Privacy policy

Last updated

This privacy policy was last updated on 15 April 2026.

Responsible company

Techquity AB

Reg. no. 559262-0529

Pirgatan 13, 374 30 Karlshamn

Introduction

This privacy policy (this ”Policy”) describes how we, Techquity AB, Reg. No. 559262-0529 (”Techquity”, ”we”, ”us”, ”our”), with address Pirgatan 13, 374 35 Karlshamn, Process your Personal Data (both as defined below).

Techquity provides a platform for managing and automating legal processes and workflows in connection with fundraising of private capital funds. Through our platform, investors can fill out subscription forms (application forms), upload KYC documentation and generate legal contracts with the purpose of applying for fund units in private capital funds.

Techquity cares about privacy and protecting the Personal Data handled by us. All Personal Data is Processed in accordance with Applicable Law (as defined below). In this Policy we describe how, and the purposes for which, we use and Process your Personal Data as well as what lawful bases we use and what measures we take to protect your Personal Data. We also provide information on how you exercise the rights you have connected to our Processing of Personal Data.

This Policy provides information on how we handle Personal Data when you communicate with us, use our platform (available on app.techquity.se and/or visit our website at www.techquity.se) (together the ”Services”).

The intended recipient(s) of the information provided in this Policy is:

– Investors and others who are users of the Services (including individuals representing institutional or private investors, fund managers and/or fund administrators);

– Employees of potential customers (e.g. individuals employed at private equity firms which are potential customers of Techquity);

– Employees of existing customers (e.g. individuals employed at private equity firms which are customers of Techquity);

– Anyone subscribing to our newsletter(s) and/or to receive updates and information about Techquity by way of filling out a form on our website (www.techquity.se) or through other means; and

– Visitors to our website.

Depending on the context of Personal Data you provide, Techquity may be the Controller or the Processor of your Personal Data under this Policy.

Techquity is a Processor in relation to our Customers for Personal Data submitted to or collected through our Services on behalf of or at the direction of our Customers, except for Personal Data which is collected and required in order for users to register their accounts with us, for which Techquity is a Controller. We are also a Controller for Personal Data which is collected for our own business purposes, such as marketing (including but not limited to our newsletter(s)), statistics, analytics, and similar.

As to the Personal Data of individuals employed at law firms which are customers to Techquity, Techquity collects and Processes such Personal Data under a Data Processing Agreement between Techquity and the law firm, where Techquity is the Processor of Personal Data submitted or otherwise uploaded to the Platform. However, Techquity is a Controller for the Personal Data collected and required in order for employees to register accounts on our Platform.

Definitions

Applicable Law” refers to the legislation applicable to the processing of Personal Data, including the GDPR, supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or EU supervisory authority.

Controller” is the company/organisation that decides for what purposes and in what way Personal Data is to be processed and is responsible for the Processing of Personal Data in accordance with Applicable Law.

Customer” means a customer of Techquity, which is mainly law firms managing the legal work in connection with a fundraising.

Data Subject” is the living, natural person whose Personal Data is being Processed.

Personal Data” means any information relating to an identified or identifiable natural person.

Processing” means any operations or set of operations which is performed on Personal Data, e.g. storage, modification, reading, handover or similar.

Processor” is the company/organisation that processes Personal Data on behalf of the Controller and can therefore only process the Personal Data according to the instructions of the Controller and the Applicable Law.

The definitions above shall apply in the Policy regardless of whether they are capitalised or not.

Our processing of personal data

We have a responsibility to describe and demonstrate how we fulfill the requirements that are imposed on us when we Process your Personal Data. This section aims to describe (i) the lawful bases for Processing your Personal Data, (ii) for how long we keep your Personal Data (storage), (iii) the type of Personal Data we collect, (iv) the methods used for collecting your Personal Data, and (v) the purposes for which we Process your Personal Data.

You are informed that Techquity may share or transfer your Personal Data to certain third parties (Processors or Sub-Processors), but never for other purposes than for which they were collected in the first place, and always in accordance with Techquity’s explicit instructions.

What are our lawful bases for processing data?

We collect, use and share the Personal Data we have using the following legal bases.

Legitimate interest: Techquity may Process Personal Data if we have assessed that a legitimate interest overrides the interest of fundamental rights and freedoms of the Data Subject, and if the Processing is necessary for the purpose in question.

Performance of a contract: The Processing is necessary for the performance of a contract entered between us and the Data Subject.

Consent: Techquity may Process your Personal Data after you have given your consent to the Processing. Information regarding the Processing is always provided in connection to the request of consent. You may withdraw your consent at any time.

Legal obligation: Techquity will Process your Personal Data where we are required by laws and regulations to do so as a result of our business.

For how long do we store your personal data?

