This policy explains how SvarKlar collects, uses, stores, and shares personal data. It covers four groups: people who visit our website, people who enter our giveaway, customers who sign up for the service, and the leads our customers ask us to reply to on their behalf.
1. Who we are
SvarKlar is a brand owned and operated by Store Investeringer ApS, CVR 41622644, Præstemosen 199, 2650 Hvidovre, Denmark. For privacy questions, email frederik@svarklar.com.
2. GDPR applies
SvarKlar is a Danish company, so the EU General Data Protection Regulation (GDPR) applies to everything we do, including work for customers and entrants outside the EU. GDPR gives you clear rights over your data regardless of where you live.
3. The roles we play
For website visitors, giveaway entrants, and data our customers give us directly (their own name, email, billing info), SvarKlar is the data controller. We decide what data is collected and why.
For data about our customers' leads (the names, emails, messages, and details that flow through their website contact forms and inboxes), SvarKlar is a data processor. The customer is the controller. They decide what we do with that data, and we act on their instructions.
4. What we collect
From website visitors
- Name, email, business name, website URL, and any message you submit through a form.
- Page views, button clicks, outbound link clicks, form interactions, and scroll depth.
- Technical context such as the page you used, the referring page, and campaign tags in the link if present.
- If you accept cookies, anonymized session recordings of how you move through the site, with every form input masked so we never capture what you type. No device fingerprinting.
From giveaway entrants
- What you submit in the entry form: your business name, your name, your email, what your business does, an optional description of what you'd like the AI to do, and an optional phone number.
- The date and the exact wording of the rules and privacy agreement you accept, and whether you opted in to receive offers, so we can show your consent if asked.
From customers
- Contact details (name, email, phone, business name, address).
- Billing information (handled by our payment provider once enabled, not stored on our servers beyond what the provider exposes).
- Business context needed to reply well (office hours, service area, escalation contact, tone, pricing posture, the kind of work you do).
- Access credentials or forwarding setup for the mailbox or form we reply from.
From leads the customer asks us to handle
- Whatever the lead sends through the customer's contact form or inbox: name, email, phone, address, service request, any details they include.
- The replies we send on the customer's behalf.
- Timestamps, intent classification, and a minimal activity log so we can show the customer what we did.
5. Legal basis for processing
- Contract for customer billing, account management, and fulfilling the service we agreed to. For giveaway entrants, accepting the official rules forms a contract, and we process your entry to run and judge the giveaway, select and notify winners, and set up your prize.
- Legitimate interest for securing our systems, improving the service, and keeping entries in the pool for future selection rounds you agreed to when you entered.
- Consent for website analytics cookies and session recording, which run only after you accept the cookie notice, and for marketing email, which we send only if you tick the optional offers box when you enter. You can withdraw either consent at any time.
- Customer instruction for data about leads, since the customer is the controller and we follow their rules.
- Legal obligation for records we have to keep under Danish or EU law (for example, billing records for tax purposes).
6. How we use data
- Reply to website leads on behalf of customers.
- Run and judge the giveaway, select and notify winners, and set up prizes.
- Build the activity summaries, reports, and logs we send back to the customer.
- Classify reply intent and escalate leads that need a human.
- Run billing and send service-related communications.
- Measure how the website and service work so we can improve them.
- Secure our systems and detect abuse.
We do not sell personal data. We do not use lead data for marketing to the leads themselves. We do not train external models on customer or lead data beyond what the service requires. If you give a phone number when you enter the giveaway, we use it only for direct, individual contact if you are selected, never for bulk texts or automated calls.
7. AI-generated replies
Some replies SvarKlar sends to our customers' leads are drafted by an AI model (currently Anthropic's Claude) with human oversight on escalation cases. The AI reads the lead's message, the customer's business context, and the customer's reply playbook, then produces a draft. For routine replies, the draft is sent directly. For cases outside the defined rules, the draft is sent to a human for review before sending. A minimal activity log records which path was taken so the customer has visibility.
