Privacy policy

Effective from December 1st, 2025

Forento AB ("Forento" or "we"/"us") process personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, General Data Protection Regulation ("GDPR"), and any other Swedish laws and regulations applicable in the field of data protection. This Privacy Policy explains how we use the personal data that we collect from you when you use our Services as stated in our Terms of Use. It also describes your rights toward us and how you can exercise your rights. Capitalized terms used herein without definition shall have the meanings assigned to them in the Terms of Use.

Controller and Processor Roles

Forento acts as data controller for the personal data that we collect directly — for example, when you visit our website, create an account, subscribe, or communicate with us.

When Customers use the Forento platform to deliver their own services (such as online courses or communities), Forento acts as a data processor on behalf of those Customers. In such cases, the Customer is the data controller and responsible for informing its own end-users and enabling them to exercise their data protection rights.

If you are an end-user of one of our Customers and wish to exercise your data protection rights, please contact that Customer (the data controller) directly. Forento will assist the Customer in responding to such requests as required under our data-processing agreement.

Forento's Purposes and Legal Grounds for Processing Your Personal Data

"Personal data" means any information relating to an identified or identifiable natural person that, directly or indirectly in combination with other information, can be linked to a living, natural person. Personal data is a very broad term, and it includes the name, contact details and IP addresses of such person.

"Processing" of personal data means, including but not limited to, collecting, registering, organizing, structuring, and storing. Processing also means alteration, production, reading, listing, using, and disclosing personal data by transfer, disseminating, changing, removing as well as deletion of the personal data.

"Data subject" means an identified or identifiable person to whom personal data relates.

Forento will only process personal data to the extent necessary to fulfil the Services under the Terms of Use and for purposes which are compatible with providing the Services. Such purposes and processing may include, inter alia:

• To be able to, for marketing or information purposes, inform about us and our business, send news and information emails and similar, and should you no longer wish to receive such information, we also compile and use such information to ensure that no more emails are sent to you;
• To be able to improve our business, in particular optimizing our website, we collect the data and evaluate it;
• We may need to process certain personal data in order to fulfil an obligation under law (for example, to fulfil our obligation to keep accounts). The types of processing that may occur is dependent on what legal obligations that we have from time to time. For example, we may use the information to share your data with authorities to the extent they require us to do so;
• We may need to process certain personal data in order to safeguard our or someone else's rights and/or interests in the event of a legal claim against us or someone else. The type of processing is depending on each situation. Normally, we may need to use the data in connection with court proceedings or when having a dialogue with a counterparty or counterparty counsel;
• To be able to reconstruct, such as divide into several businesses, or if someone wishes to invest in us, acquire us or a part of us, or any of our assets, we might have to disclose your personal data to such potential investor or purchaser (who is bound by a confidentiality obligation), for instance as part of a due diligence investigation, and take other measures within the scope of the above-mentioned purpose (such as discussing with a counterparty about their findings). For the avoidance of doubt, the processing of your personal data will continually be in accordance with this policy, unless you are informed otherwise; and
• If you on your own initiative provide us with other personal data than as requested, we may process them by, for instance, compiling them in our systems and communicate with you about them by email, phone (by talking, texting or otherwise) and / or in another way.

Forento will only process personal data if we have a lawful basis for doing so. Lawful bases for processing include, inter alia, consent, contractual necessity and our "legitimate interests" or the legitimate interest of others. Forento may process personal data based on the following legal grounds in GDPR:

• In the event Forento foresees the need to process personal data for a purpose which, pursuant to applicable laws and regulations, should be based on consent (on grounds of Art. 6(1)(a) GDPR), Forento will contact you in advance, to inform you about the processing for which your consent is required before the consent is collected and ask for your consent.
• To fulfil an agreement with you or to respond to your request for customer service. The legal ground for this is that the processing is necessary for the performance of an agreement or contract to which the data subject is party or to take steps at the request of the data subject prior to entering into an agreement or contract (Art. 6(1)(b) GDPR).
• To comply with legal obligations to report to authorities and third parties. The legal ground is that processing is necessary for compliance with a legal obligation to which the data controller is subject (Art. 6(1)(c) GDPR).
• To satisfy a legitimate and justified interest of Forento in processing your personal data, such as marketing our products and services by contacting potential and existing customers via e-mail, newsletters, or letters, in order to inform them about Forento's services, offers, events and products. The legal ground for this is that the processing is necessary and that Forento has a legitimate interest (Art. 6(1)(f) GDPR) that is not overridden by the fundamental interests and freedoms of the data subjects.

Different Categories of the Data Subject's Personal Data

When you visit one of our digital channels (for example our website, social media and video sharing sites, our mobile applications, online events, digital meetings, webinars, online training etc.), as well as when you contact us via e-mail or our website's chat function, we may collect information about you, such as your name, address, postal address, e-mail address, phone number, identification data and information regarding your use of Forento's products and services. In some cases, we may process your personal identity number. Forento may also collect your personal data from other public sources and external partners from other countries. Personal data that may be collected and processed by Forento could include:

• your name, e-mail address, postal address, name and contact details of your employer, telephone number, banking information and payment details, IP address, picture, personal settings; and
• cookie files stored on your computer or your telephone (or other digital device which you may use to visit our digital channels) for the purpose of identifying your browser and to recognize your settings and preferences. You will have the right to refuse Forento's processing of personal data using cookie files.

