Privacy Policy

Last updated: 2026-05-19

Axaco Event System AB (“we", “us", “our") provides the Air Companion app as a free service for event attendees and exhibitors. This Privacy Policy explains what personal data we collect, why we collect it, how it is stored, and your rights under the General Data Protection Regulation (GDPR) and applicable Swedish law.

By using the app you agree to the practices described in this policy.

1. Data Controller

Axaco Event System AB
Org.nr: 556461-2108
Address: Box 353, 184 24 Åkersberga, Sweden
E-mail: info@axaco.se

2. Data We Collect and Why

2.1 Account and authentication

When you log in we collect your e-mail address and an authentication token issued by our server. This is required to access your event bookings and the app’s services. Legal basis: contract (Art. 6(1)(b) GDPR).

2.2 Profile card

You may voluntarily create a digital business card containing: first name, last name, e-mail, phone number, job title, company, website URLs, a short presentation/bio, and a profile photo. This information is stored on your device. If you add a profile photo it is also uploaded to and stored on Axaco’s servers so it can be included in your QR card and shared via AirDrop or vCard. Legal basis: consent (Art. 6(1)(a) GDPR). You can delete your photo at any time from within the app.

2.3 Lead scanning

If your event includes a lead-scanning feature, you can scan other attendees’ QR badges to capture their contact details. The following data is captured from the scanned badge and stored locally on your device only: name, e-mail, phone number, job title, company, website URLs, a bio/presentation, a profile photo (if included in the badge), and the date/time of the scan.

You may also add personal notes and a lead-temperature rating (cold/warm/hot) to each scanned record.

Lead data never leaves your device unless you explicitly choose to export it (e.g. as an Excel file via the share sheet) or save a contact to your device’s address book. Axaco does not receive or process scanned lead data.

As the person scanning and storing another attendee’s contact details, you act as an independent data controller for that data. You are responsible for handling it in accordance with GDPR, including ensuring you have a lawful basis for the processing. Legal basis for Axaco providing the scanning tool: legitimate interest in supporting event functionality (Art. 6(1)(f) GDPR).

2.4 Push notifications

With your permission, we register your device’s push notification token with our servers to send you event-related notifications. Legal basis: consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time in your device’s notification settings.

2.5 Log data

In the event of an app error, diagnostic information may be collected, including your device model, operating system version, and a timestamp. This data is used solely for debugging and improving the app. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

3. Device Permissions

  • Camera: Used for QR badge scanning and taking a profile photo. Only active when you initiate a scan or select the camera option.
  • Photo library: Used only if you choose to select a profile photo from your library.
  • Contacts: Used only if you choose to save a scanned lead to your device’s address book. The app does not read your existing contacts.
  • Calendar: Used only if you choose to create a meeting from a lead record. The app does not read your existing calendar data.
  • Face ID / Touch ID: Optional biometric re-authentication for app access. Biometric data is processed entirely by iOS and is never accessed or stored by Axaco.

4. Data Storage and Retention

Account tokens and event content are stored securely on your device (Keychain and local cache). Profile photos are stored on Axaco’s servers for as long as you keep them in your profile. Lead records are stored locally on your device until you delete them. You can delete the app at any time to remove all locally stored data.

5. Data Sharing

We do not sell your personal data. Data may be shared only in the following limited circumstances:

  • With the event organiser who issued your booking, to the extent required to deliver the event service.
  • With infrastructure providers (e.g. hosting) acting as data processors under a data processing agreement with us.
  • When required by law or a competent authority.

6. Your Rights Under GDPR

You have the right to: access the personal data we hold about you; correct inaccurate data; request erasure (“right to be forgotten"); restrict or object to processing; and data portability. To exercise any of these rights, contact us at info@axaco.se. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, imy.se).

7. Security

Authentication tokens are stored in the iOS Keychain. Network communication uses HTTPS. We apply commercially reasonable measures to protect your data, but no method of electronic transmission or storage is completely secure.

8. Children’s Privacy

The app is not directed at children under 13. We do not knowingly collect personal data from children under 13. If we become aware of such collection we will delete it promptly.

9. Links to Other Sites

The app may display links to external websites. We have no control over and take no responsibility for the content or privacy practices of those sites.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted at this URL with a revised date. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact

For questions, data requests, or concerns about this Privacy Policy, contact us at info@axaco.se.