Privacy Policy

Last updated: April 2, 2026

Who we are

Meld is a subscription and membership management platform operated by Rhyme Sthlm AB (org. nr 556941-1118), Hammarby Fabriksväg 43, 120 30 Stockholm, Sweden.

What data we collect

Demo request form

When you request a demo, we collect your name, email address, company name, phone number (optional), and message (optional). This data is stored in our database (hosted on Supabase) so we can follow up on your request.

Server-side analytics

We collect anonymous interaction data to understand how our website is used. The event types we collect are: page views, clicks, outbound clicks, form submissions, SPA navigations (client-side route changes), and errors. Each event includes the page URL, referring URL, and browser user-agent string. We do not store IP addresses, do not store user IDs, and do not use any third-party analytics services. No personal data is collected through our analytics.

Sessions are identified using ephemeral identifiers (UUID v4) held exclusively in JavaScript memory. No cookies, localStorage, or any form of persistent storage is used. Session identifiers reset on page reload and cannot be linked to an individual. These identifiers are transmitted with each analytics event and stored server-side to group interactions within a browsing session.

From each visitor's IP address, we derive an approximate country-level location and a truncated network prefix (first two segments of the IP address). The full IP address is not stored and cannot be reconstructed from the data we retain.

Spam protection

We use Cloudflare Turnstile to protect our forms from spam. Turnstile may process limited technical data to verify that submissions come from real users. Cloudflare's privacy policy applies to this processing. No cookies are set by Turnstile in managed mode.

How we use your data

  • To follow up on your demo request
  • To understand how our website is used (aggregate, anonymous analytics)
  • To prevent spam and abuse

Our legal basis for processing analytics data is legitimate interest under GDPR (Swedish jurisdiction). We process only anonymous, aggregated data that does not identify individuals.

We do not sell, share, or transfer your personal data to third parties for marketing purposes.

Data storage and retention

Your data is stored on Supabase (hosted in the EU). Demo request data is retained for a reasonable period for follow-up and record-keeping. Analytics data is retained for 13 months, after which it is automatically deleted.

Your rights

Under GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Request data portability

To exercise any of these rights, contact us at hello@rhymesthlm.se.

Third-party services

  • Supabase database hosting (EU region)
  • Cloudflare Turnstile spam protection
  • Netlify website hosting

Contact

For questions about this privacy policy or your data, contact us at: hello@rhymesthlm.se