis for this processing is the performance of a contract (GDPR Art. 6.1.b).

2.4 Processing necessary for providing AI Chat Support
2.4.1 Categories of personal data

Identity information

• Name (if associated with chat account)

Contact information

• Email (if linked to chat service)

Device information

• Chat logs, interaction metadata, and device identifiers

2.4.2 Purpose of processing

Your identity and contact information is processed for the following purposes:

• To associate chat interactions with your account.

Your device information is processed for the following purposes:

• To provide AI-assisted guidance and responses.

• To improve AI features and personalize recommendations.

• To ensure quality control and resolve support issues.

2.4.3 Legal basis

The legal basis for this processing is the performance of a contract (GDPR Art. 6.1.b).

2.5 Processing necessary for providing Family Sharing
2.5.1 Categories of personal data

Identity information

• Name of the user and invited family members

Contact information

• Email addresses of users and family members

Device information

• Interaction and access logs

2.5.2 Purpose of processing

Your identity and contact information is processed for the following purposes:

• To allow users to share platform access with family members.

• To enable collaborative uploads and editing of personal data.

• To notify family members of shared content and updates.

Your device information is processed for the following purposes:

• To log and monitor access to shared data for security purposes.

2.5.3 Legal basis

The legal basis for this processing is the performance of a contract (GDPR Art. 6.1.b).

We may also rely on your consent (GDPR Art. 6.1.a) for sharing data with family members.

2.6 Processing necessary for providing beneficiary contact information
2.6.1 Categories of personal data

Identity information

• Name of beneficiaries

Contact information

• Email addresses of beneficiaries

2.6.2 Purpose of processing

Your identity and contact information is processed for the following purposes:

• To designate beneficiaries who can access legacy planning data after the user’s death.

• To facilitate secure communication with beneficiaries.

2.6.3 Legal basis

The legal basis for this processing is the performance of a contract (GDPR Art. 6.1.b).

We also rely on legitimate interest (GDPR Art. 6.1.f) in enabling users to designate access to beneficiaries.

2.7 Processing necessary for Service Communication
2.7.1 Categories of personal data

Identity information

• Name

Contact information

• Email address, phone number

Device information

• Device identifiers for notifications

2.7.2 Purpose of processing

Your identity and Contact information is processed for the following purposes:

• to contact users regarding service updates, maintenance, or security notices. These communications are mandatory for service use.

• to facilitate customer service interactions, notify users about changes, and provide relevant information regarding their accounts and services.

Your Device information is processed for the following purposes:

• To send notifications to the last phone you used to log in to the Service

2.7.3 Legal basis

The legal basis for this processing is the performance of a contract (GDPR Art. 6.1.b).

2.8 Processing necessary for evaluating and improving our Service and conducting research
2.8.1 Categories of personal data

Identity information

• Name (if linked to usage data)

Contact information

• Email address (if linked to research participation)

Device information

• Usage data, interaction logs, device metadata

2.8.2 Purpose of processing

Your identity and contact information is processed for the following purposes:

• To link usage behavior to account information.

• To invite selected users to participate in research.

Your device information is processed for the following purposes:

• To analyze user behavior and interactions.

• To tailor user experiences, content recommendations, and preferences.

• To improve our services and conduct research.

2.8.3 Legal basis

The legal basis for this processing is legitimate interest (GDPR Art. 6.1.f) in improving services and research.

2.9 Processing necessary for marketing services and products
2.9.1 Categories of personal data

Identity information

• Name

Contact information

• Email, phone number, and other consented communication channels

Device information

• Device identifiers for marketing notifications, Cookie data

2.9.2 Purpose of processing

Your identity and contact information is processed for the following purposes:

• To send newsletters, updates, special offers, and relevant marketing communications about services, features, offers, and events where consent has been given.

• To inform you of our products or services via notification or email

• To send you promotional marketing emails and marketing newsletters (you can unsubscribe from any mailing lists at any point)

• We may provide such notices through any of the contact means available to us (e.g., phone, mobile or email), through the Services, or through our marketing campaigns on any other websites or platforms.

Your device information is processed for the following purposes:

• To deliver marketing notifications on the relevant device.

• Your cookie data is processed to show you targeted advertising and to measure the reach of our marketing campaigns

2.9.3 Legal basis

The legal basis for processing your contact information is the performance of the contract (GDPR Art. 6.1.b) or your given consent (GDPR Art. 6.1.a) to provide you with customized products and services and to inform you about and market our offered Service.

