Last updated: 09 January 2026
This Privacy Notice explains, in practical and business-relevant terms, how PACIFIC IT SOLUTIONS AB ("Preventer.ai", "we", "us") collects, uses, discloses, and safeguards personal data when you access our AI software and cloud services (the "Services").
It is designed to comply with the EU General Data Protection Regulation (GDPR) and Swedish law, and to give customers clear expectations for day-to-day operations, support, analytics, and product improvement.
Company: PACIFIC IT SOLUTIONS AB ("Preventer.ai")
Registered office: Ängsullsvägen 153, 162 46 Vällingby, Sweden
Organization number: 5594452822
Website: https://preventer.ai
Contact: support@preventer.ai | privacy@preventer.ai
This Notice applies to processing carried out via https://preventer.ai, our web applications, APIs, SDKs, admin portals, and support channels.
Depending on the specific Service and configuration:
Where we act as a processor, customers are responsible for providing their end users with appropriate privacy notices and determining the lawful basis for processing. Our DPA (available on request) describes processor obligations, subprocessors, technical and organizational measures (TOMs), and audit/cooperation rights.
We do not seek to collect special categories of data (such as health, biometric, or union membership data). Customers must avoid submitting such data unless explicitly agreed with appropriate safeguards.
Aggregate and anonymized analytics may be derived from usage data without identifying individuals.
We rely on: contract (to deliver the Services you subscribe to), legitimate interests (service improvement, security monitoring, fraud prevention, and business analytics balanced against your rights), consent (for optional marketing and non-essential cookies), and legal obligations (accounting, tax, and responding to lawful requests).
By default, customer input and outputs processed under our processor role are not used to train general models. Customers may opt in to targeted model improvement programs (e.g., fine-tuning) subject to a separate agreement, scoping, and appropriate safeguards. If opted in, we apply strict access controls, retention limits, and data minimization. Retention: operational logs and support records are typically retained for up to 12–24 months for security and reliability; billing records follow statutory retention requirements.
Customer-controlled data stores may be configured with shorter retention periods or auto- deletion rules. We will delete or return processor data upon contract termination, consistent with the DPA and reasonable technical constraints.
We use vetted subprocessors to provide infrastructure (cloud hosting), payments, analytics, email delivery, and support tooling. Each subprocessor is bound by confidentiality and data protection terms. A current list of categories includes: cloud infrastructure provider(s), content delivery network (CDN), email service, payment processor, error logging/monitoring, customer support platform. A detailed list is available upon request and will be notified before material changes.
We may disclose data to competent authorities when legally required, and in connection with corporate transactions (merger, acquisition) subject to appropriate safeguards.
We implement layered technical and organizational measures appropriate to the risk, including: encryption in transit (TLS) and at rest for core systems; role-based access control and least-privilege access; SSO/MFA options; segregated environments; logging and alerting; vulnerability management; secure software development lifecycle (SSDLC); regular backups and disaster recovery testing; employee training and confidentiality obligations. Customers should manage their credentials, API keys, and project permissions diligently.
Primary processing occurs within the EU/EEA. If a subprocessor or support scenario requires transfers outside the EEA, we use approved transfer mechanisms (e.g., Standard Contractual Clauses) and conduct transfer risk assessments. Certain plans may offer EU-only data residency options; contact us to enable these configurations.
You may request access, rectification, erasure, restriction, portability, or object to processing. Requests should be sent to privacy@preventer.ai.
You may lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).
We use essential cookies for security and basic functionality; analytics cookies to understand usage and improve the Service; and marketing cookies where consent is provided. A cookie banner and preference center allow you to manage non-essential cookies. Browser controls also permit disabling or deleting cookies; doing so may affect certain features.
Our Services are intended for business users aged 18+. We do not knowingly collect data from children. The Services are not designed for regulated medical diagnosis, emergency systems, or other high‑risk use cases without a specific agreement and controls. Customers must ensure appropriate oversight and validation of AI outputs.
We maintain an incident response process. In the event of a personal data breach, we will assess risk, mitigate impact, and, where required under GDPR, notify the supervisory authority within 72 hours and affected customers/users without undue delay. As a processor, we will notify the controller promptly in accordance with the DPA.
Privacy inquiries and DSARs: privacy@preventer.ai
Postal address: Ängsullsvägen 153, 162 46 Vällingby, Sweden
We may update this Notice to reflect changes in law, technology, or our Services. We will post updates with a new "Last updated" date and, where material changes affect your rights or obligations, provide additional notice via email or in‑product messages.