Privacy Policy

1. Who We Are

Reqport AB, org.nr 559550-0272, ("Reqport") is a Swedish company that provides a platform for organizations to securely receive, process, and respond to data requests from law enforcement and government authorities. The platform is designed so that Reqport cannot access the content of data requests or responses — all such data is end-to-end encrypted and technically inaccessible to us.

2. Who This Policy Applies To

This Privacy Policy explains how Reqport collects and uses personal data when Reqport acts as the data controller — meaning when we collect data for our own purposes. This applies to:

• (a) Website visitors who interact with reqport.com, including those who request a demo or contact us.
• (b) Platform users who register for an account on the Reqport platform, whether they represent a subscribing customer or a law enforcement / government authority.

What this policy does not cover: When Reqport processes data on behalf of a subscribing customer (for example, the content of data requests and responses transmitted through the platform), Reqport acts as a data processor. That processing is governed by our Data Processing Agreement with the relevant customer, not this Privacy Policy.

3. What Data We Collect

3.1 Website visitors

When you visit our website, request a demo, or contact us, we may collect your name, email address, company name, and the content of your message. We also collect basic technical data such as IP address and browser type through essential cookies needed to operate the site.

3.2 Platform users (all types)

When you register for the Reqport platform, we collect your name, email address, organizational affiliation, and role. This applies equally to users representing subscribing customers and users representing law enforcement or government authorities.

3.3 Subscribing customers (billing)

For subscribing customers on a paid plan, we additionally collect billing contact information and payment-related data as necessary to process invoices.

4. Request Data Is Inaccessible to Reqport

The content of data requests and responses transmitted through the platform (Request Data) is end-to-end encrypted using confidential computing technology. Reqport does not hold decryption keys and cannot access this data. It is processed exclusively under our Data Processing Agreement with the relevant subscribing customer.

5. How We Use Your Data

• To provide the platform. We use your account information and login activity to operate the platform, authenticate you, and maintain security. Legal basis: performance of a contract (Article 6(1)(b) GDPR) or, for authority users, our legitimate interest in providing the platform (Article 6(1)(f) GDPR).
• To communicate with you. We use your contact information to respond to enquiries, send service-related notifications, and provide support. Legal basis: performance of a contract or legitimate interest.
• To improve our services. We may use aggregated, anonymized usage data to understand how the platform is used and to improve it. This data does not identify you. Legal basis: legitimate interest.
• To comply with legal obligations. We may process your data where required by applicable law, including tax, accounting, or regulatory requirements. Legal basis: legal obligation (Article 6(1)(c) GDPR).

We do not use your personal data for advertising, profiling, or automated decision-making. We do not sell your data to third parties.

6. Who We Share Data With

We share personal data only where necessary to operate our services:

• (a) Infrastructure providers. Our platform is hosted on Microsoft Azure within the European Economic Area.
• (b) Authentication providers. We use third-party providers for authentication services, hosted within the EEA.
• (c) Professional advisors. We may share data with our legal, accounting, or financial advisors where necessary.
• (d) Legal requirements. We may disclose data where required by law, regulation, or court order.

We do not share personal data with advertisers or marketing partners. A current list of sub-processors is maintained in Annex III of our Data Processing Agreement.

7. International Data Transfers

All data is processed and stored within the European Economic Area. If a transfer outside the EEA becomes necessary, we will ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR, including Standard Contractual Clauses where required.

8. Data Retention

• Website visitor data: Contact form submissions and demo requests are retained for 12 months, after which they are deleted unless a commercial relationship has been established.
• Platform user data: Account information and login activity are retained for the duration of the account and deleted within 12 months of account closure, unless otherwise required by law.
• Request Data: Retention of data requests and responses transmitted through the platform is determined by the subscribing customer's regulatory requirements and governed by our Data Processing Agreement. Reqport cannot access this data at any time during the retention period.
• Billing data: Retained for the period required by Swedish accounting and tax law (currently 7 years).

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• (a) Access. You may request a copy of the personal data we hold about you.
• (b) Correction. You may request that we correct inaccurate or incomplete data.
• (c) Deletion. You may request that we delete your personal data, subject to any legal obligations requiring us to retain it.
• (d) Restriction. You may request that we restrict the processing of your data in certain circumstances.
• (e) Portability. You may request your data in a structured, commonly used, machine-readable format.
• (f) Objection. You may object to processing based on legitimate interest. We will cease processing unless we have compelling legitimate grounds.

To exercise any of these rights, contact us at privacy@reqport.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or the data protection authority in your country of residence.

10. Cookies

We use essential cookies necessary to operate the website. We do not use advertising, tracking, or analytics cookies. If this changes, we will update this policy and implement appropriate consent mechanisms.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the platform. Your continued use of the platform after changes take effect constitutes acceptance.

Contact