You have the right to withdraw your consent (to “opt out”) of any marketing communications at any time. You can opt-out (e.g. email) by using the unsubscribe link available in every newsletter or in every commercial message you receive from us or in case of electronic direct marketing by following the instructions in the communication, or contacting privacy@solace.care.

When you object to direct marketing, we will save information about this on our internal blocking list in order to be able to accommodate your request not to be contacted by us.

2.10 Processing necessary for in-app tracking and optimizing ad campaigns
2.10.1 Categories of personal data

Device information

• App events (installation, registration, booked/completed sessions)

• Mobile identifiers (IDFA, Google Play Services ID)

• Pseudonymized IP and MAC addresses

2.10.2 Purpose of processing

Your device information is processed for the following purposes:

• To understand how users interact with our Applications.

• To measure the performance of and optimize our ad campaigns.

• To measure performance and optimize ad campaigns.

2.10.3 Legal basis

The legal basis for this processing is our legitimate interest (GDPR Art. 6.1.f) or your consent (GDPR Art. 6.1.a).

You are free to withdraw your consent at any time.

Users can opt out at any time via device settings (iOS: App Tracking Transparency; Android: Ads Personalization).

2.11 Processing necessary for legal compliance
2.11.1 Categories of personal data

Identity information

• Name, identifiers related to legal inquiries

Contact information

• Email, phone number

Payment information

• Transaction records, if relevant

Device information

• Access logs, metadata

2.11.2 Purpose of processing

Your identity, contact, payment, and device information may be processed for the following purposes:

• To comply with legal obligations and regulatory inquiries.

• To enforce agreements and respond to official requests.

2.11.3 Legal basis

The legal basis for this processing is our legal obligation (GDPR Art. 6.1.c).

2.12 Processing necessary for security and fraud prevention
2.12.1 Categories of personal data

Identity information

• Name, identifiers linked to accounts

Contact information

• Email, phone number

Payment information

• Transaction and account details for fraud detection

Device information

• IP addresses, device metadata, login attempts, and security logs

2.12.2 Purpose of processing

Your identity, contact, payment, and device information is processed for the following purposes:

• To monitor and prevent security threats, fraud, and abuse.

• To ensure platform integrity and protect user accounts and data.

2.12.3 Legal basis

The legal basis for this processing is our legitimate interest (GDPR Art. 6.1.f) in securing the platform and preventing unauthorized access.

3. Automated Decision Making
We do not envisage that any decisions that have a legal or significant effect on you will be taken about you using purely automated means, however we will update this Privacy Policy and inform you if this position changes.
4. How we share your personal data
Third country transfer

We aim to only process your personal data within the EU/EEA. When we need to share your personal data with recipients outside the EU/EEA, we ensure that this only happens to countries that are sufficiently secure (have an adequate level of protection) or that we take other appropriate safeguards. These appropriate safeguards include, among other things, that we use standard contracts approved by the EU Commission (EU Commission Standard Contractual Clauses) and that we always analyze and evaluate the legislation of the recipient country on our own initiative. When we believe that the laws of the recipient country do not provide adequate protection for your personal data, we take special measures so that the protection of your data remains when it is transferred to the relevant country outside the EU/EEA.

Additional disclose

We may disclose personal data to service providers performing services on our behalf, partners when required for service facilitation (with your consent), legal authorities when required by law, affiliated companies within the Solace group, and third parties in the event of mergers or acquisitions. We do not sell personal data to third parties.

5. Data Subject Rights

GDPR gives you as an individual a number of different rights to your personal information. Solace has procedures in place to enable you to exercise your rights. You also always have the right to file a complaint with the Swedish Data Protection Authority (IMY) if you believe that the processing of your personal data is in violation of the law. More general information about your data protection rights can be found on the IMY website together with the authority's contact details.

If you want to exercise your rights, or have questions about your rights in relation to Solace, please contact us by e-mail at privacy@solace.care.

Right of access

You have the right to be informed that we are processing your personal data and to have access to your personal data, i.e. you can receive a so-called register extract of the processing carried out. You also have the right to receive certain information about the processing as such (for example, for what purpose we are processing the data).

Right to information

You have the right to receive information about how we process your personal data. We will inform you through this privacy policy and by answering questions from you.

Right to rectification

The personal data we process about you must be accurate and up-to-date. You have the right to have inaccurate personal data about you corrected and the right to have incomplete data completed.

Right to erasure (“right to be forgotten”)

As a data subject, you have the right to have your personal data deleted by us to a certain extent. Please note that this does not apply to information that we need for the purpose of fulfilling legal obligations or defending ourselves against legal claims, as well as information that we need to fulfill a contract if you are or have been a customer of ours.

