CedarVectorLabs
Legal Framework

Regulatory Alignment & Compliance

Effective Date: 1 January 2026 · Last Updated: 1 January 2026

01

Privacy Policy

This Privacy Policy describes how CedarVectorLabs ("Controller," "we," "us," or "our"), registered at 416 64, Danska Vägen 76, Göteborg, Sweden, collects, processes, stores, and protects personal data in accordance with the European Union General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Swedish Data Protection Act (Datastskydsförordningen).

1. Data Controller Identity

The Data Controller responsible for processing your personal data is:

Entity: CedarVectorLabs

Address: 416 64, Danska Vägen 76, Göteborg, Sweden

Email: [email protected]

Phone: +46 79 263 81 90

2. Categories of Personal Data Processed

We process the following categories of personal data:

  • Identity Data: Full name, email address, and any information voluntarily provided through contact forms or direct correspondence.
  • Technical Data: IP address, browser type and version, operating system, device identifiers, and access timestamps collected automatically through our web infrastructure.
  • Usage Data: Page interaction patterns, navigation paths, and feature engagement metrics collected via analytics instrumentation.
  • Communication Data: Contents of messages, inquiries, and correspondence transmitted through our contact channels.

3. Legal Bases for Processing

We process personal data under the following legal bases as defined in Article 6(1) GDPR:

  • Consent (Art. 6(1)(a)): Where you have given explicit, informed, and freely given consent for specific processing purposes, such as marketing communications or analytics cookie deployment.
  • Contractual Necessity (Art. 6(1)(b)): Where processing is necessary for the performance of a contract to which you are a party, or to take pre-contractual steps at your request.
  • Legitimate Interest (Art. 6(1)(f)): Where processing is necessary for our legitimate interests in operating, securing, and improving our digital services, provided such interests are not overridden by your fundamental rights.
  • Legal Obligation (Art. 6(1)(c)): Where processing is required to comply with applicable legal obligations under EU or Swedish law.

4. Data Retention Periods

Personal data is retained only for the duration necessary to fulfil the purposes for which it was collected:

  • Contact form submissions: Retained for 24 months from the date of submission, after which they are permanently deleted from all systems.
  • Contractual and transactional data: Retained for the duration of the contractual relationship plus 7 years, in accordance with Swedish bookkeeping legislation (Bokföringslagen 1999:1078).
  • Analytics and technical data: Anonymised after 13 months of collection.
  • Marketing consent records: Retained for the duration of consent plus 3 years for audit purposes.

5. Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including but not limited to:

  • Encryption of personal data in transit (TLS 1.3) and at rest (AES-256).
  • Access controls with principle of least privilege enforcement.
  • Regular security assessments and penetration testing.
  • Incident response procedures with 72-hour breach notification capability in accordance with Article 33 GDPR.
  • Regular backups with tested recovery procedures.

6. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) approved by the European Commission, or verification that the destination country provides an adequate level of data protection as determined by the European Commission under Article 45 GDPR.

7. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): You may request confirmation of whether we process your personal data and obtain a copy of such data.
  • Right to Rectification (Art. 16): You may request correction of inaccurate personal data.
  • Right to Erasure (Art. 17): You may request deletion of your personal data where processing is no longer necessary or consent is withdrawn.
  • Right to Restriction (Art. 18): You may request restriction of processing in specific circumstances.
  • Right to Data Portability (Art. 20): You may request receipt of your personal data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): You may object to processing based on legitimate interests, including direct marketing.
  • Right to Withdraw Consent (Art. 7(3)): You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond to all requests within 30 days.

8. Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten), BOX 3075, 351 34 VÄXJÖ, Sweden, or with the supervisory authority of your EU Member State of residence.

02

Cookies Policy

This Cookies Policy explains how CedarVectorLabs uses cookies and similar tracking technologies when you visit our website at [email protected]. This policy is provided in accordance with the EU ePrivacy Directive (2002/58/EC) as amended by Directive 2009/136/EC, and the Swedish Electronic Communications Act (Elektronisk通讯slagen 2003:389).

