Privacy Policy
Last updated: March 2026
At Veey (operated by Zand Computing AB, Swedish company reg. no. 559238-8622), we are committed to protecting your privacy and ensuring that your personal data is handled responsibly. This Privacy Policy explains how we collect, use, and safeguard your data when you use our digital business card platform.
1. Data Controller and Processor
When a company (the “Customer”) uses Veey to create digital business cards for its employees and contacts, the Customer is the data controller for the personal data on those cards. Veey acts as the data processor, processing personal data on behalf of the Customer in accordance with their instructions and our Data Processing Agreement (DPA).
Veey may also process certain personal data as a data controller in order to improve the Service, such as aggregated usage analytics.
2. Information We Collect
We collect the following categories of personal data provided by you or your organisation:
- Name
- Email address
- Telephone number
- Profile image
- Social media profiles
- Company details and any other content added to your digital business card
We also collect usage data such as how you interact with our platform, including business card views and sharing activity.
3. How We Use Your Information
We process personal data for the following purposes:
- Providing the Service to users, including creating, managing, and sharing digital business cards
- Communicating relevant information with users about the Service
- Storage, administration, and deletion of personal data as required to operate the Service
- Improving and developing the Service (using anonymised or aggregated data)
4. Data Sharing and Sub-processors
We do not sell your personal data. We use trusted sub-processors to help operate our platform. Each sub-processor is bound by a data processing agreement with obligations equivalent to our own:
| Sub-processor | Purpose | Location |
|---|---|---|
| Google, Inc | Cloud infrastructure and site analytics | Finland |
| MongoDB | Cloud database management | Finland |
| HubSpot | Customer relationship management | Germany |
| Fortnox | Customer payments (billing) | Sweden |
| SendGrid, Inc | Automated email delivery | USA (Standard Contractual Clauses) |
| Stripe | Customer payments (billing) | USA |
| Plausible | Digital business card analytics | Self-hosted (Finland) |
Any transfer of personal data outside the EU/EEA complies with applicable GDPR requirements, including the use of Standard Contractual Clauses where necessary. We will inform you of any intended changes concerning the addition or replacement of sub-processors.
5. Data Security
We implement technical and organisational security measures to protect your personal data against destruction, alteration, unauthorised disclosure and unauthorised access. These measures ensure a level of security appropriate to the risk, taking into account the state of the art and the costs of implementation.
- Data centres: We use reliable cloud providers with full physical security protections, hosted primarily in the EU (Finland)
- Application security: Continuous vulnerability scanning, scheduled backups, and resilient, redundant infrastructure
- Access control: Access to systems and data is restricted to personnel who need it to provide the Service
- Authentication: All staff are required to use two-factor authentication and SSO where available
- Vulnerability reporting: Anyone can report a security concern by contacting us with a proof of concept. We verify and address vulnerabilities promptly
6. Data Retention
Your personal data is retained for as long as the agreement with your organisation is active. Upon request for erasure, personal data will be deleted as soon as possible and at the latest within one month. When a digital business card user is deleted from the dashboard, the associated personal data is removed.
Upon termination of the agreement, all personal data will either be deleted or returned to the Customer, at the Customer's choice.
7. Your Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your personal data
- Right to restrict processing: Request that we limit how we use your data
- Right to data portability: Receive your data in a structured, commonly used format
- Right to object: Object to certain types of processing
Since your organisation is the data controller, requests should generally be directed to your employer or the organisation that created your business card. You may also contact us directly and we will assist in fulfilling your request.
8. Data Breach Notification
In the event of a personal data breach, we will notify the relevant data controller without undue delay in accordance with Article 33 of the GDPR.
9. Content Moderation
We monitor digital business cards created through our Service to ensure appropriate use. If we identify cards with inappropriate content, we take immediate action.
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at sales@veey.co.
Veey (Zand Computing AB)
Swedish company reg. no. 559238-8622
Gothenburg, Sweden