Privacy Policy

Netlier AB is an IT security assessment platform provider based in Mölndal, Sweden. This privacy policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Swedish data protection law.

Account Data

• Name, email address, password (bcrypt hashed)
• Organization name and billing details

Assessment Data

• Data collected during security assessments of your customers' IT infrastructure
• This includes: domain information, IP addresses, email addresses found in breach databases, M365 tenant configuration data, network scan results, Active Directory information, firewall configurations
• This data is processed on your behalf — you are the data controller, Netlier is the data processor

Usage Data

• IP address, browser type, pages visited, feature usage
• Collected for platform improvement and security monitoring

Contact Form Data

• Name, email, company, phone, employee count, message
• Collected when you submit our contact form

• Providing and improving the Netlier platform
• Running security assessments as instructed by you
• Communicating with you about your account
• Sending security alerts and scan notifications
• Legal compliance and fraud prevention

• Contract performance — providing the service you subscribed to
• Legitimate interest — platform security, fraud prevention
• Consent — marketing communications (you can opt out anytime)

We do NOT sell your data. We share data only with:

• Cloud infrastructure providers (hosting) — under Data Processing Agreements
• Groq (AI analysis) — assessment data may be sent to Groq (Llama) for analysis. This is optional and can be disabled in settings.
• Email service providers — for transactional emails only
• Threat intelligence APIs — IP/domain checks against public databases

• All data stored on servers in Europe
• Assessment results encrypted at rest (AES-256-GCM)
• All connections encrypted in transit (TLS 1.2+)
• Access controls, audit logging, and regular security reviews
• Database backups encrypted and retained for 30 days

• Account data: retained while your account is active + 12 months after deletion
• Assessment data: retained per your configured retention policy (default: 24 months)
• Audit logs: retained for 24 months
• Contact form submissions: retained for 12 months
• You can request deletion at any time

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data (“right to be forgotten”)
• Restrict processing
• Data portability (export your data)
• Object to processing
• Withdraw consent at any time

To exercise these rights, contact: privacy@netlier.se

If you use Netlier to assess your customers' environments, you act as the data controller for any personal data collected during assessments. We provide a Data Processing Agreement upon request. Contact sales@netlier.se.

We use essential cookies only:

• Session cookie (next-auth.session-token) — keeps you logged in. Expires when your session ends or after 30 days.
• CSRF token (next-auth.csrf-token) — prevents cross-site request forgery attacks. Expires with your session.
• Cookie consent (netlier-cookie-consent) — remembers that you acknowledged this notice. Expires after 365 days.

We do NOT use:

• Analytics or tracking cookies
• Advertising or remarketing cookies
• Third-party cookies of any kind

If we add analytics in the future, we will update this policy and request your explicit consent before setting any non-essential cookies.

We will notify you of material changes via email and in-app notification. The “Last updated” date at the top of this page will be revised accordingly.

Netlier AB
Mölndal, Sweden
privacy@netlier.se

If you are unsatisfied with our response, you have the right to file a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY): www.imy.se