Privacy Policy

Last updated: 7 July 2026

Your data at a glance

We collect only what we need to provide our SaaS service, keep it secure in your chosen region, and give you full control. Here’s what matters most:

  • What we collect: Account details, IP addresses for functionality, and support communications.

  • Why: To provide your service, manage your account, and keep systems secure.

  • Where: In the Azure EU regions, plus additional data in the regions you configure during onboarding (EU, US, or Canada).

  • How long: Application data is deleted 90 days after cancellation; contact information is kept 5 years for accounting.

  • Your rights: Access, correct, delete, or export your data at any time.

1. Who we are

Data Controller

Data protection contact

2. What personal data we use

Account & service data

  • Contact information: name, email, and company name.

  • Account access: username and encrypted password.

  • Service usage: IP addresses, access logs, and session data.

  • Analytics data: service performance, feature usage, and error tracking for observability.

  • Support: messages sent through our HeroDesk system.

We don’t collect

  • Payment details (handled by Azure Marketplace).

  • Data from third parties for marketing purposes.

3. Why we process your data

Purpose

Legal reason

Data used

Provide your SaaS service

Contract with you

Account details, usage data

Account management

Contract with you

Contact info, credentials

Website analytics

Your consent (via our cookie banner)

Cookie identifiers, website usage data

Service improvement & observability

Our legitimate interest in service quality

Error logs, performance metrics

Customer support

Contract with you

Support communications

System security & logs

Our legitimate interest in security

IP addresses, access logs

Legal obligations

Required by law

Contact info for accounting (5 years)

Our legitimate interests: we use IP addresses and logs to protect against security threats and ensure service availability. We analyse service performance and usage patterns to improve functionality and fix issues. We balance this against your privacy rights and only keep what is necessary. Website analytics that rely on cookies are used only where you have given consent (see section 8).

4. Who we share data with

We only share your data with these service providers:

  • Microsoft Azure: cloud hosting (in your chosen region).

  • TwentyCRM: customer relationship management.

  • HeroDesk: support system (365-day retention).

  • Google Analytics: website analytics (GA4), used only with your consent.

All providers use standard contractual clauses and appropriate security measures.

5. Where your data goes

Your choice of region

You select where your application data is stored and processed:

  • Available regions: EU, United States, Canada.

  • Data stays: in your chosen region for processing.

  • No unexpected transfers: your data doesn’t leave your region.

Service provider transfers

Some providers may process data outside the EU:

  • Microsoft Azure: EU/EEA data residency; any transfers to the US rely on the EU-US Data Privacy Framework and Standard Contractual Clauses.

  • Google Analytics: transfers to the US rely on the EU-US Data Privacy Framework and Standard Contractual Clauses.

  • Others: Standard Contractual Clauses where needed.

6. How long we keep data

Data type

Retention period

Why

Application data

Deleted 90 days after cancellation

Service termination

Contact information

5 years after cancellation

Danish accounting law

Analytics data

24 months, or until service termination

Service improvement and observability

Support messages

365 days (auto-deleted)

Customer service

Security logs

As needed for security

Legitimate security interests

7. Your rights

You have these rights regarding your personal data:

  • Access — get a copy of your data.

  • Correct — fix inaccurate information.

  • Delete — request deletion of your data. We’ll delete what we’re not legally required to keep. Information we need to meet Danish accounting and audit obligations is retained for the statutory period (see section 6) and deleted once that period ends.

  • Restrict — limit how we use your data.

  • Export — get your data in a usable format.

  • Object — stop processing based on legitimate interests.

  • Withdraw consent — where we rely on your consent.

To use your rights: email security@just-software.com.

Response time: within 1 month (this may extend to 2 months for complex requests).

8. Cookies and similar technologies

Our website uses a small number of cookies. We manage these through a consent banner: strictly necessary cookies that remember your consent choices are set automatically, and analytics cookies are set only if you accept them. You can change or withdraw your choice at any time through the cookie settings on our site.

We currently use:

  • Strictly necessary —CookieScriptConsent, which stores your cookie consent preferences so the banner works correctly.

  • Analytics (Google Analytics 4) —_ga and _ga_JV20MK4KVJ, which help us understand how visitors use the site so we can improve it. GA4 does not store your IP address.

For a current, detailed list of every cookie — its provider, purpose, and lifetime — see our cookie report. It is scanned regularly and reflects the cookies actually in use.

9. Security and automated processing

Data security

We protect your data with:

  • Encryption in transit and at rest.

  • Access controls and authentication.

  • Regular security monitoring.

  • Secure Azure infrastructure.

We constantly monitor the security landscape to ensure our systems are continously kept secure.

10. Children’s data

Our service isn’t intended for anyone under 16. If we learn we’ve collected data from someone under 16 without proper consent, we’ll delete it.

11. Complaints

If you’re unhappy with how we handle your data, you can complain to:

Datatilsynet (Denmark)

EU residents: you may also contact your local data protection authority.

12. Changes to this policy

We may update this policy and will:

  • Post changes on this page.

  • Update the “Last updated” date.

Changes take effect when posted.

13. Contact us

Just Software, Automatikvej 1, 3., 2860 Søborg, Denmark.