Melonslab, a trade name of Hypefox AB (org. no. 559570-6416), with its registered office at Hyllie Stationstorg 31, 215 32 Malmö, Sweden, is the controller of the personal data described here. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Swedish data protection law.
1. Personal data we collect
Account and contact data — name, email address, billing address, phone number and any company details.
Billing data — your orders and invoices. Full card details are handled directly by our payment providers and are not stored by us.
Technical and usage data — IP address, device and browser information, server and access logs, and cookie data.
Communications — messages you send to support and related correspondence.
2. Why we process data and our legal bases
To provide the Services and perform our contract with you (GDPR Art. 6(1)(b)) — creating your account, delivering and supporting services, and processing payments.
To comply with legal obligations (Art. 6(1)(c)) — such as accounting and tax records under the Swedish Bookkeeping Act.
For our legitimate interests (Art. 6(1)(f)) — securing and improving the platform, preventing fraud and abuse, and inviting customers to review our service.
With your consent (Art. 6(1)(a)) — for non-essential cookies, analytics and marketing, which you can withdraw at any time.
3. Cookies, analytics and consent
We use cookies and similar technologies. Consent for non-essential cookies is managed through our consent management platform CookieYes — see CookieYes’s Terms of Service and Privacy Policy.
Subject to your consent, we use Google Analytics and Google Tag Manager to understand site usage (see Google’s Privacy Policy and how Google uses data), and the Microsoft Advertising UET tag for Bing conversion tracking (see the Microsoft Privacy Statement).
4. Who we share your data with
Payments — Stripe and PayPal process your payments (Stripe privacy, PayPal privacy).
Domains — Openprovider processes domain orders and may publish registrant data as required by registries and ICANN (Openprovider privacy).
Reviews — after a purchase we share your email address with Trustpilot so it can invite you to leave a review (Trustpilot privacy). You can decline or unsubscribe at any time.
Analytics and advertising — Google and Microsoft, as described above.
We share only what is necessary, and our processors are bound by data processing agreements.
5. International transfers
Our infrastructure is operated in Sweden. Some processors (such as Stripe, PayPal, Google, Microsoft and Trustpilot) may process data outside the EU/EEA. Where they do, transfers are safeguarded by an adequacy decision or the European Commission’s Standard Contractual Clauses.
6. How long we keep your data
We keep personal data for as long as you have an account and as long as necessary for the purposes above. Invoicing and accounting records are retained for seven (7) years under the Swedish Bookkeeping Act. Logs and technical data are kept for a limited period for security and troubleshooting.
7. Your rights under the GDPR
You have the right to access, rectify, erase or restrict processing of your personal data, to data portability, and to object to processing based on legitimate interests. Where processing is based on consent, you can withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact compliance@melonslab.com. We will respond without undue delay and within one month, and may need to verify your identity first.
8. Complaints
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se, or with the data protection authority in your EU/EEA country of residence.
9. Security
We apply appropriate technical and organisational measures — including access controls, encryption in transit, network isolation and monitoring — to protect personal data against unauthorised access, loss or misuse.
Where a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the Swedish Authority for Privacy Protection (IMY) and, where required, affected individuals, in line with the GDPR.
10. Changes to this Policy
We may update this Privacy Policy from time to time. We will make reasonable efforts to inform you of material changes, but we reserve the right to update it at any time. The Swedish-language version prevails in the event of any discrepancy.
11. Contact
For privacy questions or to exercise your rights, contact compliance@melonslab.com. This Policy is governed by Swedish law and subject to the courts of Malmö, Sweden.