
Privacy Policy
How Theoflow ApS (Tables) processes personal data.
Last updated: 25 June 2026, Theoflow ApS, CVR 45593185
When you, as a customer, upload or process contacts and data in Tables, we process that data on your behalf (we act as data processor). That is governed by our Data Processing Agreement (DPA), not this policy. This policy describes the cases in which we ourselves are the data controller.
1. Who is the data controller
The data controller for the processing described in this policy is:
Theoflow ApS
CVR no. 45593185
Universitetsbyen 71, 8000 Aarhus C, Denmark
Email: privacy@tables.so
2. When this policy applies
This policy applies when:
- you visit our website tables.so,
- you are a customer or user of the Tables service, or
- your business contact information is included in our contact database (our B2B sales and prospecting database).
3. Cookies and similar technologies on the website
When you visit tables.so, we use cookies and similar technologies. Strictly necessary technologies that make the site work and keep it secure are used without consent. All others (statistics, marketing and functional) are only used once you have given consent in our cookie banner. You can change or withdraw your consent at any time via the cookie settings on the site.
Legal basis: your consent for non-necessary technologies (Article 6(1)(a) of the GDPR and the applicable cookie rules). For necessary technologies, the basis is our legitimate interest in the site working and being secure.
We use the following technologies:
| Category | Technology | Purpose | Consent |
|---|---|---|---|
| Necessary | Consent choice | Remembers your cookie choice | No |
| Necessary | Sanity (CMS) | Delivery of page content | No |
| Necessary | Cloudflare Turnstile | Bot protection on forms | No |
| Statistics | Google Analytics 4 | Traffic and usage analytics | Yes |
| Statistics | Vercel Analytics | Page views | Yes |
| Statistics | PostHog (EU) | Product analytics and autocapture (same project as the web app) | Yes |
| Marketing | Google Ads | Conversion tracking | Yes |
| Functional | Cal.com | Meeting booking (booking page only) | Yes |
| Functional | Featurebase | Feedback widget | Yes |
Transfers to the USA: several of the providers (including Google and PostHog) may involve processing in the USA. See section 7.
4. Customers and users of Tables
When you create an account and use Tables, we process information about you as a user.
Data: name, work email, phone number, job title, company, login details, IP address, usage and log data, and payment information.
Purpose: to create and administer your account, provide and operate the service, deliver support, handle invoicing and payment, ensure operation and security, troubleshoot, improve the product, and communicate with you about the service.
Legal basis: performance of the agreement with you or your company (Article 6(1)(b)); our legitimate interest in operation, security and product improvement (Article 6(1)(f)); and legal obligations, such as retaining invoices under the Danish Bookkeeping Act (Article 6(1)(c)).
Recipients: our suppliers (data processors), including for hosting, payment (Stripe), email, analytics and communication. They only process data on our instructions.
5. Our contact database (business contacts)
To help our customers with sales and prospecting, we maintain, and give our customers access to, a database of business contact information. If you act in a professional capacity (for example, as an employee, decision-maker or contact person at a company), your business information may be included.
Categories of data: name, job title, company, work email, work phone number, links to public professional profiles, and company information. We do not process sensitive data (special categories).
Sources: the information originates from publicly available sources (for example, company websites and public professional profiles) and from third-party data providers.
Purpose: to provide a B2B sales and prospecting service in which our customers can find and contact relevant business contacts.
Legal basis: our and our customers' legitimate interest in business-to-business (B2B) sales and marketing (Article 6(1)(f)). We have balanced this interest against your rights, and the information is business-related and non-sensitive.
Your choices: you have the right to object to the processing and to request access, rectification or erasure. Write to privacy@tables.so, and we will remove your information from the database or comply with your request. See also section 9.
6. Suppliers and disclosure
We use trusted suppliers (data processors) who process personal data on our behalf and on our instructions, including for hosting and operations, database storage, analytics, email, payment, and AI-based and automated data processing and enrichment. We enter into data processing agreements with these suppliers. An up-to-date list is available on request at privacy@tables.so.
Beyond this, we only disclose personal data where we are legally required to do so, or where it is necessary to establish or defend legal claims.
7. Transfers to countries outside the EU/EEA
Some of our suppliers are established in the USA (for example, providers of analytics, hosting and AI processing). When we transfer personal data there, it is done on a valid transfer basis, primarily the European Commission's adequacy decision on the EU-US Data Privacy Framework for certified suppliers, and otherwise the European Commission's Standard Contractual Clauses (SCCs) supplemented by the necessary safeguards.
8. Retention
We retain personal data for as long as necessary for the purposes for which it was collected. Customer and account data is kept for as long as you have an account and is then deleted, unless we are required to keep it longer (for example, invoice data for 5 years under the Danish Bookkeeping Act). Website analytics are retained in accordance with the settings in our analytics tool. Information in the contact database is kept for as long as it is relevant to the service and is removed upon objection or a request for erasure.
9. Your rights
Under the GDPR you have the right to:
- access the data we process about you,
- have inaccurate data rectified,
- have data erased,
- have the processing restricted,
- object to the processing,
- receive your data in a structured, commonly used format (data portability), and
- withdraw a consent, without affecting the lawfulness of processing before the withdrawal.
To exercise your rights, please contact us at privacy@tables.so. You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, datatilsynet.dk.
10. Security
We have implemented appropriate technical and organisational measures to protect personal data against unauthorised access, loss and misuse. Data is encrypted in transit, access is limited to employees with a work-related need, and we continuously assess our level of security.
11. Changes to this policy
We may update this privacy policy. The current version is available on our website with the date of the latest update shown at the top.
12. Contact
If you have questions about this policy or about our processing of personal data, you are welcome to contact us:
Theoflow ApS
Universitetsbyen 71, 8000 Aarhus C
Email: privacy@tables.so