1. Introduction
At E2C Software AB (“BigUp”, “we”, “us”, “our”), we are committed to protecting the privacy and personal data of our customers, users, and partners.
This GDPR and Privacy Policy explains how we collect, process, and protect personal data when you use BigUp’s services.
BigUp complies with the EU General Data Protection Regulation (GDPR) and applicable Swedish data protection laws.
2. Controller and Processor Information
- Data Controller:
Customer companies using BigUp are the Data Controllers for the personal data of their users and employees. - Data Processor:
E2C Software AB, c/o Techlove Dev AB, acts as the Data Processor, providing software development, maintenance, and operational services. - Hosting:
All data is hosted on secure servers operated by Oderland AB, located within the EU. - Sub-processor:
Rocketship AB manages the hosting of a self-hosted instance of Sentry for error tracking and session replays.
3. Personal Data We Process
We process the following types of data:
- Account information: Name, email address, phone number, company affiliation, and role.
- Usage data: IP address, device information, location data (if enabled), browser type, operating system.
- Session recordings and error logs: Screen recordings (if consented) and crash/error reports.
- Uploaded content: Files, reports, attachments, and other data users upload or generate.
- Communication data: Email addresses and phone numbers for notifications and alerts.
4. Purpose of Processing
We process personal data for the following purposes:
- To provide, maintain, and improve the BigUp platform
- To enable login, authentication, and secure user sessions
- To monitor platform security and performance
- To facilitate communication via email, SMS, and push notifications
- To enable location-based reporting if configured
- To comply with legal obligations
5. Cookies and Tracking
BigUp uses cookies and similar technologies to:
- Authenticate users and maintain secure sessions
- Analyze platform performance and usability
- Record crash data and optionally user behavior (with consent)
Cookies and Third-party Technologies Used:
| Technology | Purpose | Location of Data |
|---|---|---|
| First-party cookies | Authentication and session management | Hosted in Sweden (Oderland) |
| Smartlook SDK | UX session recording and heatmaps (optional, with consent) | EU |
| Sentry (self-hosted by Rocketship AB) | Error tracking and crash reporting | Sweden |
| Firebase Cloud Messaging (Google) | Push notifications to devices | EU Data Center where possible; US fallback with SCCs |
| Brevo (Sendinblue SAS) | Email communication and transactional emails | EU |
| 46elks AB | SMS sending services (alerts and notifications) | Sweden/EU |
Users can control and delete cookies via their browser or device settings. Disabling cookies may limit some functionality of the Service.
6. Legal Basis for Processing
We rely on the following legal grounds for processing:
- Performance of a contract: Necessary for providing BigUp services.
- Legitimate interests: For improving our services, ensuring security, and maintaining customer support operations.
- Consent: For optional services like location tracking, UX session recording (Smartlook), push notifications, and email/SMS communication when needed.
You can withdraw your consent at any time.
7. Data Retention
We retain personal data only as long as necessary to:
- Provide the services
- Comply with legal obligations
- Resolve disputes
- Enforce agreements
Inactive user accounts and related personal data will be deleted after a defined period in accordance with our Data Retention Policy.
8. Subprocessors
BigUp uses the following trusted subprocessors:
| Subprocessor | Purpose | Legal Entity | Location |
|---|---|---|---|
| Oderland AB | Hosting | Oderland AB | Sweden |
| Rocketship AB | Sentry error monitoring (self-hosted) | Rocketship AB | Sweden |
| Smartlook | UX analytics and session recording | Smartsupp.com, s.r.o. | EU |
| Google LLC (Firebase) | Push notification delivery | EU/US (with SCCs and additional safeguards) | |
| Brevo | Email communication | Sendinblue SAS (Brevo) | EU |
| 46elks AB | SMS delivery | 46elks AB | Sweden |
9. International Data Transfers
Personal data may be transferred outside the EU/EEA only under appropriate safeguards, including:
- Adequacy decisions by the European Commission
- Standard Contractual Clauses (SCCs)
- Supplementary technical and organizational measures
10. Data Subject Rights
As a data subject under GDPR, you have the right to:
- Access your personal data
- Request rectification of inaccurate or incomplete data
- Request deletion (“right to be forgotten”)
- Restrict processing
- Object to certain processing activities
- Data portability (receive your data in a structured, commonly used format)
- File a complaint with the Swedish Authority for Privacy Protection (IMY)
You can exercise your rights by contacting:
Data Protection Officer (DPO):
Email: dpo@bigup.se
Phone: +46 70 602 19 62 (Jörgen Hultmark)
11. Security Measures
We employ industry-standard security measures, including:
- Encryption of data in transit and at rest
- Strict access controls and role-based permissions
- Regular backups
- Security updates and vulnerability management
12. Updates to This Policy
We may update this Privacy Policy to reflect changes to our practices or legal obligations.
We will notify users of any significant changes via the Service or by email.
Contact Information
E2C Software AB
Contact person: Jörgen Hultmark
Email: dpo@bigup.se
Phone: +46 70 602 19 62
Address: Gamla Torget 1, 602 24 Norrköping, Sweden
