Privacy Policy

Cruto AB (org.no. 559330-3505), hereinafter referred to as "Leyber", "we", "us" or "our", is responsible for the processing of your personal data when you use our platform Leyber. We value your privacy and are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Swedish law. This privacy policy explains how we collect, use, store and protect your personal data.

Data Controller: Cruto AB Org.no: 559330-3505 Email: hello@leyber.com For questions about how we process your personal data, please contact us at hello@leyber.com.

We collect the following categories of personal data: Account Information: - Name - Email address - Phone number - Company information (company name, organization number) Profile Information: - Professional skills and certifications - Work history and experience - Profile picture (if you choose to upload one) - Location information (work area) Usage Data: - Information about how you use the platform - Device and browser information - IP address - Cookies and similar technologies Mobile app data (only with your consent): - Usage statistics via Firebase Analytics (e.g. which screens you visit, session length, device type, OS version, app version, pseudonymous installation ID) - Crash reports via Firebase Crashlytics (stack traces, device state at time of crash, pseudonymous installation ID) We do not collect advertising identifiers (IDFA/AAID), we do not use this data for advertising, and we do not track you across apps. Analytics and crash reporting are disabled by default and only enabled after your explicit in-app consent. You can withdraw your consent at any time via the app settings.

We process your personal data for the following purposes: Providing Our Services: - Creating and managing your account - Enabling matching between companies and subcontractors - Managing applications and project requests Communication: - Sending service-related messages - Responding to your questions and requests - Informing about updates and changes Service Improvement: - Analyzing usage patterns to improve the platform - Developing new features and services Legal Basis: We process your data based on performance of contract (when you use our services), consent (for marketing), and legitimate interest (to improve our services).

We share your personal data with the following categories of recipients: Other Users: Your profile information is displayed to other users on the platform to the extent required to enable collaboration. Service Providers: - Google Cloud / Firebase (cloud services, database, authentication, file storage, push notifications) - Firebase Analytics (mobile app usage analytics – only with consent) - Firebase Crashlytics (mobile app crash reports – only with consent) - Google Analytics (web analytics – only with consent via the cookie banner) - Google Maps (location services) All our service providers are bound by data processing agreements (DPAs) ensuring they process your data in accordance with GDPR. We never sell your personal data to third parties.

Some of our service providers (e.g., Google) may process personal data outside the EU/EEA. In such cases, we ensure appropriate safeguards are in place, such as the European Commission's standard contractual clauses or that the recipient is covered by an adequacy decision.

We retain your personal data as follows: - Active accounts: As long as your account is active - After account deletion: 2 years after you request deletion (for legal and audit purposes) - Inactive accounts: Deleted after 3 years of inactivity (with prior notice) - Accounting records: 7 years according to Swedish accounting law - Server logs: 90 days - Cookie data: According to cookie settings (typically 12-24 months)

Under GDPR, you have the following rights: - Right of access: You can request a copy of your personal data - Right to rectification: You can request correction of inaccurate data - Right to erasure: You can request deletion of your data - Right to restriction: You can request restricted processing - Right to data portability: You can receive your data in a structured format - Right to object: You can object to certain processing - Right to withdraw consent: You can withdraw your consent at any time To exercise your rights, contact us at hello@leyber.com. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) if you believe we process your data in violation of GDPR.

We use cookies and similar technologies on our platform. Cookies help us to: - Keep you logged in - Remember your preferences - Analyze how the platform is used - Improve user experience You can manage your cookie settings in your browser. Note that some features may be affected if you block cookies.

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss or destruction. This includes encryption, secure servers and regular security reviews.

We may update this privacy policy from time to time. Material changes will be notified via email or through a notice on the platform. We recommend that you regularly review this policy.