.svg)
Privacy Policy
1. Introduction
This Privacy Policy describes how Rukkor AB ("Rukkor", "we", "us", or "our") collects, uses, stores, and shares personal data when you visit our websites or use our services. We are committed to processing personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and applicable national data protection legislation.
This policy applies to all Rukkor websites and subdomains, and to all services provided by Rukkor, including **Rukkor** and **Geometra**. It does not apply to external websites or services linked from our platforms.
Rukkor may update this policy from time to time. The current version is always available at [rukkor.com/privacy-policy](https://www.rukkor.com/privacy-policy). See Section 14 for details on how we handle changes.
2. Data Controller
The data controller responsible for your personal data is:
**Rukkor AB**
Besökaregränd 2D
271 42 Ystad
Sweden
Organisation number: 556864-9635
VAT number: SE556864963501
Email: support@rukkor.com
Phone: +46 411 23 66 90
Website: https://rukkor.com
For questions or concerns regarding how we handle your personal data, please contact us at the address or email above.
3. Personal Data We Collect
We collect only the personal data necessary to fulfil the specific purposes described in this policy. Depending on how you interact with us, we may collect the following categories of data:
3.1 Data you provide directly
- First and last name
- Email address
- Phone number
- Username, password, and other account credentials
- Company name and role (for business customers)
- Correspondence content (e.g. messages sent via email or live chat)
- Payment and billing information (processed by our payment providers; we do not store full card details)
3.2 Data collected automatically when you use our platforms
The type of data collected automatically varies by platform:
**Website (rukkor.com) and Geometra:**
- IP address
- Browser type and version
- Operating system and device type
- Pages visited and content interacted with
- Date and time of visits
- Referring URLs and exit pages
- Session duration and click patterns
**Rukkor apps:**
- No behavioural or analytical data is collected. Only data strictly necessary to deliver the service (such as account credentials and session state) is processed, and all data is hosted exclusively within Europe.
3.3 Data collected from third-party and public sources
Where we identify potential customers for sales and marketing purposes, we may collect business contact information (name, professional email address, job title, and company) from publicly available sources such as company websites and business registries. If we collect your data in this way, we will inform you in our first direct communication with you, in accordance with Article 14 of the GDPR.
3.4 Data processed within our products (customer-uploaded content)
Both Rukkor and Geometra allow customers to upload, store, and process their own documents and files. In Rukkor this includes communications, meeting notes, project files, and other stored content. In Geometra this includes drawings, measurements, takeoff data, and estimation materials. This content may incidentally contain personal data (for example, names or contact details of colleagues, subcontractors, or project parties).
Rukkor does not control or inspect the content customers choose to store within our products. It is the responsibility of each customer to ensure that their use of our services complies with applicable data protection law in relation to any personal data they process through our platform. In this context, Rukkor acts as a **data processor** on behalf of the customer, who is the data controller for that content.
Customers who require a formal Data Processing Agreement (DPA) governing Rukkor's role as processor are welcome to contact us at support@rukkor.com.
4. Purposes and Legal Bases for Processing
We process your personal data only where a valid legal basis under Article 6 GDPR applies. The table below sets out the purposes for which we process personal data and the legal basis for each.
Where we rely on **legitimate interest** as our legal basis, we have assessed that our interests are not overridden by your rights and freedoms. You may object to processing based on legitimate interest at any time (see Section 10).
Where we rely on **consent**, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.
5. Cookies and Tracking Technologies
Our three platforms handle tracking differently, as set out below.
5.1 Rukkor website (rukkor.com)
Our public website uses cookies and similar tracking technologies for analytics and advertising purposes. You can manage your preferences at any time through our cookie preference centre, accessible via the "Cookie Settings" link in the footer.
**Essential cookies** are strictly necessary for the website to function — for example, to keep you signed in or remember your language preference. No consent is required for these.
**Analytical cookies (consent required)** help us understand how visitors use our website — which pages are visited, where errors occur, and how to improve the experience. We use Google Analytics and Google Tag Manager for this purpose.
**Marketing and advertising cookies (consent required)** are used to deliver relevant advertisements, limit ad repetition, and measure campaign effectiveness. They may track your activity across websites. We use Google Ads, Meta (Facebook) Business Pixel, and LinkedIn Insight Tag for this purpose.
5.2 Geometra
The Geometra application uses analytical and advertising tracking to help us understand product usage and reach relevant audiences. The same cookie categories described above (essential, analytical, and marketing) apply within Geometra. Consent is managed through the in-app cookie preference centre.
5.3 Rukkor apps
The Rukkor applications do not use any tracking or advertising technologies. No cookies are placed for analytical or advertising purposes, and no data is shared with third-party advertising or analytics platforms. All data within the Rukkor apps is hosted exclusively on servers located within Europe.
6. Third-Party Service Providers
We share personal data with trusted third-party providers who process data on our behalf ("data processors"). All processors are bound by data processing agreements and are required to implement appropriate technical and organisational safeguards.
**SCCs** = Standard Contractual Clauses approved by the European Commission under Article 46(2)(c) GDPR, used as the appropriate safeguard for transfers to third countries outside the EU/EEA. You may request copies of the applicable SCCs by contacting us.
7. Use of Artificial Intelligence
7.1 AI features in our products
We integrate **Mistral AI** to power certain AI-assisted features within the **Rukkor platform**. When you use these features, content or data you submit may be processed by Mistral AI in order to generate a response or output. Mistral AI is a French company headquartered in Paris and processes data within the EU.
