1. Controller and contact details
Data controller: Svenochelly AB
Contact: info@svenskly.se
Full company details are available on /company/.
Privacy
Privacy Policy
Last updated May 7, 2026
Kort svensk sammanfattning: Integritetspolicy för Svenochelly AB. Senast uppdaterad 7 maj 2026.
2. Processing matrix
| Data category | Purpose | Legal basis | Recipients | Transfers | Retention |
|---|---|---|---|---|---|
| Learning data and local date-only legal acceptance record stored on your device | Provide core learning functionality | Art. 6(1)(b) GDPR | Stored locally on your device only | No controller-side transfer | Until deleted by you or browser reset |
| Local Pro entitlement record stored on your device | Enable and restore platform-billed Pro access, including local product ID, platform, purchase status, purchase date, sync date, and transaction ID where provided by the app marketplace | Art. 6(1)(b) GDPR | Stored locally on your device only | No controller-side transfer | Until deleted, reset, or replaced by newer local sync data |
| Local exercise history and mistake records, including typed answers and saved speech transcripts | Provide feedback, review history, and progress features | Art. 6(1)(b) GDPR | Stored locally on your device only | No controller-side transfer | Until deleted by you, app reset, or browser reset |
| Support/privacy/DSAR email communications (including billing support where applicable) | Handle support, billing, legal, and privacy requests | Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR, and Art. 6(1)(f) GDPR | Svenochelly AB, Loopia AB (processor) | EU/EEA only at launch | Up to 24 months after case closure |
| Essential local and session storage for preferences, notification reminder settings, widget sync state, speech-disclosure acknowledgement, and in-app navigation state | Store required preferences, manage local reminders/widgets where enabled, and preserve navigation state | Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR | Stored locally on your device only | No controller-side transfer | Until removed or reset by you/browser lifecycle |
| Operational security logs and aggregate traffic reports | Security operations, uptime monitoring, troubleshooting, and aggregate website traffic reporting | Art. 6(1)(f) GDPR | Svenochelly AB, Hetzner Online GmbH (processor) | EU/EEA only at launch | 14 days for access logs where enabled; aggregate reports exclude raw IP addresses, user agents, and persistent visitor IDs |
3. On-device storage and cookies
LEK (SFS 2022:482, ch. 9 section 28): only essential storage is used; no non-essential cookies or tracking are active. Required storage includes on-device learning data, local preferences, local reminder/widget state where enabled, speech-disclosure acknowledgement, and navigation state.
The app stores a local date-only legal acceptance record, practice history, mistake records, and settings on your device. User-exported backups are minimized and exclude mistake text, XP history, session history, and purchase entitlements. In supported purchase-enabled mobile versions, the app also stores a local Pro entitlement record so the service can reflect purchase status for that platform.
Aggregate website traffic reports are produced from short-retention server access logs. This reporting does not use client-side analytics scripts, analytics cookies, browser storage identifiers, or third-party analytics providers.
4. Microphone and speech recognition
Speech features are user-activated. Your browser, Apple speech recognition, or Android speech-recognition provider may process microphone audio to transcribe speech.
Svenochelly AB does not store raw microphone audio in controller-operated systems. Recognized speech text may be stored locally on your device as active exercise state or mistake/history records.
When those speech-recognition providers act in their own capacity, their processing is governed by their own terms and privacy notice rather than Svenskly's controller-side processor list.
Lawful basis: Art. 6(1)(b) GDPR for requested speech functionality.
5. Payments and app-marketplace billing
Pro purchases are handled through Apple App Store or Google Play in the mobile apps. Those billing channels may process purchase and account data in their own capacity under their own terms and privacy notices rather than as Svenskly's processors.
Svenochelly AB does not send mobile purchase transaction IDs or entitlement records to controller-operated servers at launch. The app stores only the local entitlement data needed to show purchase status for the mobile platform you use.
6. Processors and international transfers
Current processors are listed on /processors/. Svenskly's own controller-side infrastructure is EU/EEA only at launch.
If transfers outside the EU/EEA are introduced in controller-side systems or processors we engage, we apply GDPR safeguards including Standard Contractual Clauses where required and update this policy.
7. Your GDPR rights and complaints
You may request access, rectification, erasure, restriction, objection, and portability where applicable. Request instructions are on /data-rights/.
You may complain to Sweden's supervisory authority: Integritetsskyddsmyndigheten (IMY).
8. Identity verification and lawful exceptions
We may require proportionate identity verification before disclosure, correction, or deletion. Where GDPR permits, we may refuse or limit requests and will provide the legal basis plus complaint-rights information.
9. Changes to this policy
We may update this policy when legal, technical, or operational conditions change. The updated version applies from the effective date on this page.