Your Data, Secure by Design


Overview

At Co Society, we take your security and privacy seriously. Our product is built entirely on trusted, modern web technologies and runs in your browser - no installation needed. 

All data is securely handled and stored in Europe, using Microsoft Azure. We follow strict security standards to keep your information safe. 

Key Highlights: 

  • No installs, no tracking: Everything runs in the browser. We don’t store or analyze your voice, video, or chat messages.
  • Secure login: We use enterprise-grade authentication with support for Single Sign-On and multi-factor authentication.
  • Encrypted communication: All data is encrypted in transit and protected at rest.
  • Minimal data storage: We only store essential user info - like your name, email, and meeting bookings.
  • Trusted partners: We use well-known, privacy-first services like Unity Vivox for voice chat and Odin for video.
  • European data hosting: All services and analytics are hosted in EU-based datacenters. We design for privacy and maintain strict access controls. Security isn’t an afterthought - it’s built into every part of our platform.

FAQ

What is personal data and what is processing of personal data?
Personal data is any information about a living natural person that can be directly or indirectly linked to that person. This may include names and social security numbers, but also images, e-mail addresses and IP addresses. Processing of personal data means all forms of handling of personal data. It can be an operation or a combination of measures such as collection, registration, structuring, storage, processing and transfer of personal data.
Who is responsible for the personal data we collect?
Co. Society AB (org.nr 559325-9012) with address Norrlandsgatan 10, 111 43 Stockholm, is the data controller for the company’s processing of personal data. If you have any questions about the personal data that we process please contact us at privacy@cosociety.co.
Sensitive data
In our service we don’t process any data that could be classified as sensitive in accordance with the data protection regulation. If any such data would be communicated with us we immediately make sure that this information is deleted.
From which sources do we collect your personal data?
We mainly collect information about you when the company where you are employed at chooses to sign an agreement with us for the use of our platform and you as an employee are either appointed as administrator/superuser of the service or use it as part of your daily work. In connection with conducting tests for the development of the platform, the data is collected from the data subject. For marketing and communication about our service, we either collect your data from public sources or from you after initial contact,
Who may we share your personal data with?
Personal data assistants. In cases where it is necessary for us to be able to offer our service/product, we share personal data with companies that are personal data processors for us. A personal data processor is a company that processes personal data on our behalf and in accordance with our instructions. When personal data is shared with data processors, it is only for purposes that are compatible with the purposes for which we initially collected the data. We conduct ongoing checks of all personal data processors to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all personal data processors through which they guarantee the security of the personal data processed. More information about which personal data processors we use can be found in the appendix to this privacy policy.
Where do we process your personal data?
We always strive to process your personal data within the EU/EEA. For system support and maintenance, we may be required to transfer certain personal data to a country outside the EU/EEA. This may be the case if we share your personal data with a personal data processor who is established or stores information in a country outside the EU/EEA through an approved subcontractor. In such a case, the personal data processor may only access information that is relevant to the specific situation. For the transfer of your personal data to a country outside the EU/EEA, these countries may have laws that gives the public authorities the right to request personal data stored in the country for the purpose of fighting crime or defending national security. Regardless of whether it is we or one of our suppliers who process your personal data, we will ensure a high level of protection in the event of a transfer of these and that appropriate safeguards have been taken in accordance with applicable data protection regulations. Such safeguards include, among other things, ensuring: If the EU Commission has decided that the country outside the EU/EEA to which your personal data is transferred achieves an adequate level of protection equivalent to the level of protection provided by the GDPR. That the EU Commission’s standard contractual clauses between us and the company that is the recipient of the personal data outside the EU/EEA. This means that the recipient guarantees that the protection that the personal data receives is the same as the requirements set out in GDPR. Information regarding which countries that are considered to have an adequate level of protection of personal data in their regulation is found on the EU commissions website. More information regarding standard contractual clauses can be found here.
How long do we save your personal data?
We never save your personal data longer than is necessary for each purpose. The identified necessary storage time for each processing activity are specified in more detail under the respective purposes/processing above.
What are your rights as a data subject?
As a data subject, you have a number of rights under the data protection regulation (GDPR) that give you control over your own personal data, including obtaining information directly from us about how we process your personal data. If you want to know more about your rights or get in touch with us to use any of your rights, the easiest way to do it is to send an email on privacy@cosociety.co. As a data subject, you have the following statutory rights: Right to be forgotten (Right to have information deleted)In some cases, you have the right to have your personal data deleted. This right applies to:in the event that the data processed about you is no longer necessary for the purposes for which it was collected. If the processing is based on your consent and you withdraw it. If the processing takes place for direct marketing and you object to the processing of the data.If you have objected to personal data processing that we based on legitimate interest and your reason for objection outweighs our legitimate interest.  If the personal data must be deleted in order to comply with a legal obligation to which we are subject. If the personal data is processed unlawfully. Keep in mind that we may deny your request to be forgotten if there are legal obligations for us to save your information for a certain statutory period of time. Right to informationYou have the right to receive information about how we process your personal data, both when the data is collected and when you request more information about the processing. We provide this partly by providing this data protection information, but also by answering questions from you. Right to access your personal data – Register extractYou have the right to find out if we process your personal data and to receive a copy of what personal data we handle, a so-called register extract. This information shows what personal data we process, the purpose of the processing of your personal data, which recipients, if any, may receive your personal data, how long we save your personal data, where the information about you was collected and whether there is any automatic decision-making regarding your personal data. Keep in mind that the right to receive a copy of your personal data does not mean that you always have the right to receive the actual document where your personal data exists, but you are provided with a summary of the personal data that exists so that you can check the accuracy and legality of the data. If we receive a request for a register extract we may request additional information to ensure effective handling of your request and to ensure that the information is provided to the right person. Right to access and to move your personal data – Data portabilityYou can request a copy of the data we process about you in a machine-readable format in order to be able to move your personal data to another recipient. You can only request this right if we process your personal data for the purpose of fulfilling a contract or based on your consent. Right to rectificationYou have the right to request that we correct incorrect information that we process about you and that we supplement the information we already have in case it is incomplete. Right to restriction of processingYou have the right to request that our processing of your personal data be restricted. You can do this if you believe that the information we have about you is not correct, that our processing is contrary to law or that we do not need the information for a specific purpose. You also have the right to request that we do not process your personal data while we control this. Right to object to our processing of your personal dataYou have the right to object to our processing of your personal data if it is based on our legitimate interest. In addition, you always have the opportunity to object to direct marketing from our side.

