Privacy Policy

Effective Date: October 26, 2025

Last Updated: January 26, 2026

1. Introduction

Welcome to ossw.io, a strategy software-as-a-service (SaaS) platform provided by Open Strategising AB ("we," "us," or "our").

We are committed to protecting your personal data and your strategic information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [ossw.io] and use our platform.

For the purposes of the General Data Protection Regulation (GDPR), Open Strategising AB is the Data Controller of your personal data.

Company Details

  • Name: Open Strategising AB
  • Organization Number: 559496-8686
  • Address: Lotusgränd 1, 94140 Piteå, Sweden
  • Email: support@openstrategising.com

2. Information We Collect

We collect information to provide our strategy tools, improve user experience, and manage accounts.

A. Information You Provide to Us

  • Account Data: When you register, we collect your name, email address, password (hashed), and company/organization name.
  • Billing Data: If you subscribe to a paid plan, we (or our third-party payment processor) collect your billing address and payment details.
  • Strategy Content (User Data): This includes the strategic plans, goals, KPIs, text, and other content you input into the platform. While this is primarily business data, it may occasionally contain personal data (e.g., names of stakeholders).
  • Communication Data: Information sent when you contact support or respond to surveys.

B. Information Collected Automatically

  • Usage Data: We collect data on how you interact with the platform (e.g., features used, time spent on pages, click logs) to understand user behavior and improve the tool.
  • Device & Technical Data: IP address, browser type, operating system, and device identifiers.
  • Cookies: We use cookies to maintain your session and preferences. (See Section 9).

3. How We Use Your Data & Legal Basis

Under GDPR, we must have a lawful basis for processing your data.

PurposeData TypesLegal Basis (GDPR)
To Provide the Service: Creating accounts, authenticating users, and enabling strategy tools.Account Data, Strategy ContentPerformance of Contract (Art. 6.1.b)
Billing & Administration: Processing payments and sending invoices.Account Data, Billing DataPerformance of Contract (Art. 6.1.b) & Legal Obligation (Art. 6.1.c - Swedish Bookkeeping Act)
Platform Improvement: Analyzing usage to fix bugs and develop new features.Usage Data, Device DataLegitimate Interest (Art. 6.1.f)
Security: Detecting fraud and preventing unauthorized access.Device Data, IP LogsLegitimate Interest (Art. 6.1.f)
Communication: Sending service updates (e.g., "New Feature" or "Downtime Alert").Email AddressPerformance of Contract or Legitimate Interest

4. Data Sharing and Processors

We do not sell your data. We share data only with third-party vendors (Data Processors) strictly necessary to operate ossw.io. These vendors are bound by Data Processing Agreements (DPA).

  • Hosting & Infrastructure: Azure - region: EU.
  • Payment Processors: Stripe.
  • Analytics Providers: Google Analytics.
  • Email Services: SendGrid.

Legal Requirement: We may disclose your information if required to do so by Swedish law or in response to valid requests by public authorities (e.g., Skatteverket).

5. International Data Transfers

We strive to keep your data within the European Economic Area (EEA).

If we transfer data outside the EEA (e.g., to a US-based sub-processor), we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs) or relying on the EU-U.S. Data Privacy Framework adequacy decision.

6. Data Retention

We retain your personal data only as long as necessary:

  • Active Accounts: We keep your data for as long as your account is active.
  • Deleted Accounts: Upon account deletion, we delete or anonymize your Strategy Content and Account Data within 30 days (unless we are legally required to keep it).
  • Financial Records: Under the Swedish Bookkeeping Act (Bokföringslagen), we must retain payment and invoice records for 7 years.

7. Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL).
  • Encryption of data at rest (where applicable).
  • Regular security audits and access controls.

However, no method of transmission over the Internet is 100% secure. You are responsible for keeping your password confidential.

8. Your Rights (GDPR)

As a user in the EU/EEA, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request that we delete your data (subject to legal retention obligations).
  • Right to Restriction: Request we pause processing your data in certain scenarios.
  • Right to Portability: Request your data in a structured, commonly used format.

To exercise these rights, please contact us at support@openstrategising.com.

9. Cookies

We use "Essential Cookies" to keep you logged in. We may also use "Analytics Cookies" to see how the site is being used.

  • You can manage cookie preferences through your browser settings.
  • Blocking essential cookies may render the platform unusable (e.g., you won't be able to log in).

10. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you via email or a prominent notice on the ossw.io dashboard.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Open Strategising AB

Lotusgränd 1

94140, Piteå, Sweden

Email: support@openstrategising.com