1. What Are Cookies

Cookies are small text files stored on your device by your web browser when you visit a website. They serve to remember your preferences, analyse site performance, and enable core functionality. Similar technologies include local storage, session storage, and pixel tags.

2. Categories of Cookies Deployed

Essential Cookies

Strictly necessary for the operation of this website. These cookies enable core functionality such as session management, security tokens, and load balancing. They cannot be disabled. Legal basis: Legitimate Interest (Art. 6(1)(f) GDPR) / ePrivacy exemption.

Analytics Cookies

Used to collect anonymous, aggregated data about how visitors interact with our website. This helps us understand usage patterns and improve our services. These cookies are only deployed after you provide explicit consent. Examples include page load times, navigation paths, and error occurrences.

Functional Cookies

Enable enhanced functionality and personalisation, such as remembering your language preference or display settings. These cookies are only deployed after you provide explicit consent.

3. Cookie Consent Mechanism

Upon your first visit, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies. Your choice is stored in your browser's local storage and respected for subsequent visits. You may change your cookie preferences at any time by clearing your browser's local storage or by revisiting this page.

4. Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling essential cookies may impair the functionality of this website. Instructions for managing cookies in common browsers:

  • Google Chrome: Settings → Privacy and Security → Cookies
  • Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Microsoft Edge: Settings → Privacy, Search, and Services → Cookies

5. Third-Party Cookies

This website may use third-party services that deploy their own cookies, including analytics providers. These third parties act as independent data controllers for their cookie operations. We maintain a current list of all third-party cookie providers and their respective privacy policies, available upon request at [email protected].

6. Updates to This Policy

This Cookies Policy may be updated to reflect changes in technology, legislation, or our operational practices. Material changes will be communicated through the cookie consent banner upon your next visit.

03

Refund Policy

This Refund Policy governs the terms under which CedarVectorLabs, registered at 416 64, Danska Vägen 76, Göteborg, Sweden, issues refunds for services rendered. This policy complies with the EU Consumer Rights Directive (2011/83/EU) and Swedish consumer protection legislation (Konsumentköpslagen 1990:932).

1. Scope

This policy applies to all digital services, consulting engagements, and development projects contracted through CedarVectorLabs. As our services are predominantly bespoke digital deliverables, standard withdrawal rights under EU consumer law may be limited once project execution has commenced with your explicit authorisation.

2. Milestone-Based Refund Structure

All project engagements are structured around defined delivery milestones. Refund eligibility is assessed based on the completion status of each milestone:

  • Pre-Execution Cancellation: If cancellation is requested before any project work has commenced, a full refund of all advance payments will be issued within 14 business days.
  • Partial Milestone Completion: Where a milestone has been partially completed, the refund amount will be calculated proportionally based on the percentage of deliverables completed against the milestone specification.
  • Post-Completion: Once a milestone has been delivered and accepted (or 10 business days have elapsed since delivery without written objection), that milestone is considered finalised and non-refundable.

3. Defective Delivery

If delivered work materially fails to meet the specifications agreed in the project scope document, you are entitled to one round of complimentary remediation. If remediation does not bring the deliverable within specification, a proportional refund will be issued for the affected milestone.

4. Refund Request Process

To request a refund, contact us at [email protected] with:

  • Your project reference number
  • A description of the refund grounds
  • Supporting documentation (e.g., correspondence, deliverable screenshots)

All refund requests will be acknowledged within 3 business days and resolved within 30 calendar days of submission.

5. Refund Method

Approved refunds will be issued via the original payment method. Processing times depend on the payment provider and typically range from 5–14 business days. Bank transfer refunds may require additional verification steps.

6. Dispute Resolution

In the event of a refund dispute, both parties agree to attempt resolution through good-faith negotiation before pursuing alternative dispute resolution. EU consumers may also use the European Commission's Online Dispute Resolution platform at https://ec.europa.eu/consumers/odr.

04

Terms of Service

These Terms of Service ("Terms") govern your access to and use of services provided by CedarVectorLabs, registered at 416 64, Danska Vägen 76, Göteborg, Sweden ("Provider," "we," "us," or "our"). By engaging our services, you ("Client" or "you") agree to be bound by these Terms.