We will keep your Personal Data as long as it is necessary for the purpose(s) for which it was collected. Depending on the lawful basis on which the Processing is supported, this may (i) be regulated in a contract, (ii) be dependent on valid consent, (iii) be stated in legislation or (iv) follow from an internal assessment based on a legitimate interest assessment. In the processing purposes below we indicate, for each purpose, the period during which the Personal Data will be stored or the criteria used to determine the storage period.

When you delete your account, the associated Personal Data enters a soft-deletion period of 30 days during which the deletion can be reversed. After this period, the data is permanently erased from our production systems. Copies of the data may persist in encrypted backups for an additional 30 days before being overwritten, meaning full erasure may take up to 60 days from the date of deletion. Certain Personal Data (such as identifiers and timestamps) may be retained beyond this period in audit logs where required for security, fraud prevention, or compliance purposes. Retention beyond the 60-day period does not apply unless required by law or under an applicable agreement with a Customer.

The personal data we collect

The Personal Data we may collect include:

Browser information: What type and version of browser, websites from which you have been referred, pages you use on our website, your IP address and a rough location estimate based on your IP address, information about your web activity on our site or your interaction with e-mails we send to you, and information about your use of our Services.

Contact details: Name(s), e-mail address, residential address, personal identification number and telephone number and information about the organisation you represent. Personal identification numbers (personnummer) are only collected where clearly justified having regard to the purpose of the Processing, in particular where secure identification of the Data Subject is required in connection with KYC processes or the execution of subscription documents.

User account information: Username, password, profile picture (optional).

Your usage: We collect information about how you use our Services, such as what pages you visit, how much time you spend on different pages, what you click on and how you engage with our content.

KYC and subscription documentation: Information submitted through subscription forms and uploaded KYC documentation, which may include identity documents, passport details, financial information, and information about beneficial ownership. This data is Processed by Techquity as a Processor on behalf of our Customers.

How do we collect your personal data?

We collect Personal Data directly from you, as well as automatically through your use of our Services and, in some cases, from third parties. Below is a list describing how we collect Personal Data.

Information that you give us: The information we collect directly from you is typically contact details and user account information shared by you in connection with registering an account (and profile), and information you share with us through the use of our forms (subscription forms) used for applying for fund units.

Information collected automatically: When you use or interact with our Site and Services, we receive and store information generated by your activity, like usage data and other information automatically collected from your browser or mobile device. This information may include information on what type and version of browser you are using, websites from which you have been referred, pages you use on our website, your IP address and a rough location estimate based on your IP address, information about your web activity on our site or your interaction with e-mails we send to you, and information about your use of our Services.

In most cases, this information is generated by various tracking technologies, which may include ”cookies” and/or ”web beacons”. You can read about how we use cookies and other tracking technologies in our Cookie Policy (www.techquity.se/cookie-policy) and also about the choices you can make to limit their use.

Information from other sources: We may receive information about you, such as name and e-mail address, in order to invite you to the platform. This information is typically received from the private equity firm raising the fund, or the law firm managing the legal process in connection to the fundraising. Where we receive your Personal Data from a third party rather than directly from you, we will provide you with the information required under this Policy within a reasonable period and no later than one month after obtaining the data, or at the time of first communication with you if earlier.

Processing purposes

#1 – Enable access to the Services

Purpose: Register a user account and profile to enable the user to access the Services.

Personal Data: Name, e-mail address, password, phone number (optional), profile picture (optional).

Source: Directly from the Data Subject, from a representative representing the Data Subject, from the law firm managing the fundraising (which is a customer to Techquity) or from the Data Subject’s employer.

Lawful basis: Performance of contract.

Storage period: As long as the Data Subject holds an account on our platform. Upon account deletion, this data is erased in accordance with the deletion process described under ”For how long do we store your personal data?” above.

#2 – Increase security and prevent abuse

Purpose: Verify user login credentials to increase security and prevent abuse.

Personal Data: Name, e-mail address.

Source: Directly from the Data Subject or a representative representing the Data Subject.

Lawful basis: The legitimate interest of verifying the user identity to increase security and prevent abuse.

Storage period: As long as the Data Subject holds an account on our platform. Upon account deletion, this data is erased in accordance with the deletion process described under ”For how long do we store your personal data?” above.

#3 – Support and communication

Purpose: Communicate in order to efficiently help our customers with any problems and provide relevant information regarding the Service.

Personal Data: Name, e-mail address, phone number, company.

Source: Directly from the Data Subject or a representative representing the Data Subject.

Lawful basis: The legitimate interest of providing the Service.

Storage period: Conversations are stored for 12 months or as long as the Data Subject has an account on our platform, whichever is shorter. Upon account deletion or expiry of the 12-month period, the data is erased in accordance with the deletion process described under ”For how long do we store your personal data?” above.

