← Back to home

Privacy Policy

Last updated: January 14, 2026

1. Introduction

Palpable is a product operated by Epode AB, a company registered in Sweden (org. nr. 559486-8780) ("we," "us," or "our"). We are the data controller for your personal data and are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Swedish data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, including our website, mobile applications, and IoT hardware products.

2. Data Controller

The data controller responsible for your personal data is:

Epode AB
Organization number: 559486-8780
Email: privacy@palpable.technology

3. Information We Collect

We collect and process the following categories of personal data:

3.1 Information you provide directly

  • Account information (email address, name, password)
  • Profile information (display name, avatar)
  • Payment information (processed by our payment provider Mollie)
  • Communication data when you contact us

3.2 Information collected automatically

  • Device identifiers and pairing data
  • Sensor data from connected IoT devices
  • Usage data and analytics
  • Technical data (IP address, browser type, device type)
  • Voice recordings when using voice features (processed but not stored)

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide our services to you
  • Legitimate interests: Service improvement, security, and fraud prevention
  • Legal obligation: Compliance with applicable laws and regulations
  • Consent: Where you have given explicit consent for specific purposes

5. How We Use Your Information

We use the collected information for the following purposes:

  • To provide, operate, and maintain our services
  • To process transactions and send related information
  • To send administrative information (updates, security alerts)
  • To respond to your comments, questions, and support requests
  • To analyze usage patterns and improve our services
  • To detect, prevent, and address technical issues and fraud
  • To comply with legal obligations

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account data: Retained while your account is active and for 30 days after deletion
  • Device data: Retained while the device is paired and for 30 days after unpairing
  • Transaction data: Retained for 7 years as required by Swedish accounting law
  • Usage analytics: Retained for 2 years in anonymized form
  • Voice recordings: Processed in real-time and not stored

7. Data Sharing and Third Parties

We may share your data with the following categories of recipients:

  • Service providers: Nhost (database), Hetzner (hosting), Mollie (payments), ElevenLabs (voice), Anthropic (AI)
  • Legal authorities: When required by law or to protect our rights

All service providers are bound by data processing agreements and are required to handle your data in accordance with GDPR.

8. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). When transferring data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Data processing agreements with all third parties

9. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data
  • Right to restriction: Restrict processing of your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time

To exercise any of these rights, please contact us at privacy@palpable.technology. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (TLS) and at rest
  • Secure authentication and access controls
  • Regular security assessments and updates
  • Employee training on data protection

11. Cookies

We use essential cookies necessary for the operation of our service. These cookies are required for authentication and security purposes. We do not use tracking or advertising cookies.

12. Children's Privacy

Our service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

13. Complaints

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Swedish Data Protection Authority (IMY):

Integritetsskyddsmyndigheten (IMY)
Website: www.imy.se
Email: imy@imy.se

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@palpable.technology
General inquiries: hello@epode.studio