Privacy policy.

§ 01 — Data controller

BuildLogicStudio AB ("we", "us", "the studio") is the data controller for personal data processed through this site. Our registered office is at Arningetorpsvägen 48, 187 60 Täby, Sweden. The organisation number is 559273-1840. You can reach the data controller in writing at studio@buildlogicstudio.com.

§ 02 — What we collect

Through the public website we collect only the personal data you actively submit through a form: your name, email address, optional phone number, optional company name, country, and any free-text content of your message or notes. Through the checkout flow we additionally collect billing details required by Stripe; we do not see or store your card details ourselves.

Through our server logs we receive standard request metadata: the requesting IP address, the user-agent string, the requested URL, the timestamp, and the referrer. This metadata is retained for thirty days for security and abuse-prevention purposes, then automatically deleted.

We do not run any third-party advertising trackers, social-media pixels, or behavioural analytics on this site. The only optional analytics is a self-hosted Plausible instance which records aggregate, anonymous request counts; no individual identifiers are collected.

§ 03 — Why we process it

Personal data submitted through contact forms is processed under the legal basis of "legitimate interest" (Article 6(1)(f) GDPR): replying to a prospective client is the obvious purpose of a contact form, and we have a clear interest in being able to do so. Personal data submitted through checkout is processed under the legal basis of "performance of a contract" (Article 6(1)(b) GDPR): we cannot begin an engagement without the contact, billing, and project details supplied at checkout.

§ 04 — Retention

Contact form submissions are retained for 24 months from the date of submission, after which they are automatically deleted unless they have become part of an active engagement. Engagement records — contracts, invoices, project correspondence — are retained for seven years from the close of the engagement, in accordance with the Swedish Bookkeeping Act (Bokföringslagen 1999:1078).

Server logs are retained for thirty days. Cookie consent records are retained for the lifetime of the cookie, which is twelve months from the date of the choice.

§ 05 — Third parties

Three categories of third parties may process personal data on our behalf: infrastructure providers (Cloudflare for DNS and CDN; Hetzner Online GmbH for hosting; both within the EU), payment processing (Stripe Payments Europe Ltd., Dublin, Ireland), and communications (Fastmail Pty Ltd. for email; our self-hosted nextcloud for files). All of these are bound by data-processing agreements that meet GDPR requirements; none of them transfer personal data outside the EEA without the safeguards required by Chapter V of the GDPR.

§ 06 — Your rights

Under the GDPR and the Swedish Data Protection Act you have the right to: access the personal data we hold about you; rectify any of it that is inaccurate; erase it where there is no overriding legal basis (typically the Bokföringslagen requirements above); restrict our processing of it; object to our processing on legitimate-interest grounds; and request portability of any data you supplied us in a structured format.

To exercise any of these rights, write to studio@buildlogicstudio.com with proof of identity. We reply within one month, as required by Article 12(3) GDPR.

§ 07 — Complaints

If you believe that we are not handling your personal data lawfully, you have the right to lodge a complaint with the Swedish supervisory authority, the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, "IMY"), at imy@imy.se or +46 8 657 61 00. We would, however, appreciate the chance to address the concern directly first.

§ 08 — Changes to this policy

We may update this policy from time to time. Substantive changes are signposted on the home page for at least thirty days. The version date at the top of this page indicates the last update.