Privacy & Legal Counsel

Privacy & Legal Counsel

Fluxer is an open-source chat app for text, voice, and communities, built for people who want a chat product that respects their time and data. The company is based in Sweden, and our employees and contractors work remotely across countries. We are a small team, so people are expected to own their work, communicate clearly, and stay close to the users affected by their decisions. The code is public, so you can read how the product is built before you apply.

What this role is

Legal and privacy work at Fluxer is practical and close to the product. It shows up in app decisions, data subject requests, copyright disputes, vendor contracts, law-enforcement process, policy drafts, and regulatory changes. We are headquartered in Sweden and built for people everywhere, so the work sits where EU data protection, platform regulation, intellectual property, and cross-border requests meet. The right person can turn legal requirements into advice the team can actually use: precise, practical, and understandable.

What you would actually be doing

• Handling GDPR data subject requests under the Dataskyddslagen (Lag 2018:218): access, deletion, portability, rectification, and the unglamorous follow-through behind each one
• Running our notice-and-action and statement-of-reasons processes under the Digital Services Act (Articles 16, 17, and 20), keeping our point of contact and complaint handling reliable, and producing Article 24 transparency reporting
• Managing copyright takedowns, counter-notices, and edge cases around user-generated content
• Reviewing law-enforcement requests, preservation demands, and production orders, and getting us ready for the e-Evidence Regulation (EU) 2023/1543, which applies from 18 August 2026 and arrives with European Production and Preservation Orders, an addressee to designate, and response clocks (10 days as standard, 8 hours in an emergency) that do not care it is a holiday
• Keeping track of evolving EU platform and privacy obligations, including DSA implementing rules and ePrivacy developments, and turning changes into practical next steps
• Drafting and maintaining privacy notices, terms, Community Guidelines, policy pages, and internal guidance people can understand
• Helping engineering and design think about privacy early enough to avoid avoidable rework
• Reviewing data processing agreements, subprocessors, and related compliance documentation
• Talking to regulators, outside counsel, and internal teams, including IMY on data protection and PTS as Sweden's Digital Services Coordinator, when something needs a careful and precise answer

What makes someone good at this

• You have solid working knowledge of GDPR and EU data protection law, and you are comfortable with how it plays out under Swedish implementation rather than only in theory
• You have handled DMCA-style takedown workflows and the practical side of intellectual property disputes
• You have worked with real law-enforcement requests or legal process and did not panic
• You can explain legal concepts clearly to engineers, support, and safety
• You can track many deadlines without losing the important details
• You have sound judgement about when to act, when to escalate, and when to say "we should not say anything until we know what we are talking about"

Other things we would be glad to see

• Swedish data protection experience, including dealings with IMY
• A practical grip on the DSA: what it actually requires of a service our size, not only what summaries say it requires
• Familiarity with the Terrorist Content Online Regulation (EU) 2021/784 and its one-hour removal-order mechanic
• Privacy work in open-source or federated software contexts
• CIPP/E, CIPM, or an equivalent privacy credential
• Swedish or other additional languages. The work itself can be done in English, so Swedish is a bonus rather than a requirement

Who you would work with

You would be our central point for legal and privacy, working closely with trust & safety on hard cases, with engineering and design before product decisions ship, and with support on the first version of many user requests. Small team, direct lines, and a preference for advice that ends in a decision.