Compose Glow AB · glowcode.io · Last updated: March 2026
This Privacy Policy describes how Compose Glow AB ("Glow", "we", "us", or "our") collects, uses, and protects personal data when you use our website at glowcode.io and our form-building platform (together, the "Service"). Compose Glow AB is the data controller for the personal data described in this policy.
Company name: Compose Glow AB · Country of registration: Sweden · Privacy contact: legal@glowcode.io
This policy covers personal data we collect about: visitors to glowcode.io (our website); users who register for and use the Glow platform (account holders and team members); and individuals who submit responses to forms created by Glow customers.
If you are a business using Glow to collect data from your own respondents, please also refer to our Data Processing Agreement (DPA), which governs how we process personal data on your behalf as a data processor.
When you create a Glow account, we collect: name and email address; company name (optional); and billing information (processed by Stripe - we do not store full card details). Legal basis: Performance of a contract (Article 6(1)(b) GDPR). We need this data to provide the Service to you.
When respondents submit forms created by Glow customers, personal data may be collected depending on the fields in each form. This data is stored on behalf of the Glow customer (who is the data controller for that data). Glow acts as a data processor in this context. This may include names, email addresses, uploaded files, and any other information entered into form fields. Legal basis: Legitimate interests of the data controller (the Glow customer) or consent, depending on the purpose of each form.
We use Mixpanel and Google Analytics to understand how the Service is used. This may include: pages visited and features used; device type, browser, and operating system; IP address (anonymised where possible); and session duration and click behaviour. Legal basis: Legitimate interests (Article 6(1)(f) GDPR) - to improve the Service and understand usage patterns. Where required by law, we will ask for your consent via a cookie banner.
If you contact us by email or through a contact form, we retain the content of that communication and your contact details in order to respond. Legal basis: Legitimate interests (Article 6(1)(f) GDPR).
Glow stores all platform data: including form submissions, file uploads, and account data - on Microsoft Azure infrastructure located in Sweden Central. This means your data remains within the European Economic Area (EEA) at all times.
We do not transfer your personal data outside the EEA except where necessary to provide the Service (for example, payment processing via Stripe). Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
We use the following third-party services that may process personal data on our behalf:
Stripe, Inc. - Purpose: Payment processing. Location: United States (EEA transfer via Standard Contractual Clauses). Privacy policy: stripe.com/privacy
Mixpanel, Inc. - Purpose: Product analytics. Location: United States (EEA transfer via Standard Contractual Clauses). Privacy policy: mixpanel.com/legal/privacy-policy
Google LLC (Google Analytics) - Purpose: Website analytics. Location: United States (EEA transfer via Standard Contractual Clauses). Privacy policy: policies.google.com/privacy
We retain personal data for as long as necessary to provide the Service and comply with our legal obligations: Account data is retained for the duration of your account, plus 12 months after deletion. Form submission data (Evaluation tier): 30 days from submission. Form submission data (Starter tier and above): 180 days from submission, or as configured. Billing records: 7 years (Swedish bookkeeping law requirement - Bokföringslagen). Analytics data: as configured in Mixpanel and Google Analytics (typically 12-24 months).
As a data subject, you have the following rights regarding your personal data: Right of access - request a copy of the personal data we hold about you. Right to rectification - request correction of inaccurate data. Right to erasure - request deletion of your data (subject to legal retention obligations). Right to restriction - request we limit processing of your data. Right to data portability - receive your data in a machine-readable format. Right to object - object to processing based on legitimate interests. Right to withdraw consent - where processing is based on consent, you may withdraw at any time.
To exercise any of these rights, contact us at legal@glowcode.io. We will respond within 30 days.
You also have the right to lodge a complaint with the Swedish data protection authority: Integritetsskyddsmyndigheten (IMY). Website: imy.se. Email: imy@imy.se
We use cookies and similar tracking technologies on glowcode.io. These include: Strictly necessary cookies - required for the Service to function. Analytics cookies - used by Google Analytics and Mixpanel to understand usage.
You can manage your cookie preferences through our cookie banner when you first visit the site. You may also manage cookies through your browser settings, though disabling certain cookies may affect functionality.
We take the security of personal data seriously. Our measures include: encryption in transit (TLS) and at rest; access controls and role-based permissions; data hosted in Microsoft Azure Sweden Central, a SOC 2 and ISO 27001 certified environment; and regular security reviews.
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Article 33-34.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice on the Service. The date of the latest update is shown at the top of this document. Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy.
For any questions about this Privacy Policy or to exercise your data subject rights, contact: Email: legal@glowcode.io. Company: Compose Glow AB