#4 – KYC and subscription documentation

Purpose: Enable investors to submit subscription forms and upload KYC documentation in connection with applying for fund units, and to facilitate the generation of legal contracts.

Personal Data: Name, e-mail address, residential address, personal identification number, identity documents, passport details, financial information, information about beneficial ownership, and any other Personal Data submitted through subscription forms or uploaded as KYC documentation.

Source: Directly from the Data Subject, or from the law firm or fund manager acting on behalf of the Data Subject.

Lawful basis: Techquity Processes this data as a Processor on behalf of our Customers (the law firms). The Customer, as Controller, determines the lawful basis, which is typically performance of a contract with the Data Subject and/or compliance with a legal obligation (e.g. anti-money laundering legislation).

Storage period: As long as required by the Customer in accordance with the applicable Data Processing Agreement. Upon termination of the agreement, the data is deleted or returned in accordance with the terms of the agreement.

#5 – AI-assisted document review

Purpose: Provide AI-powered features on the platform that assist users in reviewing and analysing documents in the data room, such as automated summarisation, extraction, and flagging of relevant information.

Personal Data: Full name(s), e-mail address, and any Personal Data contained in documents submitted to the AI-assisted features in the data room. The specific categories of Personal Data processed depend on the content of the documents uploaded by the user.

Source: Directly from the Data Subject or from the Customer who uploads documents to the platform.

Lawful basis: Techquity Processes this data primarily as a Processor on behalf of our Customers. For the AI features themselves, the legitimate interest of providing and improving the Service applies. No automated decisions producing legal effects or similarly significantly affecting Data Subjects are made through these features — the AI output is always subject to human review.

Storage period: Personal Data processed through AI features is not retained by the AI model provider (Anthropic) after processing. On Techquity’s platform, the data is stored as long as the relevant documents remain in the data room or as required by the Customer.

Additional safeguards: Personal Data submitted to the AI features is processed under a zero-retention agreement with Anthropic, meaning that data is not used to train, fine-tune, or otherwise improve Anthropic’s AI models. Techquity applies data minimisation measures to limit the Personal Data submitted to the AI to what is necessary for the specific feature.

#6 – Marketing and newsletters

Purpose: Send newsletters, product updates, and marketing communications about Techquity and our Services.

Personal Data: Name, e-mail address.

Source: Directly from the Data Subject (by subscribing through our website or other means).

Lawful basis: Consent. You may withdraw your consent at any time by using the unsubscribe link included in every communication or by contacting us at privacy@techquity.se.

Storage period: As long as the Data Subject maintains their subscription. Upon withdrawal of consent, the data is erased without undue delay, except where we need to retain the e-mail address on a suppression list to ensure we do not contact the Data Subject again.

#7 – Invitations to the platform

Purpose: Invite individuals (typically investors) to register on the platform in connection with a fundraising, based on information received from the law firm or fund manager managing the process.

Personal Data: Name, e-mail address.

Source: From the law firm or the private equity firm managing the fundraising.

Lawful basis: The legitimate interest of Techquity and its Customers in enabling investors to participate in the fundraising process through the platform.

Storage period: If the invited individual does not register an account, the invitation data is deleted after 12 months. If the individual registers, the data becomes part of their account and is governed by Processing purpose #1.

#8 – Website analytics and server logs

Purpose: Maintain the security and performance of our website and Services, and understand general usage patterns through server log analysis.

Personal Data: IP address, browser type and version, pages visited, timestamps.

Source: Collected automatically through server logs when you use our Services.

Lawful basis: The legitimate interest of maintaining the security, availability, and performance of our Services.

Storage period: Server logs are stored for a maximum of 12 months and are then permanently deleted.

Automated decision-making

Techquity does not use your Personal Data for automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you. While our platform includes AI-assisted features (see Processing purpose #5 above), these features are designed to support and assist users and do not make decisions autonomously. A human is always involved in any decision based on the output of our AI features.

Your rights under the GDPR

You are the one in control of your Personal Data and we always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.

Access: You always have the right to receive information about the Processing of Personal Data that concerns you. We only provide information if we have been able to fully verify that it is you that are requesting the information.

Rectification: If you find that the Personal Data we process about you is incorrect, you have the right to have it rectified.

Erasure: You have the right to be forgotten and request deletion of your Personal Data when the Processing is no longer necessary for the purpose for which it was collected.

Objections: If you disagree with any of our assessments, such as that a legitimate interest for Processing your Personal Data overrides your interest in protecting your privacy, you have the right to object and demand we review our assessment. When making the new assessment, we add your objection to the balance when considering whether Processing your Personal Data can still be justified. If you object to direct marketing, we will immediately cease the Processing without making an assessment.

