KLADDS · The Swedish AI company
Läs på svenska →Privacy Policy
This Privacy Policy explains how Byggarn AB, operating the KLADDS brand and the website kladds.com, collects and processes personal data when you visit this website or request early access to the KLADDS platform. We are committed to processing your personal data lawfully, transparently, and only for the purposes described here.
This policy covers the kladds.com marketing website only. When KLADDS is deployed as a private instance for a business customer (a tenant), that customer is the data controller for the business data it loads into its instance, and Byggarn AB acts as a data processor on that customer's behalf under a separate data processing agreement. See the section "Our role as a processor for customers" below.
1. Data controller and contact details
The data controller for personal data collected through kladds.com is:
- Byggarn AB
- Address: Lund, Skåne
- Contact for privacy matters: hej@kladds.com
We have not appointed a statutory Data Protection Officer, because our processing does not meet the thresholds in Article 37 of the General Data Protection Regulation (GDPR). You can reach the person responsible for data protection questions at the contact address above.
2. What personal data we collect
Right now, kladds.com is in early access and closed rollout. The product is not for sale, and the only action you can take on the site is to request access or ask to be notified. As a result, the personal data we collect is deliberately minimal.
2.1 Data you give us
- Email address. When you submit an early-access or notify request, we collect the email address you enter. We do not require your name, company, or any other field to submit that request.
- Any content you choose to send us. If you email us directly at hej@kladds.com, we process the contents of that message and your email address.
2.2 Data collected automatically
- Essential technical data. Like any website, our server processes your IP address and basic request information (browser type, timestamp, requested page) for the short time needed to deliver the page and keep the service secure. We do not use this data to build a profile of you and we do not run advertising or analytics trackers on kladds.com. See our Cookie and Storage Notice for details.
- Anonymous page statistics. Our pages send a first-party signal to our own server containing only the page path and the referring site's hostname. No IP address, cookie, identifier or fingerprint is stored with it, so it cannot be linked to you. We use these aggregate counts (legitimate interest, Article 6(1)(f) GDPR) to understand which pages are read.
We do not knowingly collect any special categories of personal data (Article 9 GDPR) through this website, and we ask you not to include such data in messages you send us.
3. Why we process your data and our legal basis
Under Article 13 GDPR, we must tell you the purpose of, and the legal basis for, each processing activity. They are:
- To register and manage your early-access or notify request, and to contact you when access opens or with related product updates. Legal basis: your consent (Article 6(1)(a) GDPR), which you give by submitting your email for this purpose. You can withdraw it at any time (see Section 6).
- To respond to enquiries you send us by email. Legal basis: our legitimate interest in answering people who contact us (Article 6(1)(f) GDPR), and, where your message concerns entering into an agreement, the pre-contractual steps under Article 6(1)(b) GDPR.
- To operate, secure, and troubleshoot the website. Legal basis: our legitimate interest in running a functioning and secure website (Article 6(1)(f) GDPR). Our interest is balanced against your rights; the data used for this purpose is limited and short-lived.
- To comply with legal obligations, for example bookkeeping duties or responding to a lawful authority request. Legal basis: legal obligation (Article 6(1)(c) GDPR).
Emails we send to the notify list are commercial electronic messages within the meaning of the Swedish Marketing Act (marknadsföringslagen 2008:486). Every such email will include a clear way to unsubscribe, and unsubscribing also withdraws your consent for that purpose.
4. Who we share your data with
We do not sell your personal data, and we do not share it for anyone else's marketing. We share data only with:
- Service providers acting as our processors, such as our website hosting, email delivery, and form-handling providers. They may only process your data on our documented instructions under a data processing agreement that meets Article 28 GDPR.
- Authorities or advisers where we are legally required to disclose data, or where it is necessary to establish, exercise, or defend legal claims.
We aim to keep processing within the EU/EEA. Where a provider processes personal data outside the EU/EEA, we rely on a valid transfer mechanism under Chapter V GDPR, such as an adequacy decision or the European Commission's Standard Contractual Clauses together with any supplementary measures needed. You can request details of the safeguards used by contacting us.
5. How long we keep your data
- Early-access and notify emails: until you unsubscribe or withdraw consent, or until we retire the list, whichever comes first. We review the list periodically and remove addresses we no longer have a basis to keep.
- Email correspondence: for as long as needed to handle the matter and a reasonable period afterwards, then deleted, unless a longer period is required by law.
- Essential server logs: a short period for security and troubleshooting, then deleted or aggregated.
6. Your rights
Under the GDPR you have the following rights in respect of your personal data. To exercise any of them, contact us at hej@kladds.com. We will respond within one month, and will tell you if we need to extend that period as permitted by Article 12(3) GDPR.
- Access (Article 15): a copy of the personal data we hold about you.
- Rectification (Article 16): correction of inaccurate or incomplete data.
- Erasure (Article 17): deletion of your data where the conditions apply.
- Restriction (Article 18): to limit our processing in certain situations.
- Data portability (Article 20): to receive data you provided to us in a structured, commonly used, machine-readable format.
- Objection (Article 21): to object to processing based on our legitimate interests.
- Withdraw consent (Article 7(3)): where processing is based on consent, you can withdraw it at any time; this does not affect processing already carried out.
You also have the right to lodge a complaint with a supervisory authority. In Sweden this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY), imy@imy.se, www.imy.se. You may also complain to the authority in your country of residence.
7. Our role as a processor for customers
When a business becomes a KLADDS customer, it receives its own isolated instance of the platform. Any personal data that customer loads into its instance (for example, a customer relationship management record of its own leads and contacts) is controlled by that business, not by us. For that data, Byggarn AB is a data processor and processes it only on the customer's documented instructions under a data processing agreement.
KLADDS is an AI system. Every action proposed by an automated agent is held in a human approval queue and is not carried out until a person at the customer approves it. If you are an individual whose data sits inside a customer's KLADDS instance and you want to exercise your rights, please contact that business (the controller); we will assist them as their processor.
8. Automated processing and AI transparency
The kladds.com website itself does not make automated decisions that produce legal or similarly significant effects about you within the meaning of Article 22 GDPR. Where the KLADDS product uses artificial intelligence, we design it so that a human reviews and approves agent actions. From 2 August 2026, where you interact directly with an AI system operated by us, we will tell you that you are interacting with AI, in line with Article 50 of the EU Artificial Intelligence Act.
9. How we protect your data
We apply appropriate technical and organisational measures under Article 32 GDPR, including access controls, encryption in transit, tenant isolation for customer instances, and the human approval queue that gates agent actions. No system is perfectly secure, but we work to protect your data proportionately to the risk.
10. Changes to this policy
We may update this Privacy Policy as the product and our processing evolve, in particular as KLADDS moves out of closed rollout. We will post the updated version here with a new date, and where the change is material we will take reasonable steps to notify you.
Last updated: 4 July 2026 (draft).