1080 Services Privacy Policy
Last Updated: 12 May 2026
1. Who we are
1080Motion AB ("we", "us") operates 1080Motion. For the personal data described in this policy, we act in two different roles:
- Controller for your account data (login credentials and associated profile fields) and for technical and security data relating to your use of the Service.
- Processor for the data that our customers process through the Service we provide. For that data, our customer is the controller; please refer to their privacy policy for information on how that data is processed.
This privacy policy only covers the data that we process as Controllers.
Contact: privacy@1080motion.com
Data protection enquiries: dpo@1080motion.com
2. Data we process as controller
Account data
You must provide an email address and password to use the Service. All other information is optional.
- Email address (required)
- Password, stored in hashed form (required)
- Username (optional)
- Name (optional)
- Profile picture (optional)
Technical and security data
- IP address
- Device and browser information
- Session data
- Security-related logs
3. Purposes and legal bases
| Purpose | Personal data | Legal basis (GDPR Art. 6) |
|---|---|---|
| Provide identity management to create and maintain your user account, authenticate you, and enable you to access the customer organisations you are authorised to use | Account data | Performance of a contract. Art. 6(1)(b) |
| Communicate with you about your account and changes to our terms or policies | Account data | Performance of a contract and legal obligation. Art. 6(1)(b)-(c) |
| Maintain, secure, and improve the Service, including processing of technical data and security logs | Technical and security data | Legitimate interest in operating a secure and reliable service. Art. 6(1)(f) |
4. Sub-processors and recipients
We use the following sub-processors to deliver the Service:
- Microsoft Azure - Infrastructure hosting
- Kinde - Identity and login provider; most authentication data is stored with Kinde
- Sentry.io - Error and application logging
We share your personal data with the providers above only to the extent necessary to deliver the Service, under written agreements that include the safeguards required by Article 28 GDPR.
Where a provider processes data outside the European Economic Area, transfers take place under an appropriate transfer mechanism, typically the European Commission's Standard Contractual Clauses, together with supplementary measures where required.
5. Retention of personal data
We only retain your personal data for as long as they are necessary for the purposes for which we collected them.
- Active accounts: We retain your account data for as long as your account exists.
- After account termination: Account data is removed from our live systems within 31 days.
- Backups: We keep an immutable backup for 6 months as protection against ransomware and similar incidents, after which it is automatically deleted. Updates and deletions are tracked separately so that a backup restore does not reintroduce data that has been deleted or superseded.
- Security logs: Retained for a maximum of 90 days. This period runs independently of your account. Logs are kept for the full 90 days even if you close your account in that window. We apply a fixed retention period rather than tying it to account lifecycle because security investigations (incident response, detecting account takeover, investigating abuse) regularly involve activity by accounts that have since been closed.
6. Your rights
Under the GDPR you have the right to:
- Access your personal data
- Have inaccurate data rectified
- Have your data erased ("right to be forgotten")
- Restrict or object to the processing of your personal data
- Receive your personal data in a portable format
- Withdraw consent, where the processing is based on consent
- Lodge a complaint with your national data protection authority
To exercise any of these rights with respect to data we control, contact us at dpo@1080motion.com.
For data we process on behalf of a customer, please contact that customer directly; we will support them in responding to your request.
7. Security
We apply appropriate technical and organizational measures to protect your data, including password hashing, encryption in transit, access controls, and security logging.
8. Changes to this policy
We will notify you of material changes through the Service. The "Last updated" date above indicates when this policy was last revised.