Restriction: You can also ask us to restrict our Processing of your Personal Data (i) while we are processing a request from you for any of your other rights, (ii) if, instead of requesting erasure, you want us to limit the Processing of Personal Data for a specific purpose, such as if you do not want us to send advertising to you in the future, for which we would still need to save your name in order to know that we should not contact you in the future, or (iii) in cases where we no longer need the information in relation to the purpose for which it was collected, provided that you do not have an interest in retaining it to make a legal claim.

Data portability: You have the right to receive the Personal Data you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another controller.

Withdraw consent: If you have given consent to one or several specific Processing(s) of your Personal Data, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of Processing carried out before the withdrawal.

Complaint to a supervisory authority: If you believe that our Processing of your Personal Data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. In Sweden, the competent authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, ”IMY”). More information is available at https://www.imy.se/. You may contact IMY via e-mail at: imy@imy.se.

How to exercise your rights

Send us an e-mail at privacy@techquity.se and tell us what right(s) you wish to exercise, and we will make sure you can exercise them. We will respond to your request without undue delay and in any event within one month of receipt.

Transfers of personal data

In order to provide our platform and run our business, we may need help from others who will Process Personal Data on our behalf. Certain of our Sub-Processors are located in the United States. In cases where our Processors transfer Personal Data outside the EU/EEA, we have ensured that the level of protection is adequate, and in compliance with Applicable Law, by relying on one or more of the following safeguards:

– An adequacy decision by the EU Commission, including certification under the EU-US Data Privacy Framework (DPF) for transfers to the United States.

– The EU Commission’s standard contractual clauses (SCCs) for data transfer to non-EU/EEA countries.

– Other appropriate safeguards in compliance with Applicable Law, including binding corporate rules where applicable.

We have entered into Data Processing Agreements (DPAs) with all our Sub-Processors. The DPAs set out, among other things, how the Sub-Processor may process the Personal Data and what security measures are required for the Processing.

We may also need to disclose your Personal Data to certain designated authorities in order to fulfill obligations under Applicable Law or legally binding judgments.

Our sub-processors

Amazon Web Services (AWS)

Personal data being processed: All data collected by us (contact details, user account details, financial information, passport details, browser information).

Details: Our servers are hosted with Amazon Web Services at their premises in Stockholm, Sweden. All Personal Data collected by us are stored on their services.

Country of processing: EU (Sweden).

Google (Google Workspace, Google Drive, Gmail)

Personal data being processed: Full name(s), e-mail address.

Details: Google’s products help us in different areas. We use Gmail as our e-mail service and Google Drive for document storage.

Country of processing: EU/EEA.

DocuSign

Personal data being processed: Full name(s), e-mail address.

Details: DocuSign is an e-signature solution which is integrated into the Platform. DocuSign is used to sign documents and agreements in a secure way.

Country of processing: EU/EEA and United States.

Transfer mechanism: DocuSign, Inc. is certified under the EU-US Data Privacy Framework.

Anthropic

Personal data being processed: Full name(s), e-mail address, and any Personal Data contained in documents submitted to AI-assisted features in the data room.

Details: Anthropic is the provider of Claude, a large language model (LLM), which is the underlying model used to process data in AI features on our platform. Anthropic processes Personal Data under a zero-retention agreement – data submitted to the AI model is not retained after processing and is not used to train or improve Anthropic’s models.

Country of processing: United States.

Transfer mechanism: Anthropic PBC is certified under the EU-US Data Privacy Framework.

Loops.so

Personal data being processed: Full name(s), e-mail address.

Details: Loops is an e-mail platform used by Techquity to send newsletters and marketing communications.

Country of processing: United States.

Transfer mechanism: Standard contractual clauses.

Security measures

Techquity has employed technical and organisational measures to ensure that your Personal Data is processed securely and protected from loss, abuse and unauthorised access. These measures are reviewed and updated on a regular basis.

Organisational security measures: Measures implemented in work methods and routines within the organisation such as (i) internal governance documents (policies and instructions), (ii) login and password management, (iii) physical security (premises, etc.), and (iv) incident response procedures.

Technical security measures: Measures implemented through technical solutions, such as:

– Encryption of data at rest and in transit

– Access control and role-based permissions

– Access logging and monitoring

– TLS/SSL for all external connections

– Two-factor authentication for all sensitive services

– Use of password manager for all credentials

Cookies

Techquity uses cookies and similar tracking technologies to analyse the use of our Services so that we can improve them and give you a superior user experience. For more information on how we use cookies, please see our Cookie policy at https://www.techquity.se/cookie-policy.

Changes to this policy

We reserve the right to make changes to this Policy. In the event that the change affects our obligations or your rights, we will inform you about the changes in a timely and appropriate manner so that you are able to review the changes beforehand. The date of the most recent update is indicated at the top of this Policy.

Contact

Techquity has no appointed Data Protection Officer. For all questions relating to this Policy or the Processing of your Personal Data, please contact us at privacy@techquity.se.