EUROPHILE
Privacy Policy
This Privacy Policy explains how EUROPHILE collects, uses, shares and protects personal data when you visit our website, join early access or communicate with us.
Effective date and last updated: 17 July 2026
1. Who we are
Stockholm IT Academi AB, Org.nr: 559337-9141, Stockholm, Sweden is the data controller for the processing described in this policy. EUROPHILE is the service name. You can contact us at hello@europhile.io.
2. Scope of this policy
This policy applies to the public EUROPHILE website, the early-access programme, service emails, support messages and the privacy-friendly analytics used on the website. It does not govern independent websites or services that we may link to.
3. Personal data we collect
- Early-access information: your name, email address, telephone country code, telephone number and preferred language.
- Request information: the date and status of your request, the legal notice accepted at submission and whether a confirmation email was sent.
- Source information: the page used to submit a request, the referring website host and campaign labels such as source, medium and campaign.
- Website events: page views and selections such as Study, Work, Business, language changes, invitation prompts and completed early-access requests.
- Security information: a short-lived salted hash derived from connection data for rate limiting. The original IP address is not stored in the early-access or analytics tables.
- Communications: information you include when you contact us, ask a question or exercise a privacy right.
4. How we collect personal data
We collect data directly from you when you complete the early-access form or contact us. We collect limited technical and source information when your browser requests a page or sends a privacy-friendly analytics event. We may also receive delivery information from our email provider, such as whether a message was accepted, delivered, bounced or reported as unwanted.
5. Why we use personal data
- To record, manage and confirm your early-access request.
- To decide when and how to send invitations as EUROPHILE opens to more people and organisations.
- To communicate about your request, access, service updates and relevant next steps.
- To understand interest by country and by Study, Work or Business path. We may use the contact details you provide for relevant service follow-up. Marketing contact will only take place where applicable law permits it or after obtaining any consent required by law.
- To measure aggregate use, improve content and understand which parts of EUROPHILE are useful.
- To prevent spam, automated submissions, fraud, security incidents and misuse.
- To establish, exercise or defend legal claims and comply with legal obligations.
6. Our legal bases
- Legitimate interests: operating the early-access programme, responding to requested contact, improving EUROPHILE, measuring aggregate demand and protecting the service. We balance these interests against your rights and expectations.
- Steps requested by you: where processing is needed to consider your request before a future service relationship or membership is created.
- Consent: where we ask for consent for a specific optional activity, such as non-essential cookies or marketing that requires consent. You may withdraw consent at any time.
- Legal obligation: where we must process or retain information to comply with applicable law.
- Legal claims: where processing is necessary to protect our rights, users or the service.
7. Who receives personal data
Access is limited to authorised people who need the information to operate EUROPHILE. We use service providers that process data for us under contractual and security obligations.
- Vercel provides website hosting, content delivery and serverless computing.
- Supabase provides database and related infrastructure services.
- Resend provides transactional email delivery.
- Professional advisers, auditors, insurers, authorities or courts may receive information where reasonably necessary or legally required.
- A buyer, investor or successor may receive relevant information during a genuine corporate transaction, subject to appropriate confidentiality and data protection safeguards.
8. International data transfers
Some providers may process information outside Sweden or the European Economic Area. Where required, we use an adequacy decision, approved standard contractual clauses or another lawful transfer mechanism, together with supplementary safeguards where appropriate. You may contact us for more information about the safeguards relevant to your data.
9. How long we keep personal data
- Early-access records are normally kept for up to 24 months after the latest meaningful interaction, unless you become a member, ask us to delete the record or a longer period is legally required.
- Aggregate website events are normally kept for up to 14 months.
- Rate-limit records expire after their security window, normally within one hour.
- Email delivery records are kept only as long as needed to confirm delivery, handle suppression and protect sender reputation.
- Support and privacy correspondence may be kept for up to three years after closure so we can document our response.
- Data needed for legal obligations, disputes or fraud prevention may be kept for the applicable limitation or statutory period.
10. Security
We use access controls, encryption in transit, server-side credentials, rate limiting, restricted database permissions, Row Level Security, monitoring and data minimisation. No service can guarantee absolute security. If an incident creates a risk to your rights, we will assess notification duties and act in accordance with applicable law.
11. Your data protection rights
- Access: ask whether we process your personal data and request a copy.
- Correction: ask us to correct inaccurate or incomplete information.
- Deletion: ask us to delete information where there is no overriding reason to keep it.
- Restriction: ask us to limit processing in certain circumstances.
- Objection: object to processing based on legitimate interests, including direct marketing.
- Portability: receive certain information in a structured, commonly used and machine-readable format where the legal conditions apply.
- Withdraw consent: withdraw a consent at any time without affecting processing that was lawful before withdrawal.
- Complaint: complain to the Swedish Authority for Privacy Protection, IMY, or the data protection authority in the country where you live or work.
12. How to exercise your rights
Email hello@europhile.io and describe your request. We may ask for information needed to confirm your identity. We normally respond within one month, subject to lawful extensions for complex or numerous requests. There is normally no charge, but the law permits a reasonable fee or refusal for manifestly unfounded or excessive requests.
13. Children
The early-access programme is not intended for children under 16. If you are under 16, ask a parent or legal guardian to contact us before providing personal data. If we learn that we collected a child's data without appropriate authority, we will take reasonable steps to delete it.
14. Automated decisions and AI
We do not currently make decisions with legal or similarly significant effects about early-access applicants using solely automated processing. If EUROPHILE introduces AI-assisted recommendations, we will explain their purpose and important limitations before they materially affect members.
15. Changes and contact
We may update this policy when EUROPHILE, our providers or legal requirements change. We will publish the revised date and give additional notice where a change materially affects you. Questions and privacy requests can be sent to hello@europhile.io.