Privacy policy

Who runs the site

markalappar.se is operated by Flowbic AB, registered in Sweden. Flowbic AB is the data controller for personal data processed via this site.

Contact for privacy questions: hello@markalappar.se.

What we collect

Configurator input: the text you type (such as the name on a sticker) and the option choices you make. We use this only to produce and ship the product you ordered.

Order data: when you check out, Shopify (our commerce platform) processes your name, shipping address, email address, and order details. Card payments are handled by Shopify's payment processors — we never see card numbers.

Usage analytics: with your consent, we capture aggregated product analytics, anonymized session analytics, and error traces via PostHog (EU Cloud). IP addresses are dropped at ingestion.

What we do not collect

We do not sell or share your personal data with advertisers.

We do not embed third-party advertising or social-media tracking pixels.

Configurator text is masked in session recordings — we never receive what you type as part of analytics.

Where data is stored

Order and customer data: Shopify, in the data residency Shopify provides for EU merchants.

Custom configuration metadata and design assets: Supabase, in the eu-west-1 (Ireland) region.

Usage analytics: PostHog EU Cloud, hosted in Frankfurt, Germany. Analytics events and session-replay payloads first transit Märka's Vercel infrastructure via the /ingest reverse proxy on markalappar.se before reaching PostHog. Märka briefly handles the payload in transit but does not store it; PostHog is the controller of record for the stored event.

How long we keep it

Orders and accounting records: retained for 7 years to comply with the Swedish Bookkeeping Act (Bokföringslagen).

Usage analytics events: retained per PostHog's default retention (currently 1 year on our PostHog plan).

Session replays: retained for 30 days, after which PostHog deletes them automatically.

Configurator state stored in your browser (the URL you can share): kept only as long as you keep that URL.

Your rights

Under GDPR you have the right to access the personal data we hold about you, request rectification of inaccurate data, request erasure, restrict or object to certain processing, withdraw consent at any time, and lodge a complaint with the Swedish data protection authority (Integritetsskyddsmyndigheten, IMY) at imy.se.

How to exercise your rights

Email hello@markalappar.se with the request and we will respond within one month, as required by GDPR.

To withdraw analytics consent without contacting us, click "Cookie settings" in the footer and set the toggle to off.

Cookies and similar technologies

Strictly necessary: a Shopify cart session cookie (set by Shopify when you add items), a locale-preference cookie used by next-intl, and a localStorage entry named marka.consent.analytics.v1 that records your consent decision so we don't ask again on every visit.

Analytics (only with consent): PostHog stores a localStorage entry under the key ph_phc_x3eCcWVXp2P35csbyhZ7U9cWRb7WEWti5iykQFoh3phx_posthog containing an anonymous identifier so we can stitch together a single visit.

If you decline analytics, no PostHog identifier is created and no events are sent.

Updates to this policy

We will update this policy when our processing changes. The date at the top reflects the last material update. For material changes affecting consented analytics, we will re-prompt you for consent the next time you visit.