However, you may have the right to have your personal data erased if your personal data is no longer necessary for the purposes for which they were processed or if the processing is based on your consent and you withdraw this without there being any other legal basis for continued processing. You may also have the right to erasure if a processing is based on a balancing of interests and there are no compelling legitimate grounds that outweigh your interests. Furthermore, you may request erasure if the processing is for direct marketing purposes and you object to this. You also have the right to have your personal data erased if it has been processed unlawfully, or if erasure is required to comply with a legal obligation.

Right to object

You have the right to object to Solace processing of your personal data based on one of our legitimate interests. If you object to such processing, we may only continue to process the data if we demonstrate compelling legitimate grounds for us to process the data and where our interests outweigh your interests, for example where the processing is for the establishment, exercise or defence of legal claims.

Object to direct marketing

Processing for direct marketing purposes will cease immediately if you object to such processing. Please note that you always have the right to withdraw your consent to receive advertising from us. You can do this either by clicking "unsubscribe" at the bottom of the email you receive from us or by contacting us.

When you object to direct marketing, we will save information about this on our internal blocking list in order to be able to accommodate your request not to be contacted by us.

Right to restriction of processing

You have the right to request that our processing of your personal data be restricted if the data is processed incorrectly, for example, is inaccurate, if the processing is unlawful, if the data is no longer needed for the purposes. If you have objected to the processing of your personal data based on our legitimate interest, you may request that we restrict the processing while we investigate whether we have the right to continue with it. This right also applies while awaiting an assessment of whether the alleged error exists. When a restriction ceases, you have the right to be informed.

Right to data portability

In certain cases, you have the right to obtain information that you have provided to us and to have the information transferred to another data controller. This right applies when we process personal data automatically and with your consent or on the basis of a contract.

Right to withdraw consent

If our processing of personal data is based on your explicit consent, you have the right to withdraw it at any time. However, the withdrawal does not affect the lawfulness of the processing carried out based on the consent before the withdrawal. You can withdraw your consent, for example, by contacting us at privacy@solace.care.

6. Security and data storage
Data Security

We implement industry-standard security measures to safeguard personal data. While we strive to protect all information, no security system is infallible. Users are encouraged to take precautions, such as using strong passwords and avoiding the sharing of sensitive information online.However, please be aware that regardless of any security measures used or implemented, we cannot and do not guarantee the absolute protection and security of any personal data stored with us or with any third parties.

How long do we store your personal data?

We store personal data for the duration that we consider reasonably necessary to support and enhance our relationship with you while delivering our Services and offerings, ensuring compliance with legal obligations, and safeguarding against potential claims. Once retention is no longer required, data is securely deleted or anonymized.

If an individual requests the deletion of their personal data, we will evaluate the request based on legal and contractual requirements.

Demographic data

Your demographic data is stored for as long as you have an account. It will be deleted or anonymized upon deletion of your account - either by you requesting deletion of the account or if the account has been inactive for two (2) years.

Payment information

Your payment information is saved for as long as you have an account or six (6) years from the date of completed purchases to meet legal obligations such as keeping business records.

Technical data

Your technical data is stored for as long as you have an account. It will be deleted or rendered completely unidentifiable upon deletion of your account - either by you requesting deletion of the account or if the account has been inactive for two (2) years.

In order to detect and fix errors, we save error logs in our systems. Since these logs may contain personal data, they are deleted after a maximum of 60 days. We always strive to minimise the storing of unnecessary data, therefore this storing period is often much shorter than 60 days.

Cookie data

If you have consented to third-party cookies being stored on your computer or mobile devices, the cookies will be removed when you uninstall them or when the cookie expires.

Customer service requests

If you have contacted our customer service team, the inquiry will be stored for 365 days before it is deleted

7. Additional notices and contact details
Updates and changes

Solace is constantly working to develop our business and our digital services. This means that we will also update this privacy policy on an ongoing basis in connection with our plans to change how we use your personal data.

Any changes will be notified to you by posting an updated version on the Site. Any changes will take effect 7 days after the date on which we post the modified terms. We recommend you regularly check for changes and review this Privacy Policy whenever you visit or use the Site. If you do not agree with any aspect of the updated Privacy Policy you must immediately notify us and cease using our services.

For privacy-related inquiries, contact:

Privacy Officer
Solace AB
Luntmakargatan 26, 111 37 Stockholm
Email: privacy@solace.care

Please see our Terms and Conditions for further legal information about Solace AB.