Our relationship with Mistral AI is governed by a Data Processing Addendum (DPA) under which Mistral AI acts as a data processor on our behalf. Key points of this arrangement:
- Mistral AI processes personal data only in accordance with our documented instructions.
- By default under Mistral AI's terms, customer data may be used to train their AI models. **We have opted out of this**, meaning data you submit through our products is not used by Mistral AI for model training purposes.
- Mistral AI maintains a list of its subprocessors at [trust.mistral.ai](https://trust.mistral.ai).
- Upon termination of our agreement, personal data is deleted within 30 days.
The legal basis for this processing is the performance of your contract with us (Art. 6(1)(b) GDPR).
7.2 Internal AI tools
We use AI tools from OpenAI, Anthropic, and Google internally to support our own operations — for example, for drafting, research, and internal development tasks. These tools are used by Rukkor staff and are subject to each provider's own data processing terms.
We take care to avoid submitting identifiable customer personal data to these tools. However, in cases where personal data may be involved — such as when handling a support query — we rely on our legitimate interest in operating our business efficiently (Art. 6(1)(f) GDPR) and require staff to follow internal data handling guidelines.
8. International Data Transfers
Several of our service providers are headquartered in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure that such transfers are governed by appropriate safeguards in accordance with Chapter V of the GDPR. The primary mechanism we rely on is Standard Contractual Clauses (SCCs). Where applicable, we also take supplementary measures to ensure an equivalent level of protection.
9. Retention Periods
We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.
When data is no longer required, it is securely deleted or anonymised. Anonymised data may be retained indefinitely for statistical or analytical purposes, as it no longer constitutes personal data.
10. Your Rights
Under the GDPR, you have the following rights regarding your personal data. You may exercise any of these rights by contacting us at support@rukkor.com. We will respond within one month. There is no fee for making a request, though we reserve the right to charge a reasonable fee or decline requests that are manifestly unfounded or excessive.
- **Right of access (Art. 15):** You may request a copy of the personal data we hold about you and information about how it is processed.
- **Right to rectification (Art. 16):** You may request that inaccurate or incomplete data be corrected.
- **Right to erasure (Art. 17):** You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent, or where you have successfully objected to processing. This right does not apply where we are required to retain data by law (e.g. bookkeeping obligations).
- **Right to restriction of processing (Art. 18):** You may request that we limit processing of your data in certain circumstances — for example, while we verify the accuracy of data you have contested.
- **Right to data portability (Art. 20):** Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format. We provide personal data exports in **CSV and PDF** format upon request, and can transmit these to another controller where technically feasible.
- **Right to object (Art. 21):** You may object at any time to processing based on legitimate interest, including profiling for direct marketing. If you object to direct marketing, we will stop processing your data for that purpose immediately.
- **Right to withdraw consent:** Where processing is based on consent, you may withdraw it at any time through the relevant channel (e.g. cookie settings, unsubscribe link in emails, or by contacting us). Withdrawal does not affect the lawfulness of prior processing.
- **Rights related to automated decision-making (Art. 22):** We do not currently make decisions that produce legal or similarly significant effects solely by automated means. If this changes, we will update this policy and inform you accordingly.
How to request account and data deletion
To request deletion of your account and associated personal data, send an email to **support@rukkor.com** with the subject line **"Request for Account Deletion"**. Your email must include the following information so that we can locate and verify your account:
- First name
- Last name
- The email address associated with the account you wish to delete
We will process your request promptly and confirm deletion no later than **30 days** from the date we receive your request. Upon completion, we will send a written confirmation to the email address provided. Please note that certain data may be retained beyond this period where required by law — for example, invoicing records which must be kept for 7 years under Swedish bookkeeping legislation.
To exercise any other rights listed above, please contact us at support@rukkor.com, clearly stating your identity and your specific request. We may ask you to provide proof of identity before processing your request.
11. Automated Decision-Making and Profiling
We do not currently make automated decisions that produce legal effects or similarly significantly affect you. We use analytical tools that create aggregated user profiles to improve our marketing and services, but no individual automated decisions are made on this basis.
12. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, and destruction. These measures include encryption, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with our obligations under Articles 33 and 34 GDPR.
13. Children
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us and we will take steps to delete it promptly.
14. Changes to This Policy
We may update this policy from time to time to reflect changes in our services, legal obligations, or data processing practices. Minor updates — such as adding a new service provider or clarifying existing language — will take effect upon publication. For material changes that affect how we process your personal data, we will notify affected users by email or through a prominent notice on our website. Where a change requires your consent, we will seek that consent before the new processing begins. The current version of this policy is always available at [rukkor.com/privacy-policy](https://www.rukkor.com/privacy-policy), with the date of the most recent revision shown at the top.
15. Complaints and Supervisory Authority
If you have concerns about how we handle your personal data and are not satisfied with our response, you have the right to lodge a complaint with the Swedish supervisory authority:
**Integritetsskyddsmyndigheten (IMY)**
Box 8114
104 20 Stockholm
Sweden
Website: [imy.se](https://www.imy.se)
Email: imy@imy.se
You may also lodge a complaint with the supervisory authority in the EU member state of your habitual residence or place of work.
*Rukkor AB — Privacy Policy — Version dated 6 May 2026*
.svg)