What are cookies and how do we use them?

To provide an optimal experience, we use cookies and similar tracking technologies which are stored on your browser or device. On cosociety.co we use the following cookies:Session cookies (a temporary cookie that expires when you close your browser or device)Persistent cookies (cookies that remain on your computer until you delete them yourself or the time for them has expired)Third-party cookies (cookies set by a third-party website)More information about our handling of cookies can be found in our cookie policy.

How do we protect your personal data?

When processing your personal data, we have implemented special security measures to protect your personal data against unlawful or unauthorized processing by protecting the confidentiality, integrity and access to your personal data. Only those persons who actually need to process your personal data in order for us to fulfill our stated purposes have access to the data. If you want to know more about how we protect your personal data you are welcome to contact us at privacy@cosociety.co.

Complaints

If you have questions about how we process your personal data, you are always welcome to us at privacy@cosociety.co. If you wish to send a request or receive information regarding the processing of personal data, please indicate that your message relates to data protection.

Changes to the Privacy Policy

The Swedish Authority for Privacy Protection is responsible for monitoring and reviewing compliance with the rules in the area of data protection (GDPR). If you think that we are processing your personal data incorrectly, you can file a complaint with the Swedish Authority for Privacy Protection.

Changes to the Privacy Policy

We may make changes to our privacy policy. The latest version of the privacy policy is always available here on the website. In the event of updates that are of significant importance for our processing of personal data, including changes in the purpose of our processing of personal data, information will be published on our website and by e-mail if we have this information in good time before the updates take effect. Privacy policy last updated 2023-08-23

What personal data do we collect about you and why?

1. Customer relationship management including ongoing support

Processing activity:

  • Establishment of administrator account for customers
  • Creation of an account for users of the service
  • Support in case of problems with the service

Categories of personal data:

  • First and last name
  • Contact information (email and telephone number)
  • Workplace title
  • User information for the service

Legal basis:

  • Agreement. This processing of personal data is carried out in order for us to fulfill our contractual obligations to our customers and provide employees with user accounts in the service so that they can access and use the service in accordance with the agreement.

Storage period:

  • Test data obtained with legal consent is stored for 6 months from the time the data is collected. Personal data stored under legitimate interest is kept for 90 days.

2. Processing of personal data for supplier contact management

Processing activity:

  • Necessary handling for fulfillment of the company’s legal obligations under legal requirements, such as the Accounting Act, processing of personal data for payment of invoices.

Categories of personal data:

  • First and last name
  • Email
  • Business connection
  • Title

Legal basis:

  • Legal obligation. This collection of personal data is required by law. If the data cannot be collected and processed, we cannot fulfill our legal obligation to pay invoices and prepare accounting in accordance with the law.

Storage period:

  • The data is stored in accordance with the requirements of external regulations for 7 years plus the current year.

3. To be able to evaluate, develop, and improve our services and systems

Processing activity:

  • Troubleshooting IT solutions
  • Testing of the service
  • Development of the service

Categories of personal data:

  • First and last name
  • Email
  • Age range
  • Occupation
  • Workplace
  • Information from interviews
  • Behavioral data

Legal basis:

  • Legitimate interest. The processing is necessary in order to satisfy our and our customers' legitimate interest in evaluating, developing, and improving our services and systems. It is based on an assessment that our interest outweighs your right not to have your personal data processed for this purpose. Some processing related to the development of our platform takes place with the legal basis of consent.

Storage period:

  • Test data obtained with legal consent is stored for 6 months from the time the data is collected. Personal data stored under legitimate interest is kept for 90 days.

4. For marketing and sales of our service

Processing activity:

  • Communication with and transmission of marketing materials
  • Communication of information about Co. Society and our service

Categories of personal data:

  • First and last name
  • Email
  • Age range
  • Occupation
  • Workplace
  • Information from interviews
  • Behavioral data

Legal basis:

  • Legitimate interest. We base our processing regarding marketing and sending newsletters on the balance of interests carried out by Co. Society. If you have given your consent for us to process your personal data for marketing purposes or for communicating our product in the form of sales, we process your data based on consent.

Storage period:

  • If you have given consent, we process your data until you withdraw it.
  • Without consent, we process your data until a possible agreement with us is terminated and for 15 months there after.
  • If you do not work for a company that is our customer, we process your data until you notify us that you are not interested in our service or at most for 24 months.