Privacy Policy

Last updated: December 11, 2025

Thank you for choosing to be part of our community at Eternal Memories AB ("Company", "we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy policy, or our practices with regard to your personal information, please contact us at picture@eternalmemories.se.

This privacy policy describes how we process personal data when you use our professional mobile applications and related services (the "Apps") which are provided in-house to partner jewellery shops, sanitary businesses and similar professional customers (together, the "Shops"). The Apps are used to create customized jewellery and related products, including engraving based on fingerprint images, audio waveforms and customer-uploaded images.

When you use our Apps and Services, you trust us with your personal information, including certain special categories of data (such as biometric data). We take this responsibility seriously. This privacy policy explains in a clear and transparent way what information we collect, how and why we use it, on what legal basis, how long we keep it, and what rights you have under applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

This privacy policy applies to all information collected through our mobile applications and any related services, sales, marketing or events (collectively, the "Services"). The Apps are intended for use by adult professional users only and are not directed to children.

If you do not agree with any part of this privacy policy, you should not use the Apps or our Services.

1. WHO IS RESPONSIBLE FOR YOUR DATA?

In Short: Eternal Memories AB is the data controller for the processing described in this policy.

Eternal Memories AB, a company established in Sweden, is the data controller in the sense of the GDPR for the processing of personal data described in this privacy policy. We provide the Apps and backend systems that are used by Shops to create and manage customer orders.

The Shops may also act as independent controllers for their own customer relationships (for example, when they store order information in their own systems). In those cases, the Shops will provide their own privacy information to data subjects. This policy describes our processing within the Apps and related Services operated by Eternal Memories AB.

2. WHAT INFORMATION DO WE COLLECT?

2.1 Personal information you disclose to us

In Short: We collect personal information that you provide to us, including biometric and other special categories of personal data, in order to create and manage customized jewellery and related products.

We collect personal information that you voluntarily provide to us when registering or using the Apps, when creating and managing orders, or when contacting us. The type of information we collect depends on how you use the Services.

Biometric and special category data

In Short: We collect and process fingerprint images and audio recordings only for the purpose of engraving and creating the ordered products, based on your explicit consent.

• Fingerprint images. We collect fingerprint images uploaded or captured in the Apps for the purpose of designing and engraving jewellery and related products. These images may qualify as biometric data under the GDPR.
• Audio recordings. We collect audio recordings that you submit via the Apps for the purpose of visualizing the audio as a waveform and engraving that waveform onto jewellery and related products.
• Uploaded images. We collect photos and images (for example, pictures of people, pets, handwriting, drawings or other artwork) that you upload in order to use them as engraving or design elements in the products you order.

These data are used strictly to fulfill your order and provide the Services. We do not use them for identification, authentication, profiling, marketing, or any automated decision-making beyond what is technically necessary to prepare and produce the ordered item.

Order and account data

• Identification and contact details. Such as your name, email address, telephone number, postal address and similar contact data.
• Order details. Such as product type, engraving choices, text, design options, order number, timestamps and status of the order.
• Account credentials (if applicable). Such as username and password or other authentication data for accessing internal sections of the Apps. Passwords are stored in hashed form.

All personal information that you provide to us must be true, complete and accurate, and you should notify us of any changes.

2.2 Information automatically collected

In Short: Some information is collected automatically when you use the Apps, mainly for security, operation and analytics.

When you use the Apps, we automatically collect certain technical information that does not in itself identify you directly, such as:

• IP address and approximate location (country/region level).
• Device identifiers (such as mobile device ID), device model and manufacturer.
• Operating system and version, language settings.
• App version, crash logs, performance data.
• Information about how and when you use the Apps (for example, screen views and basic usage events).

This information is primarily needed to maintain the security and operation of our Apps, to troubleshoot, and for our internal analytics and reporting purposes. Some of this data may be collected via third-party analytics tools such as Firebase.

2.3 Information collected through our Apps

In Short: We may request access to your device’s camera, microphone and storage to allow you to capture and upload content for your order.

• Camera access. To capture fingerprint images and photos for use in your order.
• Microphone access. To record audio that will be converted into a visual waveform for engraving.
• Device storage access. To allow you to select existing images or media files from your device for engraving.
• Mobile device data. As described above (device IDs, OS version, app version, etc.).

You can control access to your device’s camera, microphone and storage in your device settings. However, if you disable these permissions, some features of the Apps may not function properly (for example, we will not be able to capture fingerprints or audio for your order).

Data on device: The Apps use secure communication (SSL/TLS) to transmit data to our servers. Once an order is submitted and successfully stored on our systems, we do not keep your fingerprint images, audio recordings or uploaded images on the device beyond what is technically necessary for normal app operation (such as temporary caching). The primary storage of your order content is on our secure servers in the EU (Sweden).

3. ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?

In Short: We process your data in accordance with the GDPR, based on explicit consent, performance of a contract, legal obligations and our legitimate interests.

Under the GDPR, we must have a legal basis to process your personal data. Depending on the specific processing, we rely on the following legal bases:

• Explicit consent (Article 6(1)(a) and Article 9(2)(a) GDPR). We process your fingerprint images, audio recordings and certain uploaded images (where they may reveal biometric or other special categories of data) based on your explicit consent. You can withdraw your consent at any time (see Section 11).
• Performance of a contract (Article 6(1)(b) GDPR). We process your contact details, order information and other necessary data to create, produce and deliver the products you have ordered and to provide customer support.
• Legal obligations (Article 6(1)(c) GDPR). We may process certain data to comply with legal obligations, for example, accounting, tax rules or responding to lawful requests from authorities.
• Legitimate interests (Article 6(1)(f) GDPR). We may process technical and usage data for security, fraud prevention, service improvement and limited analytics, where our interests are not overridden by your rights and freedoms.

4. HOW DO WE USE YOUR INFORMATION?

In Short: We use your data strictly to provide and improve the Services, to fulfill your orders, to ensure security and to comply with legal requirements.

We use the information we collect for the following purposes:

• To create and fulfill your orders. This includes using fingerprint images, audio recordings and uploaded images to design and produce the ordered jewellery or related products, communicate with you about your order, and manage payment and logistics.
• To operate and maintain the Apps. For example, to provide core functionality, manage user access, and ensure the technical functioning of our Services.
• To provide customer support. To respond to inquiries, handle complaints, and resolve technical or order-related issues.
• To improve our Services. To analyze usage trends on an aggregated basis, detect errors, and enhance user experience (for example using analytics tools such as Firebase).
• To ensure security and prevent abuse. To monitor for suspicious or fraudulent activity and protect the integrity of our systems.
• To comply with legal obligations. To maintain records, respond to lawful requests and meet statutory retention requirements.

We do not use your fingerprint images, audio recordings or uploaded images for biometric identification, authentication, marketing, or profiling beyond what is strictly necessary to deliver the ordered product.

5. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

In Short: We do not sell your data. We only share your data with Shops and service providers to the extent necessary to provide the Services, under strict confidentiality and data protection obligations.

We may share your personal data in the following limited situations:

• With Shops and contractors using our system. Our Apps are used in-house by partner jewellery shops and similar businesses to handle orders. These Shops act under our instructions when using the Apps and may process your data in order to manage your order and deliver the product to you. We require them to comply with applicable data protection laws and to handle your data securely.
• With service providers (processors). We may engage carefully selected third-party service providers who process data on our behalf and under our instructions, for example:
  • Hosting and infrastructure providers located in the EU (such as servers in Sweden).
  • Analytics providers (such as Firebase) to help us understand how the Apps are used and to improve stability and performance.
  These providers are not allowed to use your personal data for their own purposes. They act as data processors and are bound by data processing agreements that require appropriate technical and organizational security measures.
• Legal requirements and protection. We may disclose your information if required by law, regulation, legal process or governmental request, or where we believe it is necessary to protect our rights, property or safety, or the rights, property or safety of our users or others.

We do not sell, rent or otherwise share your biometric data (fingerprint images, audio recordings, uploaded images) with third parties for marketing or unrelated purposes.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: Our Apps may use SDKs and similar technologies (such as Firebase) to collect technical and usage data.

In mobile apps, tracking technologies are often implemented via software development kits (SDKs) rather than cookies. We may use such technologies for:

• Basic app analytics (for example, number of sessions, crashes, performance metrics).
• Improving stability and user experience.

Where applicable, and if required by law or by the policies of Apple App Store or Google Play Store, we will obtain your consent for analytics or tracking technologies and provide options to withdraw or adjust your preferences.

7. INTERNATIONAL TRANSFERS

In Short: Your data is primarily stored in the EU (Sweden). If data is transferred outside the EU/EEA, we implement appropriate safeguards.

Our main servers are located in the European Union, currently in Sweden. As a rule, we seek to keep your data within the EU/EEA.

If, in connection with the use of certain service providers (for example, analytics providers), personal data is transferred to countries outside the EU/EEA that do not have an adequacy decision from the European Commission, we will ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, or other lawful transfer mechanisms under the GDPR.

8. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep biometric and order-related data for as long as your account exists, or until you request deletion, unless longer retention is required by law.

