Compys
Log inGet started

GDPR information

Last updated: Apr 19, 2026

This page explains how individuals protected by the General Data Protection Regulation (GDPR) can exercise their rights when Compys AB processes personal data. It is informational and does not replace legal advice. For the full description of the personal data we process, why we process it, and who we share it with, see our Privacy Policy.

Controller

The controller of your personal data is Compys AB (org.nr 559527-0710), a Swedish limited company (aktiebolag) with its registered address at Briljantgatan 50 c, 421 49 Västra Frölunda, Sweden. For data protection questions or requests, contact us at jonathan@compys.com.

We have not appointed a Data Protection Officer, as we are not required to under GDPR Art. 37. We have not appointed an Article 27 representative in the European Union because Compys AB is established in the EU. Compys currently serves users in Sweden; if we begin actively offering the Service to users in the United Kingdom, we will appoint a UK GDPR Article 27 representative and publish their contact details here.

Scope

Compys currently serves users based in Sweden. If you are based elsewhere in the European Economic Area and use the Service, you are protected by the same GDPR rights described below.

Legal bases we rely on

  • Performance of a contract (Art. 6(1)(b)) — creating and operating your account, matching talent with startups, and providing paid subscriptions.
  • Legitimate interests (Art. 6(1)(f)) — keeping the Service secure, preventing fraud, analyzing product usage on server-side data, and improving matching quality. You can object to processing based on legitimate interests at any time.
  • Consent (Art. 6(1)(a)) — optional features such as newsletters and any non-essential cookies we may introduce. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) — tax and bookkeeping obligations under Swedish law, including retention of billing records under the Swedish Bookkeeping Act (Bokföringslagen).

Your rights

Depending on the circumstances, you have the right to:

  • Access the personal data we hold about you and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Erasure ("right to be forgotten") in the cases set out in GDPR Art. 17.
  • Restrict processing where one of the grounds in GDPR Art. 18 applies.
  • Data portability for personal data you have provided to us that we process on the basis of contract or consent, where technically feasible.
  • Object to processing based on our legitimate interests, and to object at any time to processing for direct marketing purposes.
  • Withdraw consent where processing is consent-based; this does not affect the lawfulness of processing carried out before withdrawal.
  • Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects. See "Automated decision-making" below.
  • Lodge a complaint with a supervisory authority.

How to exercise your rights

Many actions are available directly in the application:

  • Access and rectification: view and edit your profile and account information from Profile → Settings.
  • Erasure: delete your account from your account settings. This removes your profile, user record, job postings you created, and saved jobs. Some information may remain with our processors under their own retention rules (for example, payment records held by Stripe and authentication identifiers held by Google Firebase) and in records we are legally required to keep, such as billing records retained under the Swedish Bookkeeping Act.
  • Communications preferences: manage notification preferences from your settings.

For any other request, or if you need help with one of the actions above, email us at jonathan@compys.com. We may need to verify your identity before responding. We will reply within one month of receiving your request; this period can be extended by up to two further months for complex or numerous requests, in line with GDPR Art. 12.

International transfers

Primary processing takes place in Microsoft Azure West Europe (Netherlands). Some sub-processors, in particular Google (Firebase Authentication) and Stripe, may process personal data in the United States. Where personal data is transferred outside the European Economic Area we rely on the European Commission's Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework. For the current list of sub-processors, see our Privacy Policy.

Automated decision-making

We use software-assisted matching and ranking to help companies discover relevant candidates and to help candidates find relevant opportunities. We do not make decisions with legal or similarly significant effects about you based solely on automated processing within the meaning of GDPR Art. 22. Hiring, interview, and offer decisions are made by the employers who use the Service.

Cookies

For the cookies and similar technologies we use, see our Cookie Policy.

Complaints

If you believe our processing of your personal data infringes the GDPR, you can lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se. If you live in another EEA country, you can also contact your local supervisory authority. We would appreciate the chance to address your concern first by emailing jonathan@compys.com.

Changes

We may update this page when our practices or the law change. We will post the updated version here and change the "Last updated" date at the top of the page.