Privacy Policy

How we handle your data, what we collect, and what we don't. Transparency matters.

Version 2026-01-01

Effective Date: January 1, 2026

Privacy Policy v1.0 | Last Updated: January 1, 2026

This Privacy Policy explains how Mikael Vesavuori ("we," "us," or "MolnOS") collects, uses, and protects your personal data when you visit our website or use our software.

The short version:Your operational data stays on your infrastructure. We don't sell or share any data with third parties.

1. Who We Are

Data Controller: Mikael Vesavuori
Email: [email protected]
Location: Göteborg, Sweden

As a Sweden-based business, we comply with the General Data Protection Regulation (GDPR) and Swedish data protection laws.

2. What Data We Collect

Website Analytics (Umami)

We use Umami, a privacy-focused analytics service, to understand how visitors use our website. Umami is GDPR-compliant and does not use cookies.

What we collect through Umami:

  • Page views and navigation patterns
  • Referrer sources (where visitors came from)
  • Device type and browser information
  • Anonymized location data (country/region only)

What we DON'T collect:

  • Personal identifiers (no IP addresses, user IDs, or fingerprinting)
  • Cookies or persistent tracking
  • Cross-site tracking
  • Individual user journeys

Umami data is hosted on Umami Cloud and aggregated anonymously. We cannot identify individual visitors from this data.

License and Payment Information

When you purchase a plan, we collect:

  • Contact information (name, email address, organization name)
  • Payment details (processed securely through Polar)
  • License key
  • Purchase date and license version

Payment processing is handled by Polar. We do not store your credit card information—Polar handles all payment data securely.

Support Communications

If you contact us for support, we collect:

  • Your email address and name
  • The content of your messages
  • Any technical information you choose to share

3. What We DON'T Collect

This is equally important. We do NOT collect:

  • Your operational data (Self-Hosted MolnOS): Catalogs, services, metrics, documentation, or any content you store in your self-hosted MolnOS instance
  • Telemetry from your MolnOS instance: No usage analytics, feature tracking, or performance data beyond license validation
  • Personal information from your users: We don't see who uses your MolnOS instance or what they do (for self-hosted) or track individual user behavior (for Managed MolnOS)
  • Marketing data: No behavioral tracking, advertising profiles, or third-party data sharing
  • Cookies: Our website doesn't use cookies (Umami is cookie-free)

4. How We Use Your Data

We use the data we collect for these specific purposes:

Website Analytics

  • Understanding which features interest visitors
  • Improving website navigation and content
  • Measuring the effectiveness of documentation

License Management

  • Validating and managing your license
  • Preventing license abuse
  • Notifying you of updates and security patches
  • Processing upgrades and renewals

Customer Support

  • Responding to your questions and issues
  • Troubleshooting technical problems
  • Gathering feedback for product improvements

Legal Compliance

  • Complying with GDPR and Swedish law
  • Maintaining records for accounting and tax purposes
  • Protecting our legal rights if necessary

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

  • Contractual necessity: License management and support (when you purchase)
  • Legitimate interests: Website analytics to improve our service
  • Legal obligations: Financial records and tax compliance
  • Consent: When you voluntarily contact us for support

6. Data Sharing and Third Parties

We share data only with essential service providers. The specific services depend on which MolnOS offering you use:

For the Marketing Website (molnos.cloud)

These services are only used on our marketing website, not within your MolnOS instance:

Polar (Payment Processing)

  • Purpose: Secure payment processing
  • Data shared: Payment details, email, name
  • Location: USA
  • Privacy policy: polar.sh/legal/privacy

Umami (Website Analytics)

  • Purpose: Privacy-friendly analytics for the marketing website only
  • Data shared: Anonymized usage data from molnos.cloud visitors
  • Location: Umami Cloud (EU servers)
  • Privacy policy: umami.is/privacy

When you run MolnOS, none of your operational data is shared with third parties.

We do NOT:

  • Sell your data to anyone
  • Share data with advertisers or marketing platforms
  • Use third-party tracking or ad networks
  • Participate in data broking or behavioral targeting

7. Data Retention

We retain your data for as long as necessary:

  • Website analytics: Aggregated data retained indefinitely (cannot identify individuals)
  • License information: Retained while your license is active, plus 7 years for accounting/legal purposes
  • Support communications (email): Retained for maximum 1 year after resolution
  • Payment records: 7 years (Swedish tax law requirement)

After these periods, data is securely deleted or anonymized.

8. Your Rights Under GDPR

As an individual in the EU/EEA, you have these rights:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request corrections to inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal retention requirements.

Right to Restriction

Request that we limit how we use your data.

Right to Data Portability

Request your data in a machine-readable format to transfer elsewhere.

Right to Object

Object to processing based on legitimate interests (e.g., analytics).

Right to Withdraw Consent

Withdraw consent for data processing that relies on it (doesn't affect lawfulness of prior processing).

Right to Lodge a Complaint

File a complaint with your local data protection authority if you believe we've violated your rights.

To exercise your rights: Email [email protected] with your request. We'll respond within 30 days.

9. Data Security

We protect your data with:

  • Encrypted connections (HTTPS/TLS) for all website traffic
  • Secure storage for license and customer data (provided by Polar's services)
  • Regular security updates and monitoring
  • Minimal data collection principle

For your self-hosted MolnOS instance, you are responsible for securing your deployment, including:

  • Access controls and authentication
  • Infrastructure security
  • Data backups and encryption
  • Network security

10. International Data Transfers

Our service providers (Polar, Umami) operate within the EU and comply with GDPR. If data must be transferred outside the EU, it's done under appropriate safeguards:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other legally recognized mechanisms

11. Children's Privacy

MolnOS is not intended for individuals under 16. We do not knowingly collect data from children. If we discover we've collected data from a child, we'll delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we do:

  • We'll post the updated policy on this page
  • We'll update the "Last Updated" date
  • For material changes, we'll notify license holders by email

Continued use of our website or software after changes means you accept the updated policy.

13. Contact Us

Questions, concerns, or requests about your privacy?

Email: [email protected]
Response time: We aim to respond within 5 business days

For GDPR-related requests, include "GDPR Request" in your subject line for faster processing.

Our commitment: We built MolnOS with privacy as a core principle. Self-hosting means you control your data. We collect only what's necessary to run the business and improve the product. Your trust matters to us.