This notice explains how Internal Announcement AB handles personal data through our website and our service. We act as a controller for personal data we collect directly through this website, and as a processor under our customers' instructions for personal data they upload to the platform.

Data we collect

• From visitors — name, email, employer, role, message content, IP, browser metadata.
• From customer admins and senders — username, business email, hashed credentials, role, audit metadata.
• From customers' uploads — announcement content, audience definitions, read-state telemetry. Personal data within this is processed strictly under the customer's instructions.

Why we process it

• To respond to enquiries and demo requests.
• To provide the service under customer agreements.
• To meet legal obligations under tax and data protection law.
• To secure the platform.

Lawful bases (GDPR)

Consent (marketing where required), contract performance, legitimate interest, legal obligation.

Sub-processors

We don't sell personal data. We share with sub-processors under contract, professional advisors, and authorities where legally required. International transfers governed by SCCs.

Retention

Marketing-form: 24 months. Customer platform data: per the customer's contractual schedule. Audit logs: 7 years.

Your rights

Contact privacy@internal-announcement.com. EU residents may complain to a supervisory authority; our lead authority is the Swedish Authority for Privacy Protection (IMY).

Security

SOC 2 Type II and ISO 27001 controls. Suspected compromise: security@internal-announcement.com.

Contact

Internal Announcement AB · Sveavägen 25, 111 34 Stockholm, Sweden