Skip to main content
CONSHULTOCRACY

Privacy Policy

Last updated: 2026-01-06

1. Introduction

Conshultocracy AB, org. no. 559419-4697 ("Conshultocracy", "we", "us"), is the data controller for the processing of your personal data in connection with the use of our services.

This privacy policy describes how we collect, use, store, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection legislation.

By using our services, you consent to the processing of your personal data according to this policy.

2. What Personal Data Do We Collect?

2.1 Data you provide

  • Account information: Name, email address, password (encrypted), organization name, organization number
  • Billing information: Company address, contact person, payment information (handled by Stripe)
  • Contact information: Information you provide via contact forms

2.2 Data we collect automatically

  • Usage data: Information about how you use the service, including number of screenings, timestamps, and usage patterns
  • Technical information: IP address, browser type, device information
  • Login logs: Timestamp and status of login attempts

2.3 Screening data

Privacy by Design: We do not store screening results

Screening reports are generated in real-time and downloaded directly to your device. We do not store the results of your screenings on our servers. Only metadata about completed screenings (date, company name) is logged for usage statistics.

3. Nature of Screening Outputs

Important: Recommendations, Not Automated Decisions

Our screening services generate recommendations (such as GO, CAUTION, or STOP indicators) based on aggregated data from multiple sources. These outputs are:

  • Initial recommendations only – They represent one input among many that you may consider in your decision-making process
  • Not automated decisions – The application does not make any decisions on your behalf. All decisions rest solely with you, the user
  • Indicative, not conclusive – Results should be verified through your own due diligence processes before any business decisions are made
  • Supporting information – The recommendations are designed to support and inform your professional judgment, not replace it

You retain full control and responsibility for any decisions made based on information obtained through our services. We strongly recommend that screening results be reviewed by qualified personnel and supplemented with additional verification as appropriate for your specific use case.

4. Why Do We Process Your Personal Data?

PurposeLegal Basis
Provide and administer the servicePerformance of contract
Manage subscriptions and billingPerformance of contract
Send service-related communicationsPerformance of contract
Track usage and prevent abuseLegitimate interest
Improve and develop the serviceLegitimate interest
Fulfill legal obligations (accounting, tax)Legal obligation

5. How Long Do We Keep Your Data?

We retain your personal data only for as long as necessary for the purposes described in this policy:

  • Account information: As long as you have an active account, plus 12 months after termination
  • Billing information: 7 years according to Swedish accounting law (Bokföringslagen)
  • Usage logs: 24 months
  • Screening metadata: 24 months (only date and company name)
  • Contact inquiries: 12 months

6. Who Do We Share Data With?

We share your personal data with the following categories of recipients:

6.1 Service Providers (Data Processors)

ProviderPurposeLocation
SupabaseDatabase hosting, authenticationEU
StripePayment processingEU/USA*
VercelWeb hostingEU/USA*
ResendEmail deliveryUSA*

* Transfer to USA is made pursuant to the EU-US Data Privacy Framework or Standard Contractual Clauses (SCC).

6.2 Data Sources for Screening

When you perform screenings, queries are sent to external data sources (sanctions lists, company registers, news databases). These services receive the search terms but not your personal data.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: You have the right to receive information about what personal data we process about you and to obtain a copy of this data.
  • Right to rectification: You have the right to request correction of inaccurate or incomplete data.
  • Right to erasure: You have the right to request deletion of your personal data under certain circumstances ("right to be forgotten").
  • Right to restriction: You have the right to request restriction of the processing of your data.
  • Right to data portability: You have the right to receive your data in a structured, machine-readable format.
  • Right to object: You have the right to object to processing based on legitimate interest.
  • Right to withdraw consent: If processing is based on consent, you may withdraw it at any time.

To exercise your rights, contact us at conshultocracy@gmail.com.

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction. This includes:

  • Encryption of data in transit (HTTPS/TLS)
  • Password encryption (bcrypt)
  • Access controls and authentication
  • Regular security reviews
  • Row Level Security (RLS) in the database

9. Cookies

Our service uses only necessary cookies for the service to function:

  • Session cookies: To manage login and authentication. These are deleted when you close your browser.
  • Authentication cookies: To keep you logged in between sessions if you choose to stay logged in.

We do not use tracking cookies, analytics cookies, or marketing cookies.

10. Third-Party Screening and Legitimate Interests

Our service enables screening of third-party companies. If you use the service to screen other companies or individuals:

  • You are responsible for having a legitimate purpose (e.g., due diligence, compliance, know your customer)
  • Screening results are downloaded to your device and are not stored by us
  • You are responsible for proper handling of the information you obtain

11. Changes to This Policy

We may update this privacy policy from time to time. For material changes, we will notify you via email or through a notice in the service.

The latest version of the privacy policy is always available on this page.

12. Supervisory Authority

If you believe that we process your personal data in violation of GDPR, you have the right to file a complaint with the supervisory authority:

Swedish Authority for Privacy Protection (IMY)

Box 8114

104 20 Stockholm, Sweden

Website: www.imy.se

13. Contact Information

For questions about this privacy policy or our handling of personal data, contact us:

Conshultocracy AB

Org. no: 559419-4697

Svartbäcksgatan 133

753 34 Uppsala

Email: conshultocracy@gmail.com

← Back to home