1. Scope of Services

Services are defined in the applicable Statement of Work ("SOW") or Service Agreement executed between the parties. The SOW specifies the scope, deliverables, timeline, and pricing for each engagement. These Terms supplement and form an integral part of every SOW.

2. Project Execution & Acceptance

Work proceeds in defined milestones as specified in the SOW. Upon delivery of each milestone:

  • The Client has 10 business days to review and provide written acceptance or detailed rejection with specific deviation notes.
  • Failure to respond within the review period constitutes automatic acceptance of the delivered milestone.
  • Accepted milestones are invoiced according to the payment schedule defined in the SOW.

3. Payment Terms

  • Invoices are issued upon milestone acceptance and are payable within 14 calendar days of invoice date.
  • Late payments incur interest at the statutory rate under the Swedish Räntelagen (1975:635), currently 8 percentage points above the Riksbank reference rate.
  • All prices are quoted in Euros (€) exclusive of applicable Value Added Tax (VAT), which will be added at the prevailing rate where required by law.
  • Expenses incurred on behalf of the Client (e.g., third-party software licences, API fees) are invoiced separately with prior written approval.

4. Intellectual Property

Upon full payment of all applicable invoices:

  • All custom code, designs, and documentation created specifically for the Client under the SOW are assigned to the Client.
  • The Provider retains ownership of all pre-existing frameworks, libraries, methodologies, and general-purpose tools used in the delivery of services.
  • The Provider grants the Client a perpetual, non-exclusive, royalty-free licence to use any Provider-owned components embedded in the deliverables.
  • The Provider may reference the engagement in marketing materials unless the Client objects in writing.

5. Confidentiality

Both parties agree to maintain the confidentiality of all non-public information disclosed during the engagement. This obligation survives termination of the agreement for a period of 3 years. Exclusions apply to information that: (a) is publicly available through no fault of the receiving party, (b) was already known to the receiving party prior to disclosure, or (c) is required to be disclosed by law or court order.

6. Limitation of Liability

To the maximum extent permitted by applicable law:

  • The Provider's total aggregate liability under any SOW shall not exceed the total fees paid by the Client under that SOW in the 12 months preceding the claim.
  • Neither party shall be liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or business opportunity.
  • These limitations do not apply to liability arising from gross negligence, wilful misconduct, or breach of confidentiality obligations.

7. Data Processing Agreement

Where the Provider processes personal data on behalf of the Client in the course of delivering services, the parties shall execute a separate Data Processing Agreement ("DPA") in compliance with Article 28 GDPR. The DPA shall specify the subject matter, duration, nature, and purpose of processing, the types of personal data, and the categories of data subjects.

8. Force Majeure

Neither party shall be liable for failure or delay in performance caused by circumstances beyond reasonable control, including but not limited to natural disasters, pandemics, war, government actions, telecommunications failures, or cyberattacks. The affected party shall notify the other party within 48 hours and use reasonable efforts to mitigate the impact.

9. Termination

Either party may terminate a SOW with 30 days' written notice. In the event of termination:

  • The Client is obligated to pay for all milestones completed and accepted prior to the termination date.
  • The Provider shall deliver all work-in-progress and associated documentation within 10 business days of termination notice.
  • Termination for material breach requires 14 days' written notice with specific breach details and an opportunity to cure.

10. Governing Law & Dispute Resolution

These Terms are governed by the laws of Sweden. Any dispute arising from or relating to these Terms or the services provided shall first be submitted to mediation administered by the Stockholm Chamber of Commerce. If mediation is unsuccessful within 60 days, the dispute shall be finally settled by arbitration under the SCC Arbitration Rules, with the seat of arbitration in Gothenburg, Sweden.

11. Amendments

These Terms may be amended by the Provider with 30 days' written notice. Continued engagement after the amendment effective date constitutes acceptance. Material changes to existing SOWs require mutual written agreement.

Contact for Legal Inquiries:

CedarVectorLabs

416 64, Danska Vägen 76, Göteborg, Sweden

Email: [email protected]

Phone: +46 79 263 81 90