1. Data controller

Kaistone AB, reg no 559518 7385, based in Uppsala, Sweden, is the data controller for the personal data described in this policy.

2. Personal data we may process

  • Contact details: name, email, phone, company and role.
  • Customer and invoicing data: billing address, registration number, payment status and finance related communication.
  • Support and communication: messages, tickets, feedback and meeting notes.
  • Website technical data: IP address, device data, logs and cookie identifiers.

3. Why we process personal data

  • To handle inquiries, demos, quotes and customer dialogue.
  • To deliver the service, administer accounts and provide support.
  • To invoice and manage payments.
  • To improve the website and user experience.
  • To comply with legal obligations, such as accounting rules.

4. Legal basis

  • Contract: when processing is necessary to enter into or perform a contract.
  • Legitimate interests: for example to respond to requests, improve the service and prevent misuse.
  • Legal obligation: for example accounting requirements.
  • Consent: for certain cookies or marketing where required.

5. Storage and retention

We keep personal data as long as needed for the purpose of processing. Financial records are kept as required by accounting rules. Support and communication is typically kept during the customer relationship and for a period afterwards to handle claims and questions.

6. Where data is processed

Data is normally stored and processed within the EU. If a provider processes data outside the EU we ensure appropriate safeguards, such as standard contractual clauses, where required.

7. Recipients and providers

  • Providers for operations, hosting, analytics, communication and payments may process data on our behalf.
  • Authorities may receive data if we are legally required.
  • We do not sell personal data.

8. Your rights

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate data.
  • Erasure: delete data where applicable.
  • Restriction: restrict certain processing.
  • Objection: object to processing based on legitimate interests.
  • Data portability: receive data in a structured format in certain cases.
  • Withdraw consent: where processing is based on consent.

9. Cookies

We use cookies and similar technologies. See our Cookie Policy for details and how to manage your consent.

10. Contact and complaints

Contact us at support@kaistone.ai for questions or to exercise your rights. You may also lodge a complaint with the Swedish Authority for Privacy Protection.

11. Changes

We may update this policy. The latest version is published on the website.