Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

2. Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

When you contact us, request a consultation, or use our services, you may provide:

• Name and contact information (email, phone number)
• Company name and job title
• Project details and business requirements
• Messages and communication records

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical data:

• IP address (anonymized where possible)
• Browser type and version
• Device type and operating system
• Pages visited, time spent, and navigation patterns
• Referring website URL

2.3 Chatbot Interactions

Our website features an AI-powered chatbot to assist you with questions about our services. When you interact with the chatbot, the messages you send are processed by Microsoft Azure OpenAI services to generate responses. We do not use chatbot conversations to train AI models. Chat data is not stored beyond the duration of your browsing session unless you submit a contact request through the chatbot.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide our services: responding to your inquiries, delivering consulting and development services, and managing client relationships
• To improve our website: analyzing usage patterns to optimize site functionality, performance, and user experience
• To communicate with you: sending relevant information about our services, responding to requests, and providing support
• To ensure security: protecting our website, systems, and users from unauthorized access, fraud, and abuse
• To comply with legal obligations: fulfilling legal, regulatory, and contractual requirements

4. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases to process your personal data:

• Consent (Art. 6(1)(a)): for non-essential cookies and direct marketing communications. You may withdraw consent at any time
• Contractual necessity (Art. 6(1)(b)): to perform a contract with you or take steps at your request prior to entering into a contract
• Legitimate interests (Art. 6(1)(f)): for website analytics, security, and improving our services, where our interests do not override your rights
• Legal obligation (Art. 6(1)(c)): to comply with applicable laws and regulations

5. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Cookies are small text files placed on your device to help us provide a better browsing experience.

5.1 Essential Cookies

These are necessary for the website to function and cannot be switched off. They include cookies for session management and cookie consent preferences.

5.2 Functional Cookies

These cookies remember your preferences (such as language selection) to provide a more personalized experience.

5.3 Analytics Cookies

We use analytics to understand how visitors interact with our website, which helps us improve content and usability. Analytics data is aggregated and does not directly identify you.

5.4 Third-Party Services

Our website loads fonts from Google Fonts. When you visit our site, your browser may connect to Google's servers to retrieve font files. Google's privacy policy applies to this data transfer. No other third-party advertising or tracking scripts are used on this website.

You can manage your cookie preferences at any time through our cookie banner or through your browser settings. Disabling certain cookies may affect website functionality.

6. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with the following categories of recipients only as necessary:

• Cloud service providers: our website and services are hosted on Microsoft Azure. Data is processed within the EU/EEA
• AI service providers: chatbot interactions are processed through Microsoft Azure OpenAI. Microsoft acts as a data processor under a Data Processing Agreement
• Professional advisors: legal, accounting, and other professional services as required
• Law enforcement: if required by law or to protect our legal rights

All third-party processors are bound by contractual obligations to protect your data and process it only according to our instructions.

7. International Data Transfers

We primarily process and store data within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, when loading Google Fonts), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or an adequacy decision.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Contact inquiries: retained for up to 12 months after the last communication, unless a business relationship is established
• Client project data: retained for the duration of the engagement and up to 36 months after completion for follow-up and warranty purposes
• Chatbot conversations: not stored beyond your browsing session
• Website analytics: aggregated data retained for up to 26 months
• Accounting and legal records: retained as required by Swedish law (typically 7 years for financial records)

When data is no longer needed, it is securely deleted or anonymized.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication mechanisms
• Regular security assessments and vulnerability testing
• Secure hosting on Microsoft Azure with enterprise-grade security
• Staff awareness and data handling procedures

10. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

• Right of access (Art. 15): request a copy of the personal data we hold about you
• Right to rectification (Art. 16): request correction of inaccurate or incomplete data
• Right to erasure (Art. 17): request deletion of your data ("right to be forgotten"), subject to legal obligations
• Right to restriction (Art. 18): request that we limit how we process your data
• Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interests, including profiling
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us using the details in Section 12 below. We will respond to your request within 30 days. If we need additional time, we will inform you of the extension and the reasons for the delay.

11. Supervisory Authority

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. In Sweden, the relevant authority is:

12. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact us at:

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any significant changes will be communicated through a notice on our website. We encourage you to review this page periodically. The "Last Updated" date at the top indicates when the policy was most recently revised.