Privacy Policy
Last updated: April 3, 2026
1. Who We Are
Ravens of Odin ("we", "us", "our") is the data controller responsible for the personal data you provide when using this Service. We are based in Sweden and operate under Swedish and EU law, including the General Data Protection Regulation (GDPR).
If you have any questions about how we handle your personal data, contact us at: info@ravensofodin.com
2. What Data We Collect
Account information. When you create an account — either directly with an email address and password, or via a third-party provider (Google, GitHub) — we receive your email address and, where provided by the OAuth provider, your name and profile picture.
Content you create. We store the web pages, stories, images, videos, and other files you upload or publish through the Service. This content is hosted on your behalf and may be publicly accessible depending on your site settings.
Billing information. If you subscribe to a paid plan, payment processing is handled by Stripe. We receive and store your subscription status and Stripe customer ID. We do not store your full card number or payment details.
Usage and technical data. We may collect standard server log data, such as IP addresses, browser type, and pages accessed, for security and operational purposes. We do not use this data for advertising or profiling.
Third-party integrations. If you connect a Flickr account or use Pexels image search, we use the credentials or API keys you provide solely to fetch content on your behalf. We do not store Flickr passwords.
3. How We Use Your Data
We use your personal data for the following purposes and on the following legal bases:
| Purpose | Legal basis (GDPR) |
|---|---|
| Creating and managing your account | Contract (Art. 6(1)(b)) |
| Hosting and serving your published content | Contract (Art. 6(1)(b)) |
| Processing payments and managing subscriptions | Contract (Art. 6(1)(b)) |
| Sending transactional emails (account confirmation, invite, billing) | Contract (Art. 6(1)(b)) |
| Security, fraud prevention, and abuse detection | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not use your personal data for advertising, and we do not sell it to third parties.
4. How Long We Keep Your Data
Account data is retained for as long as your account is active. If you request deletion of your account, we will delete your personal data within 30 days, except where retention is required by law.
Published content is deleted on account closure unless you have explicitly requested earlier deletion.
Billing records may be retained for up to 7 years to comply with accounting and tax obligations.
Server logs are retained for up to 90 days and then deleted.
5. Third-Party Processors
We use the following third-party services to operate the platform. Each acts as a data processor on our behalf under appropriate agreements:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Authentication and database | EU (AWS eu-west-1) |
| Cloudflare | Edge compute, content storage (R2), and CDN | Global (including EU) |
| Stripe | Payment processing and billing | USA / EU |
| Pexels | Stock photo search (optional) | USA |
| Flickr / SmugMug | Photo import (optional, if connected) | USA |
Where data is transferred to processors outside the EU/EEA (such as Stripe and Cloudflare), the transfer is governed by Standard Contractual Clauses (SCCs) or an equivalent safeguard under GDPR Art. 46.
6. Cookies and Local Storage
We use browser local storage to maintain your authentication session. We do not use third-party tracking cookies or advertising cookies.
If Cloudflare places security cookies (e.g. for bot protection), these are strictly necessary for the operation of the Service and do not require consent under GDPR.
7. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Access. You can request a copy of the personal data we hold about you.
- Rectification. You can ask us to correct inaccurate or incomplete data.
- Erasure. You can request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
- Portability. You can request your data in a structured, machine-readable format.
- Restriction. You can ask us to restrict processing of your data in certain circumstances.
- Objection. You can object to processing based on legitimate interests.
- Withdraw consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at info@ravensofodin.com. We will respond within 30 days.
8. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with their personal data, please contact us and we will delete it promptly.
9. Security
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encryption in transit (TLS), access controls, and the use of trusted infrastructure providers.
No method of transmission or storage is 100% secure. If we become aware of a data breach that affects your rights, we will notify you and the relevant supervisory authority as required by law.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via the Service at least 14 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision.
11. Complaints
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Swedish supervisory authority:
Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm, Sweden
www.imy.se
We would, however, appreciate the opportunity to address your concerns before you contact the supervisory authority.
12. Contact
For any privacy-related questions or requests, please contact:
info@ravensofodin.com