We retain your personal data only for as long as necessary for the purposes described in this policy, in particular:

• Biometric and order content (fingerprints, audio recordings, uploaded images). As long as your account remains active and the Shop needs access to the order history, or until you request deletion of your account or specific content. When you request deletion, we will delete or irreversibly anonymize this data, unless we are legally required to retain it for a longer period (for example, for accounting evidence related to the transaction).
• Account and contact information. As long as your account is active and for a reasonable period thereafter, or as required by legal retention periods (for example, tax and accounting laws).
• Technical and analytics data. For the duration necessary to achieve the purposes described (security, diagnostics, analytics), typically with shorter retention periods and, where possible, in aggregated or anonymized form.

When we no longer have a legitimate need to process your personal data, we will delete it or anonymize it. If deletion is not possible (for example, because the data is stored in backup systems), we will securely store your data and isolate it from any further processing until deletion is possible.

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We implement appropriate technical and organizational measures to protect your data, but no system can be completely secure.

We have implemented a combination of technical and organizational security measures designed to protect your personal data, including:

• Encryption of data in transit using SSL/TLS (secure communication between the Apps and our servers).
• Storage of order content primarily on secure servers in the EU (Sweden).
• Access controls to limit which staff and Shops can access personal data, based on the need-to-know principle.
• Regular updates and maintenance of our systems to address security vulnerabilities.

Data is not stored permanently on the mobile device after the order is completed, beyond what is technically necessary for normal operation, reducing the risk of local device compromise. However, please be aware that no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

10. DO WE COLLECT INFORMATION FROM MINORS?

In Short: The Apps are intended for professional use by adults only. We do not knowingly collect data from or market to children under 18 years of age.

Our Apps and Services are designed for use by adult professionals working in Shops and are not directed to children. By using the Apps, you represent that you are at least 18 years of age. If we become aware that we have collected personal data from a child under 18 without appropriate authorization, we will take steps to delete such data as soon as reasonably possible.

11. WHAT ARE YOUR GDPR PRIVACY RIGHTS?

In Short: Under the GDPR, you have a number of rights in relation to your personal data, including the right to access, rectify, erase, restrict processing, data portability, object, and withdraw consent.

If you are in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with similar data protection laws, you have the following rights (subject to conditions and exceptions under applicable law):

• Right of access. You can request information about whether we process your personal data and obtain a copy of such data.
• Right to rectification. You can ask us to correct inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten"). You can request deletion of your personal data, particularly biometric and order-related data, where there is no longer a legal basis for processing.
• Right to restriction of processing. You can request that we temporarily restrict processing in certain situations (for example, while we verify the accuracy of data).
• Right to data portability. You can request to receive personal data that you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another controller where technically feasible.
• Right to object. You can object to processing based on our legitimate interests. We will then no longer process your data unless we demonstrate compelling legitimate grounds that override your interests and rights, or for the establishment, exercise or defense of legal claims.
• Right to withdraw consent. Where processing is based on your explicit consent (for example, for processing fingerprint images and audio recordings), you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal. If you withdraw consent, we may not be able to provide certain Services to you.

You can exercise your rights by contacting us at admin@eternalmemories.se or via our Support Page. We may need to verify your identity before responding to your request.

If you believe that we are processing your personal data in violation of the GDPR, you also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement. The Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) is our lead supervisory authority in Sweden.

12. DATA BREACH

A personal data breach occurs when there is accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where required by law, inform you of the breach without undue delay.

13. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal that you do not wish to have data about your online browsing activities monitored. At present, no uniform standard for recognizing and implementing DNT signals has been adopted. Therefore, our Apps do not currently respond to DNT browser signals or similar mechanisms. If such a standard is adopted in the future, we will update this privacy policy accordingly.

14. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a California resident, you may have additional rights under California law.

While our Services are primarily designed for professional use in Europe, we recognize that some users may be residents of California. To the extent that the California Consumer Privacy Act (CCPA) or other California privacy laws apply, California residents may have additional rights, such as the right to request information about categories of personal information we collect and disclose, and the right to request deletion of certain personal information. We do not sell personal information as defined under the CCPA.

To exercise any California privacy rights, you can contact us using the contact details provided below. We will not discriminate against you for exercising your privacy rights.

15. DO WE MAKE UPDATES TO THIS POLICY?

In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws and platform requirements (Apple App Store and Google Play Store).

We may update this privacy policy from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this page. The updated version will be effective as soon as it is made available. In case of material changes (for example, changes to the types of data collected or purposes of processing), we may provide additional notice, such as displaying a prominent notice in the Apps or contacting you directly.

16. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

If you have questions or comments about this policy or about how we process your personal data, you may contact us at: