Data processing policy

Introduction

We* process personal data for the purpose of providing e-tailers, our customers, with a platform for product search and recommendation solutions, as well as associated services. The e-tailers' pay a monthly fee for our platform as long as they are our customers.
We take data security and personal privacy very seriously and have therefore taken great measures to ensure that our platform and associated services comply with GDPR requirements.
If you have any questions regarding our data processing privacy policy - please don't hesitate to contact us. This policy was established by us on Jan 1, 2024.

* Mesh Nordic AI AB ("Mesh Nordic", "us", "we", or "our"), org. no. 559466-2057 with address Box 3090, 211 65 Malmö, Sweden. The international company name is Mesh Nordic AI Limited.

Availability

All personal data and other data is stored in a physical data center. We have taken measures to ensure that the data center can have operational disruptions without any prolonged disruptions. If a server is unavailable then the traffic is automatically redirected to another server.
Backups are automatically-created disk images. We have enabled system-level backups at weekly intervals, which provides a way to revert to an older state. The backups are retained for 4 weeks.
Our platform is designed to ensure that maintenance work and releases of new versions in most cases can be rolled out on an ongoing basis, without affecting visitors. This means that planned operational disruptions can be kept to a minimum.
Our platform is protected by ddos protection, even though they still can occur, and is built to be resilient and automatically handle heavy traffic spikes and attacks.

Data security

Each of our customers' data is stored in separate and isolated databases where the customer never has access to any data other than its own. Data security is ensured with, among other things, unique user accounts, firewalls, encryption and hash functions. Users' passwords are never stored in plain text but are protected by strong hashing features, ensuring that passwords cannot be leaked.
Traffic to and from our platform is encrypted using industry standard SSL and strong cryptologic algorithms. This ensures that information (such as personal data) cannot easily be read or manipulated by unauthorized persons.
We monitor our servers and try to detect if new security threats are made public. All servers are updated on an ongoing basis, or immediately when a vulnerability is discovered and there is a reasonable possibility, time-wise and technically, to fix the vulnerability.
Emails are automatically checked for viruses and servers are also monitored to detect unauthorized processes and suspicious activity.

Data breach / personal data breach

If, against all odds, a serious data breach or a personal data breach should occur, we will notify all affected customers as soon as possible as well as the competent supervisory authority in Sweden, which is IMY - the Swedish Authority for Privacy Protection (https://www.imy.se/en/).

Access to personal data

All data in our platform is owned by the e-tailer or Partner who rents the platform from us. This means that we are only allowed to access this data if we have a valid reason that requires it. For example, to offer support and additional services; troubleshoot reported bugs and errors; collect anonymous and general statistics etc.