Page Contents

Privacy Policy for Sustinu

Last Updated: 01-08-2025

Sustinu (we, us, or our) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use the Sustinu Service.

By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Data Controller

The data controller for your information is:

Sustinu (DK)
CVR: 45712605
Email: support@Sustinu.dk

2. What Data We Collect and Why

We collect the following types of information for the purpose of providing and improving our Service:

  • Account Information: When you register, we collect your name, email address, and password.
    Lawful Basis: Performance of a contract (to provide you with an account).
  • Invoice Data: You upload invoice files (PDFs, images) for processing.
    Lawful Basis: Your explicit consent, given upon agreeing to this policy, and performance of a contract (to perform the core function of the app).
  • User-Generated Data: We store the material details (description, weight, type) that you enter.
    Lawful Basis: Performance of a contract (to perform tax calculations).
  • Payment Information: For subscriptions, we use a third-party payment processor (Mollie B.V.). We do not store your credit card details on our servers.
    Lawful Basis: Performance of a contract.

3. Our Data Handling Process: Your Privacy by Design

Our system is built on the GDPR principle of Data Minimisation. We are a data processing engine, not a document archive. This means we are designed to retain the minimum data necessary to provide our service, for the minimum time possible. Our file retention policy is designed to maximize your security while providing flexibility.

  1. Temporary Upload for Processing: When you upload an invoice, it is stored temporarily on our secure EU-based servers for the sole purpose of automated data extraction.
  2. Targeted Data Extraction: Our system analyzes the document to identify and extract only the data relevant to packaging compliance. We explicitly ignore and discard sensitive commercial and personal data during this process (including addresses, VAT/CVR numbers, and bank details).
  3. State-Aware Deletion of Original File: Our deletion policy depends on the processing status of your file:
    • On Successful Processing: The original invoice file you uploaded is immediately and permanently deleted from our servers.
    • For All Other Cases: To allow you time for review and error correction, any file that has not been successfully processed (e.g., awaiting processing or encountered an error) is automatically and permanently deleted after a 3-day grace period.
  4. Retention of Processed Data: The structured packaging item data you enter and the sanitized text are stored in your account to enable compliance calculations and reporting, in line with the purpose of the Service.

4. Data Retention

  • Account and Material Data: We retain this data as long as your account is active, as it is necessary to provide the Service to you.
  • Sanitized Extracted Text: Our system is designed to protect your privacy from the start. We automatically sanitize the text extracted from your invoices to remove sensitive data patterns. This non-sensitive text is a core part of your sustainability record, essential for historical tracking and report generation. Therefore, it is retained as long as the associated record exists in your account. You have full control to delete this data at any time by deleting the record itself.
  • Original Invoice Files: As stated above, these are permanently deleted after this 3-day period.

5. Cookie Policy

Cookies are small text files stored on your device that help our Service function. We are committed to using as few cookies as possible and only for essential purposes.

Our Use of Cookies

  • Strictly Necessary Cookies: We only use cookies that are essential for the website to function. These include cookies for managing your login session and for security purposes (e.g., CSRF protection). These cookies do not store any personally identifiable information and do not require prior consent under EU law. You can set your browser to block these cookies, but essential parts of the site, such as logging in, will not work.

We do not use any third-party analytics or marketing cookies that track your behavior across the web.

6. Data Security

We use industry-standard technical and administrative security measures to protect your information. This includes data encryption, access controls, and the secure architecture described in this policy. However, no method of transmission over the Internet is 100% secure.

7. Third-Party Services

We use the following third-party services to provide our Service:

  • Hosting: Hetzner (Frankfurt, Germany Region)
  • Payment Processing: Mollie B.V.
  • Analytics: Plausible Analytics - A privacy-focused tool that does not use cookies, used to understand website traffic and user behavior in an anonymous, aggregated manner.

We only share the minimum data necessary with these providers to perform their function.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

9. Contact Us

If you have any questions about these Terms, please contact us at support@Sustinu.dk.