When you make a purchase or subscription related to our Services, payment processing is handled by third-party payment providers, including Polar Software Inc. ("Polar.sh"), Stripe, Inc., or external marketplaces such as Sumo Group Inc. Each provider acts as a separate data controller for the processing of your payment information, and your personal data will be processed in accordance with their respective privacy policies:

• Stripe: stripe.com/privacy
• Polar.sh: polar.sh/legal/privacy
• AppSumo: appsumo.com/terms

Forento does not store or process full payment card details.

Third-Party Service Providers

In relation to some features offered by us, we use third-party service providers. Such third-party service providers may process your personal data in the capacity as data processors. Below, you can find links to information on how our current third-party service providers processes personal data. When you subscribe for any of the services as set forth below, we will (through the third-party service provider) process personal data in accordance with such information.

• Payment processing services are provided through Polar Software Inc. ("Polar.sh"), Stripe, Inc. ("Stripe"), and AppSumo, LLC. Their respective privacy policies apply as referenced above.
• Website building solution and thereto related services are provided through Soft Construct LLC. If you subscribe for any such services, your personal data will be processed in accordance with this Privacy Policy (as applicable from time to time):ucraft.com/privacy-policy.
• Advertising campaigns and thereto related services are provided through Nanocorp AG. If you subscribe for any such services, your personal data will be processed in accordance with this Privacy Policy (as applicable from time to time): nanos.ai/privacy-policy.
• domain names and thereto related products/services are provided through Name.com, Inc. If you subscribe for any such products/services, your personal data will be processed in accordance with this Privacy Policy (as applicable from time to time): name.com/privacy-policy.

Processing and Transfer of Your Personal Data

The Customer has through this Privacy Policy been informed about the fact that personal data will be stored in a database for the purposes described above. If Forento engages co-operation partners, Forento shall ensure that any personal data is afforded equivalent protection as prescribed in this Privacy Policy and in accordance with the GDPR. Forento may also transfer personal data to others within Forento's business operation, coordinators, co-operation partners and providers, as well as third parties, including but not limited to suppliers, cloud service providers, consultants, and authorities. Forento shall, however, only transfer personal data if Forento has a legal ground under the GDPR to do so.

Forento may also transfer personal data to a third country, i.e. a country outside the EU/EEA, or to international organizations according to applicable laws and data regulations. Forento and third parties may be based anywhere in the world, which could include countries that may not offer the same legal protections for personal data as the EU/EEA. Forento will comply with local data protection requirements and its internal global privacy standards and Forento will apply the necessary safeguards under the applicable law of the country transferring the data for such transfers.

The personal data will be, dependent on the purpose for which it is collected, archived, confidentially erased, or anonymized in accordance with applicable rules, which, in short terms, will be when it is no longer necessary. Personal data will be stored during the time it is necessary for Forento to fulfil its obligations and for the purposes set out above. Forento will bring necessary measures to provide the personal data with protection against unauthorized access and loss thereof.

The Data Subject's Legal Rights

Data subjects have the right to object to Forento's processing of the personal data such as, for example, when processed in connection with direct marketing. Data subjects also have the right to request deletion, restriction, and rectification of the personal data. If consent is withdrawn, or if the stored personal data is incorrect or irrelevant, Forento must delete, restrict, or correct such personal data.

Data subjects have the right to request information about Forento's processing of personal data. If a request is made electronically, Forento shall provide the information in an electronically readable form which is structured and commonly used. Any request from data subjects shall be answered within a reasonable period by Forento.

Forento shall, upon request, provide information about the purpose of the processing, what personal data is being processed, recipients of the personal data and, if possible, for how long the personal data will be stored. Upon request, Forento shall also provide information about the possibility to request deletion, rectification, or alteration of the personal data, as well as how to lodge a complaint to Forento or the competent supervisory authority. Furthermore, Forento shall upon request provide information about the origin of the personal data, the existence of profiling and automatic decision-making, and any transfers to third countries. If requested, Forento shall also provide the data subjects with a copy of the processed personal data.

Data subjects have the right to transfer the personal data to another data controller (data portability), as well as to lodge a complaint regarding Forento's processing of personal data. Complaints shall be submitted to Forento and/or the competent supervisory authority according to the contact details in clause 5 below.

This Privacy Policy may be updated at any time and the latest updated version may always be found on Forento's website: forento.io.

Contact Information

Forento's contact details are as follows: Forento AB, with e-mail: contact@forento.io.

The contact details of the competent supervisory authority in Sweden are as follows: The Swedish Authority for Privacy Protection (Sw. "Integritetsskyddsmyndigheten"), org.no. 202100-0050, with address Box 8114, SE-104 20 Stockholm, Sweden. The Swedish Authority for Privacy Protection can also be contacted by telephone, +46 (0)8-657 61 00, or by e-mail, imy@imy.se. For more information about the Swedish Authority for Privacy Protection, please visit: imy.se.