Privacy Policy for Ordnad

1 Data Controller

ORDNAD AB (Reg. no: 559584-0967) acts as the data controller for the information we collect about you as a user (e.g., contact details). For the data you upload into the platform regarding your organization (e.g., employee lists or documentation), Ordnad typically acts as a data processor under a separate Data Processing Agreement (DPA).

2 What data we collect

• Identity and contact details: Name, email address, job role, and organizational affiliation.
• Organizational data: Registration number, address, and billing information.
• Technical data: IP address, login credentials, browser type, time zone, and metadata regarding how you interact with the platform.
• User-generated content: Information and documents uploaded for analysis, as well as metadata linked to these files.

3 Purpose and legal basis

We process your data for various purposes. Common purposes and legal bases include:

4 How we use AI to process your data

Ordnad uses AI services to analyze and summarize information you upload, such as PDF documents, images, and spreadsheets. This data is sent to external AI providers (e.g., Mistral AI) for automated analysis.

• Data is sent via encrypted channels and processed according to data protection agreements.
• Ordnad instructs AI providers not to use your data for training new AI models.
• You can opt-out of AI analysis and review user-generated content manually.

5 Sharing of data

We share personal data only in the following cases:

• Service providers: We may share data with subcontractors who help us deliver the service (hosting, email, AI analysis).
• Legal obligation: In the event of a court order or compliance with laws, we may disclose data for legal purposes.
• Business transfer: In the event of a sale or merger of Ordnad, personal data may be transferred as part of the agreement.

6 Data security and storage

We implement technical and organizational measures to protect your personal data against unauthorized access, modification, or deletion. This includes:

• Encryption of data during transfer (TLS/SSL).
• Authentication and access control.
• Regular security audits and updates.
• Data storage with certified cloud service providers (Google Cloud).

7 Data storage and retention

We store personal data as long as necessary to fulfill the contract or comply with legal obligations. After a contract is terminated, personal data is deleted within a reasonable time, unless we are legally required to keep it. Content uploaded for analysis may be kept longer for auditing purposes.

8 Your rights under GDPR

You have the following rights regarding your personal data:

• Right of access: You can request to see what personal data we have about you.
• Right to rectification: You can demand that we correct inaccurate information.
• Right to erasure: You can request the deletion of your personal data (under certain conditions).
• Right to data portability: You can request to receive your data in a machine-readable format.
• Right to object: You can object to certain processing of your data.

To exercise these rights, you can contact us at privacy@ordnad.com.

9 Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our data processing or changes in legislation. We will notify you of material changes via email or through a clear notice on our website.