8. Subprocessors
SvarKlar uses the following service providers to run the service. Each processes only the data they need to do their job, under contracts that require them to protect your data.
- Cloudflare (United States / global): website hosting and the form-submission backend that receives your form entries, including giveaway entries, before relaying them to us by email.
- Hetzner (Germany, EU): server hosting and encrypted backups.
- Brevo (France, EU): outbound email sending.
- Purelymail (United States): the
hello@svarklar.cominbox and the SMTP relay that sends the auto-reply and the notification when you submit a form. - PostHog (EU region): website analytics and session replay, used only if you accept cookies. Recordings mask every form input, so PostHog never receives your typed name, email, phone, or message. If you decline, PostHog counts your visit anonymously, with no cookies and no recording.
- Anthropic (United States): AI model for drafting replies.
- Cal.com (United States): scheduling, if you book a call with us.
- Telegram (international): operator alerts for new entries and escalation cases.
Not yet active: we plan to use Stripe (United States) for payments and Billy (Denmark, EU) for invoicing once paid billing goes live. Neither processes any personal data today, and we will update this list before they do.
9. International data transfers
Some of our subprocessors are based outside the EU (United States): Cloudflare, Purelymail, Anthropic, and Cal.com. Where EU personal data is transferred to the US, we rely on the providers' own legal mechanisms (for example, standard contractual clauses or adherence to the EU-US Data Privacy Framework).
10. Retention
- Website analytics and session recordings: analytics events are kept while analytics is enabled; session recordings (accepters only) are kept for 30 days, then deleted.
- Giveaway entries: kept for up to 5 years so we can run the giveaway, award prizes to selected entrants, and keep our records, then deleted. We delete your entry sooner on request.
- Customer data: kept while the customer is active, plus up to 90 days after cancellation to support transitions and backups. Earlier deletion available on request.
- Lead data: kept only as long as needed to deliver the service, plus the same 90-day backup window after the customer cancels. Customers can request deletion at any time.
- Billing and tax records: kept for as long as Danish or EU law requires.
11. Your rights
Under GDPR, you can:
- request a copy of the data we hold about you;
- ask us to correct data that is wrong;
- ask us to delete data we no longer need to keep;
- restrict or object to how we process your data;
- withdraw consent (for example, to marketing email) at any time;
- request a portable copy of the data you gave us.
If you are a lead whose data is being handled by SvarKlar on behalf of one of our customers, the customer is the data controller. Please contact the customer directly for access or deletion. We will support the customer in fulfilling your request.
To exercise any of these rights, email frederik@svarklar.com.
12. Security
We use industry-standard security measures: encrypted connections (HTTPS), least-privilege access, credentials stored outside the public repository, and regular backups. No system is perfect. If a breach affects your data, we will notify you in line with GDPR's 72-hour rule where applicable.
13. Cookies
This website uses cookies for analytics, but only if you accept them. They let our analytics provider (PostHog) measure how visitors use the site and, when you accept, record anonymized sessions with every form input masked, so we can see what works and improve it. We do not use cookies for advertising or to track you across other websites. A short notice on your first visit lets you accept or decline, and points you here. If you decline, we set no cookies and make no recording; we still count your visit anonymously. You can clear or block cookies any time in your browser settings, and you can ask us to delete your data using the contacts in section 11.
We also keep some temporary data in your browser for the current visit: the page you landed on, where you came from, a form-submit state, and any campaign tags in the link. That clears when you close the tab.
14. Complaints
If you believe SvarKlar is not handling your data properly, contact us first and we'll try to fix it. You also have the right to complain to the Danish Data Protection Authority (Datatilsynet) at datatilsynet.dk, or your local EU data protection authority if you live elsewhere in the EU.
15. Changes
This policy may be updated as the service evolves. The version published here is the current one. We'll refresh the "Last updated" date at the top when we change anything material.
16. Contact
Privacy questions: frederik@svarklar.com.