Privacy Policy

Last updated: April 14, 2026

This policy explains how SvarKlar collects, uses, stores, and shares personal data. It covers three groups: people who visit our website, customers who sign up for the service, and the leads our customers ask us to reply to on their behalf.

1. Who we are

SvarKlar is a brand owned and operated by Store Investeringer ApS, CVR 41622644, Præstemosen 199, 2650 Hvidovre, Denmark. For privacy questions, email frederik@svarklar.com.

2. GDPR applies

SvarKlar is a Danish company, so the EU General Data Protection Regulation (GDPR) applies to everything we do, including work for customers outside the EU. GDPR gives you clear rights over your data regardless of where you live.

3. Two roles we play

For website visitors and for data our customers give us directly (their own name, email, billing info), SvarKlar is the data controller. We decide what data is collected and why.

For data about our customers’ leads (the names, emails, messages, and details that flow through their website contact forms and inboxes), SvarKlar is a data processor. The customer is the controller. They decide what we do with that data, and we act on their instructions.

4. What we collect

From website visitors

  • Name, email, business name, website URL, and any message you submit through a form.
  • Page views, button clicks, outbound link clicks, form interactions, and scroll depth (via cookieless analytics).
  • Technical context such as the page you used, the referring page, and campaign tags in the link if present.
  • No cookies. No session replay. No device fingerprinting.

From customers

  • Contact details (name, email, phone, business name, address).
  • Billing information (handled by our payment provider, not stored on our servers beyond what the provider exposes).
  • Business context needed to reply well (office hours, service area, escalation contact, tone, pricing posture, the kind of work you do).
  • Access credentials or forwarding setup for the mailbox or form we reply from.

From leads the customer asks us to handle

  • Whatever the lead sends through the customer’s contact form or inbox: name, email, phone, address, service request, any details they include.
  • The replies we send on the customer’s behalf.
  • Timestamps, intent classification, and a minimal activity log so we can show the customer what we did.

5. Legal basis for processing

  • Contract for customer billing, account management, and fulfilling the service we agreed to.
  • Legitimate interest for website analytics (cookieless, no personal identifiers), securing our systems, and improving the service.
  • Customer instruction for data about leads, since the customer is the controller and we follow their rules.
  • Legal obligation for records we have to keep under Danish or EU law (for example, billing records for tax purposes).

6. How we use data

  • Reply to website leads on behalf of customers.
  • Build the morning brief, the weekly recap, and any activity logs we send back to the customer.
  • Classify reply intent and escalate leads that need a human.
  • Run billing and send service-related communications.
  • Measure how the website and service work so we can improve them.
  • Secure our systems and detect abuse.

We do not sell personal data. We do not use lead data for marketing to the leads themselves. We do not train external models on customer or lead data beyond what the service requires.

7. AI-generated replies

Some replies SvarKlar sends to our customers’ leads are drafted by an AI model (currently Anthropic’s Claude) with human oversight on escalation cases. The AI reads the lead’s message, the customer’s business context, and the customer’s reply playbook, then produces a draft. For routine replies, the draft is sent directly. For cases outside the defined rules, the draft is sent to a human for review before sending. A minimal activity log records which path was taken so the customer has visibility.

8. Subprocessors

SvarKlar uses the following service providers to run the service. Each processes only the data they need to do their job, under contracts that require them to protect your data.

  • Hetzner (Germany, EU) — hosting.
  • Brevo (France, EU) — outbound email sending.
  • Purelymail (United States) — the hello@svarklar.com operator inbox.
  • PostHog (EU region) — cookieless website analytics.
  • staticforms.dev (United States) — forwards contact-form submissions to our inbox.
  • Anthropic (United States) — AI model for drafting replies.
  • Telegram (international) — operator alerts for escalation cases.
  • Stripe (United States) — payment processing, once enabled.
  • Billy (Denmark, EU) — invoicing, when invoice billing is used.

This list may change as the service evolves. Material changes will be reflected on this page.

9. International data transfers

Some of our subprocessors are based outside the EU (United States). Where EU personal data is transferred to the US, we rely on the providers’ own legal mechanisms (for example, standard contractual clauses or adherence to the EU-US Data Privacy Framework).

10. Retention

  • Website analytics: kept for as long as analytics is enabled, with no personal identifiers attached.
  • Customer data: kept while the customer is active, plus up to 90 days after cancellation to support transitions and backups. Earlier deletion available on request.
  • Lead data: kept only as long as needed to deliver the service, plus the same 90-day backup window after the customer cancels. Customers can request deletion at any time.
  • Billing and tax records: kept for as long as Danish or EU law requires.

11. Your rights

Under GDPR, you can:

  • request a copy of the data we hold about you;
  • ask us to correct data that is wrong;
  • ask us to delete data we no longer need to keep;
  • restrict or object to how we process your data;
  • request a portable copy of the data you gave us.

If you are a lead whose data is being handled by SvarKlar on behalf of one of our customers, the customer is the data controller. Please contact the customer directly for access or deletion. We will support the customer in fulfilling your request.

To exercise any of these rights, email frederik@svarklar.com.

12. Security

We use industry-standard security measures: encrypted connections (HTTPS), least-privilege access, credentials stored outside the public repository, and regular backups. No system is perfect. If a breach affects your data, we will notify you in line with GDPR’s 72-hour rule where applicable.

13. Cookies

This website does not use cookies for analytics, marketing, or tracking. The only browser storage is temporary session data to remember your navigation context during a single visit.

14. Complaints

If you believe SvarKlar is not handling your data properly, contact us first and we’ll try to fix it. You also have the right to complain to the Danish Data Protection Authority (Datatilsynet) at datatilsynet.dk, or your local EU data protection authority if you live elsewhere in the EU.

15. Changes

This policy may be updated as the service evolves. The version published here is the current one. We’ll refresh the “Last updated” date at the top when we change anything material.

16. Contact

Privacy questions: frederik@svarklar.com.