Privacy Policy

Your privacy matters to us. Below we describe what personal data we collect, why we collect it and what rights you have under the GDPR.

Data controller

1stLAYERS (1st Layers AB, reg. no. 559530-4097, Hamnplanen 24, 263 61 Viken, Sweden) is responsible for processing your personal data in accordance with the GDPR and Swedish data protection law.

What we collect

• Name, email and delivery address when you place an order
• Payment information is handled by Stripe — we never store card numbers
• IP address and anonymised usage data via Google Analytics 4 (only with your consent)
• Email address if you sign up for our newsletter or waiting list

Legal basis

• Contract: order processing and delivery
• Legal obligation: accounting records (7 years)
• Consent: marketing and analytics

Retention

Order data is kept for 7 years per Swedish accounting law. Analytics data is anonymised after 14 months. Marketing consent can be withdrawn at any time.

Your rights

You have the right to access, rectification, erasure, data portability and to object to processing. Contact hello@1stlayers.com and we'll handle your request within 30 days.

Recipients

We share data with processors needed to deliver the service: Stripe (payments), Vercel (hosting), Neon (database), Resend (email) and Google (analytics, with consent). All have binding data processing agreements with us.

Complaints

You can file a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se, or with the supervisory authority in your country of residence within the EU.