Klaffa SV
Legal · Personal data

Privacy policy

How Klaffa AB handles personal data on klaffa.app. Short, concrete, no unnecessary legalese.

Effective 2026-07-02 Version 1.0 Scope klaffa.app

This policy covers our public marketing site klaffa.app. Processing of personal data inside the Klaffa product itself (schedules, call sheets, agreements, payroll) is governed by a separate Data Processing Agreement (DPA) between Klaffa and the customer's production company. Two different things — this document is only about the website.

§1Controller

The controller for processing on klaffa.app is:

§2What we collect

Contact form

When you submit the contact form on klaffa.app we store your name, production company, email address, and message. We use it to reply to your enquiry and to follow up on that conversation. Filling in the form is always voluntary.

Server and access logs

Our hosting provider (Vercel) logs standard technical data for every request: IP address, timestamp, URL, HTTP status, referer, user agent. This is standard web-server data needed to operate the site and identify abuse.

Cookies and local storage

Klaffa.se sets no cookies for tracking, analytics, or advertising. We do not display cookie banners because there is nothing to consent to. If we ever introduce analytics, we will announce it clearly and give you a choice.

What we do not collect

§3Legal basis

ProcessingLegal basis (GDPR art. 6)
Contact form: replying to your enquiryLegitimate interest (art. 6(1)(f)) — responding to a message you sent us
Server logs: operations, security, abuse preventionLegitimate interest (art. 6(1)(f))
Steps toward a contract if the enquiry leads to a quote / dialoguePre-contractual measures at your request (art. 6(1)(b))

§4Retention

§5Who sees the data

We do not sell personal data. We do not share it for marketing purposes. The following processors handle data on our behalf to operate the website:

ProviderPurposeRegion
Vercel Inc.Hosting klaffa.app, HTTP logsEU / global CDN
[Email provider, e.g. Fastmail / Google Workspace]Receiving form submissions and replying to enquiries[EU / US]

For transfers outside the EU/EEA we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where required, supplementary measures.

§6Your rights

Under the GDPR you have the right to:

Contact privacy@klaffa.app. We respond within 30 days.

If you are unhappy with how we handle your data you have the right to complain to the Swedish Authority for Privacy Protection, IMY. We would appreciate hearing from you first so we get a chance to fix it.

§7Security

Klaffa.se is served exclusively over TLS. Form submissions are encrypted in transit. Access to enquiries is restricted to Klaffa staff who need it to reply. Security in the Klaffa product itself — bank-data encryption, row-level security, EU data residency, SOC 2 work in progress, and the GDPR DPA — is covered in separate security documentation.

§8Changes

For material changes we update the date and version at the top. For significant changes affecting your rights we will try to notify you directly if we have your email.

§9Contact

Questions about privacy or this policy: privacy@klaffa.app.