Privacy Policy

Effective Date: November 1, 2025

This Privacy Policy explains how Mikael Vesavuori ("we," "us," or "Phaset") collects, uses, and protects your personal data when you visit our website or use our software.

The short version: We collect as little as possible. Your operational data stays on your infrastructure. We don't sell or share your data with third parties.

Core Principle: Phaset is designed for self-hosting. When you run Phaset on your infrastructure, all your operational data—catalogs, metrics, documentation—stays entirely under your control. We never see it, access it, or store it.

1. Who We Are

Data Controller: Mikael Vesavuori
Email: contact@phaset.dev
Location: Göteborg, Sweden

As a Sweden-based business, we comply with the General Data Protection Regulation (GDPR) and Swedish data protection laws.

2. What Data We Collect

Website Analytics (Umami)

We use Umami, a privacy-focused analytics service, to understand how visitors use our website. Umami is GDPR-compliant and does not use cookies.

What we collect through Umami:

Page views and navigation patterns
Referrer sources (where visitors came from)
Device type and browser information
Anonymized location data (country/region only)

What we DON'T collect:

Personal identifiers (no IP addresses, user IDs, or fingerprinting)
Cookies or persistent tracking
Cross-site tracking
Individual user journeys

Umami data is hosted on Umami Cloud and aggregated anonymously. We cannot identify individual visitors from this data.

License and Payment Information

When you purchase a license, we collect:

Contact information (name, email address, organization name)
Payment details (processed securely through Polar)
License key and organization size tier
Purchase date and license version

Payment processing is handled by Polar. We do not store your credit card information—Polar handles all payment data securely.

License Validation

When you run Phaset, the software performs a boot-time license check to validate your license key and guard against abuse. This check is made to our first-party back office system and includes:

Your license key

This check happens only at startup and does not involve any operational data from your Phaset deployment.

Support Communications

If you contact us for support, we collect:

Your email address and name
The content of your messages
Any technical information you choose to share

3. What We DON'T Collect

This is equally important. We do NOT collect:

Your operational data: Catalogs, services, metrics, documentation, or any content you store in Phaset
Telemetry from your Phaset instance: No usage analytics, feature tracking, or performance data beyond license validation
Personal information from your users: We don't see who uses your Phaset instance or what they do
Marketing data: No behavioral tracking, advertising profiles, or third-party data sharing
Cookies: Our website doesn't use cookies (Umami is cookie-free)

4. How We Use Your Data

We use the data we collect for these specific purposes:

Website Analytics

Understanding which features interest visitors
Improving website navigation and content
Measuring the effectiveness of documentation

License Management

Validating and managing your license
Preventing license abuse
Notifying you of updates and security patches
Processing upgrades and renewals

Customer Support

Responding to your questions and issues
Troubleshooting technical problems
Gathering feedback for product improvements

Legal Compliance

Complying with GDPR and Swedish law
Maintaining records for accounting and tax purposes
Protecting our legal rights if necessary

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

Contractual necessity: License management and support (when you purchase)
Legitimate interests: Website analytics to improve our service
Legal obligations: Financial records and tax compliance
Consent: When you voluntarily contact us for support

6. Data Sharing and Third Parties

We share data only with essential service providers:

Polar (Payment Processing)

Purpose: Secure payment processing
Data shared: Payment details, email, name
Location: EU-compliant servers
Privacy policy: polar.sh/legal/privacy

Umami (Analytics)

Purpose: Privacy-friendly website analytics
Data shared: Anonymized usage data
Location: Umami Cloud (EU servers)
Privacy policy: umami.is/privacy

We do NOT:

Sell your data to anyone
Share data with advertisers or marketing platforms
Use third-party tracking or ad networks
Participate in data broking or behavioral targeting

7. Data Retention

We retain your data for as long as necessary:

Website analytics: Aggregated data retained indefinitely (cannot identify individuals)
License information: Retained while your license is active, plus 7 years for accounting/legal purposes
Support communications (email): Retained for maximum 1 year after resolution
Payment records: 7 years (Swedish tax law requirement)

After these periods, data is securely deleted or anonymized.

8. Your Rights Under GDPR

As an individual in the EU/EEA, you have these rights:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request corrections to inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal retention requirements.

Right to Restriction

Request that we limit how we use your data.

Right to Data Portability

Request your data in a machine-readable format to transfer elsewhere.

Right to Object

Object to processing based on legitimate interests (e.g., analytics).

Right to Withdraw Consent

Withdraw consent for data processing that relies on it (doesn't affect lawfulness of prior processing).

Right to Lodge a Complaint

File a complaint with your local data protection authority if you believe we've violated your rights.

To exercise your rights: Email contact@phaset.dev with your request. We'll respond within 30 days.

9. Data Security

We protect your data with:

Encrypted connections (HTTPS/TLS) for all website traffic
Secure storage for license and customer data (provided by Polar's services)
Regular security updates and monitoring
Minimal data collection principle

For your self-hosted Phaset instance, you are responsible for securing your deployment, including:

Access controls and authentication
Infrastructure security
Data backups and encryption
Network security

10. International Data Transfers

Our service providers (Polar, Umami) operate within the EU and comply with GDPR. If data must be transferred outside the EU, it's done under appropriate safeguards:

Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Other legally recognized mechanisms

11. Children's Privacy

Phaset is not intended for individuals under 16. We do not knowingly collect data from children. If we discover we've collected data from a child, we'll delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we do:

We'll post the updated policy on this page
We'll update the "Last Updated" date
For material changes, we'll notify license holders by email

Continued use of our website or software after changes means you accept the updated policy.

13. Contact Us

Questions, concerns, or requests about your privacy?

Email: contact@phaset.dev
Response time: We aim to respond within 5 business days

For GDPR-related requests, include "GDPR Request" in your subject line for faster processing.

Our commitment: We built Phaset with privacy as a core principle. Self-hosting means you control your data. We collect only what's necessary to run the business and improve the product. Your trust matters to us.