NorthWhistle App Privacy Policy

We take your privacy seriously

Last updated: April 25 2024

Nebulr AB is committed to protecting the privacy of all personal data we collect, process and store. This Privacy policy applies when you use our website, products and services

This policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and how we keep it secure. We also explain your rights as a data subject and how you can exercise them.

Information We Collect

Information we collect falls into one of two categories: ‘voluntarily provided’ information and ‘automatically collected’ information.

‘Voluntarily provided’ information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.

‘Automatically collected’ information refers to any information automatically sent by your devices in the course of accessing our products and services.

When visiting our website

We collect personal data when you fill out web forms or use our site, e.g. to book a meeting, sign up for a webinar, or request customer support. We may ask for your name, email, job title, etc. Some of our sites can be used without giving us your personal data.

When you report a case to your company through our system

At Northwhistle we want to keep you safe when you report a case. That is we will collect as little information as possible:

  1. reporting with NorthWhistle will always keep you completely anonymous at all times.


  2. When reporting a case,  Northwhistle does not track or store any metadata, IP addresses,phone numbers, or any other information apart from what you decide to disclose in your report.
  3. case-specific data is automatically deleted 30 days after the case is closed.

Personal information about any individual you decide to disclose in your report will be stored by the service provider NorthWhistle for the duration of handling the case. This in order to enable the receiving case manager to be able to handle the case and conduct the best investigation possible.

When managing cases in our service

On behalf of our customers we collect personal data. Our customers, as data controllers, are responsible for complying with any regulations or laws. We do not control our customers webpages or the data they choose to collect from them.

Usage data

We collect usage data when you our your users interact with our products or services. The usage data includes metrics and information regarding your usage such as how often a feature is used, for how long it was used and how many users you have. We also log security events like failed login attempts and other important events so that we can protect the service and its users. 

Log Data

If you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.

Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance we only collect personal information that is reasonably necessary to provide our services to you. And only with your consent.

Personal information

We may ask for personal information — for example, when you submit content to us or when you contact us — which may include one or more of the following:

  • Name
  • Email
  • Phone number
  • Home/mailing address
  • Company Name
  • Login Information
  • Billing contact information
  • Billing address
  • Organization number
  • Credit card or bank account information

Sensitive Information

‘Sensitive information’ or ‘special categories of data is a subset of personal information that is given a higher level of protection. Examples of sensitive information include information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation, sexual practices or sex life, criminal records, health information, or biometric information.

The types of sensitive information that we may collect about you include:

  • information related to whistleblowing cases

We will not collect sensitive information about you without first obtaining your consent, and we will only use or disclose your sensitive information as permitted, required, or authorised by law.

Collection and Use of Information

These are the purposes for which we may collect personal data

To provision the service

We use your account and user information to provide the product and services to you. For example, we use your email address to create a user account to allow you to login and we use your payment information to process payments.

To secure and protect our products and services

We use your account information to investigate and help prevent security incidents. We may also use this information to meet legal requirements. We use your information to verify user accounts, new product sign-ups, and to detect and prevent product abuse.

To communicate with you about the product and services

We use the account information you provide when signing up to send you transactional emails or in-app notification about billing, account management, and other administrative matters. We may also send you updates regarding our Customer Terms of Service or other legal agreements, and may also communicate with you about security incidents via email or in-app notification. 

We use your information to provide customer support, such as resolving technical issues you encounter and analyzing product outages or bugs.

Account and User information

We collect account and user information when you sign up, create or modify users information, for one of our products or services. During this process we might ask for the following information:

Payment information

We collect payment and billing information when you register for one of our paid products or services. We use third party service providers to facilitate payment processing. We may as for the following information:

Customer testimonials

We might use your personal information when we post customer testimonials on our websites. This is not not done before getting each customer’s consent for publishing.

We may share your personal data with the following third parties:

Third parties

We use third-party service providers to help with our websites, products, and services, such as data hosting, application development, and marketing. We may need to share your information with these service providers to provide you with information about our products or services. These service providers are only allowed to use your information for the specific purposes we share it with them for, and they must keep your information confidential. We require all third-party service providers to agree to our privacy and data protection policies.

You can see a list of our sub-processors here


We share data with trusted partners that contacts you based on your request, provide sales support, customer support, help us perform data analysis and recruitment events. Partners are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your data.

Corporate events

If Nebulr is acquired by another company through merger, acquisition, or bankruptcy, that company will receive all information collected by Nebulr on the websites and subscription service. We will notify you by email or website notice of any changes in ownership or use of your personal data, and any choices you may have regarding your personal data.

Communities and forums

We have message boards, blogs, and forums on our websites that can be accessed by the public. If you post information on these public forums, it can be seen and used by anyone who visits the websites, even after you delete your account. We recommend being cautious about what information you share on these public forums. If you want us to remove any information you posted on these websites please contact us.

Legal reasons

We may use or share your personal information if required by law or if we think it’s necessary to protect our rights or your safety, investigate fraud, or comply with a legal order. 

Your Rights and Controlling Your Personal Information

You have the following rights as a data subject:

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.

Access: You may request details of the personal information that we hold about you.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example providing user support), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.

Downloading of Personal Information: We provide a means for you to download the personal information you have shared through our site. Please contact us for more information.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Unsubscribe and Requesting to delete data: To unsubscribe from our email database or opt-out of communications (including marketing communications) or to delete your data, please contact us using the details provided in this privacy policy, or opt-out using the opt-out facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.


Data Security

When we collect and process personal information, and while we retain this information, we will protect it within the highest commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.

You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.

For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.

How long we keep your data

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.

However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

Childrens Privacy

We do not aim any of our products or services directly at children under the age of 13 and we do not knowingly collect personal information about children under 13.

Changes to this Privacy Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.

If required by law, we will get your permission or give you the opportunity to opt in to or opt-out of, as applicable, any new uses of your personal information.

Contact Us

Do you have any questions or comments on the subject of data protection, particularly as concerns information on the data stored about you? Do you want information about your data, the data we have stored, or to check, amend or delete your data? Do you want to limit our processing of your data or object to it?

Contact the Nebulr Group Data Protection Officer at oscar(at)

Nebulr AB
Völundsgatan 7
11321 Stockholm