1. Controller and contact details
Data controller: Svenochelly AB
Organization number (org.nr): 559572-4468
Registered seat: Linköping, Sweden
Postal address: Västanågatan 26A lgh 1202, 582 35 Linköping, Sweden
Contact: info@svenskly.se
Privacy
Privacy Policy
Last updated April 25, 2026
Policy version: 2026-04-25-v14-web-free
Svensk översättning: Integritetspolicy för Svenochelly AB. Senast uppdaterad 25 april 2026.
2. Processing matrix
| Data category | Purpose | Legal basis | Recipients | Transfers | Retention |
|---|---|---|---|---|---|
Learning data and local legal acceptance record in IndexedDB svenskly | Provide core learning functionality | Art. 6(1)(b) GDPR | Stored locally on your device only | No controller-side transfer | Until deleted by you or browser reset |
Local Pro purchase entitlement record in IndexedDB svenskly (product ID, platform, entitlement status, purchase timestamp, last sync timestamp, and store transaction ID if the native billing channel supplies it to the app) | Enable paid Pro access on-device and support restore/sync of platform-billed purchases | Art. 6(1)(b) GDPR | Stored locally on your device only | No controller-side transfer | Until deleted by you, app reset, browser reset, or replaced by newer sync data |
Local exercise history and mistake records in IndexedDB svenskly (including typed dictation answers and speech-recognition transcripts that are saved as exercise mistakes) | Provide exercise feedback, keep local review history, and support progress features | Art. 6(1)(b) GDPR | Stored locally on your device only | No controller-side transfer | Until deleted by you, app reset, or browser reset |
| Support/privacy/DSAR email communications (including billing support where applicable) | Handle support, billing, legal, and privacy requests | Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR, and Art. 6(1)(f) GDPR | Svenochelly AB, Loopia AB (processor) | EU/EEA only at launch | Up to 24 months after case closure |
Essential local and session keys (se_show_swedish, svenskly_speech_disclosure_ack_v1, svenskly.nav.currentHref, svenskly.nav.previousHref, svenskly.nav.scrollPositions, svenskly.nav.currentSource) | Store required preferences and preserve in-app navigation state during the current browser session | Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR | Stored locally on your device only | No controller-side transfer | Until removed or reset by you/browser lifecycle |
| Operational security logging and aggregate traffic measurement records (access log entries where enabled, including IP address, user agent, timestamp, requested path, status code, and referrer; application error logs; service state logs) | Security operations, uptime monitoring, troubleshooting, and aggregate website traffic reporting | Art. 6(1)(f) GDPR | Svenochelly AB, Hetzner Online GmbH (processor) | EU/EEA only at launch | 14 days for access logs where enabled, short operational window for service logs; aggregate reports do not contain raw IP addresses, user agents, or persistent visitor IDs |
3. On-device storage and cookies
LEK (SFS 2022:482, ch. 9 section 28): only essential storage is used; no non-essential cookies or tracking are active.
Required storage is IndexedDB svenskly, local keys
se_show_swedish, svenskly_speech_disclosure_ack_v1,
and session keys svenskly.nav.currentHref, svenskly.nav.previousHref,
svenskly.nav.scrollPositions, and svenskly.nav.currentSource.
The app stores a local legal acceptance record in IndexedDB to enforce Terms of Use and Privacy Policy acceptance. The same IndexedDB also stores local practice history and mistake records used for exercise feedback and review. In supported purchase-enabled mobile versions, it also stores a local Pro entitlement record so the service can reflect purchase status on your device for that platform.
Aggregate website traffic reports are produced from short-retention server access logs. This reporting does not use client-side analytics scripts, analytics cookies, browser storage identifiers, or third-party analytics providers.
4. Microphone and speech recognition
Speech features are user-activated. Depending on platform, browser speech-recognition providers, Apple speech recognition services, or your device's Android speech-recognition provider may process microphone audio to transcribe speech.
Svenochelly AB does not store raw microphone audio from these speech-recognition flows in controller-operated systems. Recognized speech text may still be stored locally on your device as part of active exercise state and local mistake/history records in IndexedDB when you use pronunciation or dictation features.
When those speech-recognition providers act in their own capacity, their processing is governed by their own terms and privacy notice rather than Svenskly's controller-side processor list.
Lawful basis: Art. 6(1)(b) GDPR for requested speech functionality.
5. Payments and app-marketplace billing
Pro purchases are handled through Apple App Store or Google Play in the mobile apps. Those billing channels may process purchase and account data in their own capacity under their own terms and privacy notices rather than as Svenskly's processors.
In the current implementation, Svenochelly AB does not send mobile purchase transaction IDs or entitlement records to controller-operated servers at launch. The service stores only the local entitlement data needed to reflect purchase status for the mobile platform you use. iOS and Android each require a separate purchase. Browser access does not require a web purchase.
6. Processors and international transfers
Current processors are listed on /processors/. Svenskly's own controller-side infrastructure is EU/EEA only at launch.
Browser providers, OS/device speech-recognition providers, app marketplaces, and payment platforms that act in their own capacity are not listed on /processors/ unless they process personal data on our behalf.
If transfers outside the EU/EEA are introduced in controller-side systems or processors we engage, we apply GDPR safeguards including Standard Contractual Clauses where required and update this policy.
7. Your GDPR rights and complaints
You may request access, rectification, erasure, restriction, objection, and portability where applicable. Request instructions are on /data-rights/.
You may complain to Sweden's supervisory authority:
Integritetsskyddsmyndigheten (IMY).
8. Identity verification and lawful exceptions
We may require proportionate identity verification before disclosure, correction, or deletion. Where GDPR permits, we may refuse or limit requests and will provide the legal basis plus complaint-rights information.
9. Changes to this policy
We may update this policy when legal, technical, or operational conditions change. The updated version applies from the effective date on this page.