Privacy Policy
1. Who is responsible for your data
The data controller is Oh So Fab, a Danish sole proprietorship (CVR 27167667), operating the Promizio platform. Contact us at hello@promizio.com.
2. What data we collect
| Data type | What we collect | Why |
|---|---|---|
| Account data | Email address, encrypted password | To authenticate you |
| Business profile | Business name, category, website, description, audience details | To match you with partners |
| Contact details | Contact name, email, phone (optional) | For platform communication |
| Usage data | Pages visited, features used, timestamps | To improve the platform |
| Technical data | IP address, browser type, device type | For security and performance |
| Billing data | Handled entirely by Stripe — we do not store card details | To process payments |
We do not collect sensitive personal data such as health information, political opinions, or financial data beyond what is necessary for billing.
3. Legal basis for processing (GDPR)
We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):
- Contract performance — processing your account and business profile data is necessary to provide the service you signed up for
- Legitimate interests — usage and technical data for platform security and improvement
- Legal obligation — retaining billing records as required by Danish accounting law
- Consent — for any marketing communications (you can withdraw at any time)
4. How we use your data
- To create and manage your account
- To suggest relevant business matches based on your profile
- To show your business profile to potential matches
- To process payments and manage subscriptions
- To send transactional emails (account confirmation, match notifications)
- To improve the platform based on usage patterns
- To comply with legal obligations
We do not use your data for automated decision-making that produces legal or similarly significant effects.
5. Who we share your data with
We share data only where necessary:
| Third party | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | EU (Ireland) |
| Stripe | Payment processing | EU / USA (SCCs apply) |
| Vercel | Website hosting | EU / USA (SCCs apply) |
| Formspree | Waitlist form submissions | USA (SCCs apply) |
We do not sell, rent, or trade your personal data to any third party for their own marketing purposes.
For transfers outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) as the legal mechanism.
6. Your business profile and matched businesses
When you are matched with another business, that business will be able to see your business name, category, description, and promotion preferences. They will not see your personal contact details unless you choose to share them directly.
7. Data retention
We retain your data for as long as your account is active. If you delete your account:
- Your business profile and personal data are deleted within 30 days
- Billing records are retained for 5 years as required by Danish bookkeeping law (bogføringsloven)
- Anonymised, aggregated usage statistics may be retained indefinitely
8. Your rights under GDPR
As a data subject in the EU/EEA, you have the following rights:
- Access — request a copy of the data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — for any processing based on consent
To exercise any of these rights, email us at hello@promizio.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at datatilsynet.dk.
9. Security
We implement appropriate technical and organisational measures to protect your data, including encrypted data storage, secure HTTPS connections, and access controls. However, no system is completely secure, and we cannot guarantee absolute security.
In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority as required by GDPR.
10. Cookies
Our use of cookies is described in our Cookie Policy.
11. Children
Promizio is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us immediately.
12. Changes to this policy
We may update this policy. We will notify registered users of material changes by email. The date at the top of this page indicates when it was last updated.
13. Contact
Privacy questions or data requests: hello@promizio.com
Oh So Fab · CVR 27167667 · Denmark