Privacy Policy

Last updated: March 7, 2026

1. Data Controller

The data controller for Apiverket.se is Cuon Aktiebolag, org.nr 559459-3526, registered in Sweden. For privacy-related questions, contact us at privacy@apiverket.se.

2. Information We Collect

We collect the following information when you use our services:

• Account information: Email address and name provided during API key registration.
• API usage data: Endpoints called, request timestamps, response times, IP addresses, and HTTP headers sent with API requests.
• Technical data: Browser type, operating system, and device information when accessing our website or dashboard.

3. Legal Basis (GDPR Art. 6)

We process your personal data based on:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the API service you signed up for.
• Legitimate interest (Art. 6(1)(f)): Rate limiting, abuse prevention, and service improvement.
• Consent (Art. 6(1)(a)): Where we rely on consent (e.g. marketing emails), you may withdraw it at any time.

4. How We Use Your Information

• To provide, maintain, and improve our API services.
• To enforce rate limits, prevent abuse, and ensure platform security.
• To generate aggregated, anonymized usage statistics.
• To communicate service updates, security alerts, and billing information.

5. Data Sources

Apiverket.se aggregates publicly available data from Swedish government agencies (SMHI, Trafikverket, SCB, Riksdagen, etc.). We do not store the underlying government data permanently; it is cached temporarily to improve response times. The original data is governed by each agency's own data license, typically Swedish open data licenses.

6. Data Retention

API usage logs are retained for 90 days. Account information is retained as long as your account is active. After account deletion, we retain anonymized aggregate statistics but remove all personally identifiable data within 30 days.

7. Data Sharing & Sub-processors

We do not sell your personal information. We share data with the following sub-processors as necessary to operate the service:

• Google Cloud Platform (Finland, eu-north1): Application hosting and compute.
• Upstash (EU region): Redis caching for rate limiting.
• PostHog (EU region): Product analytics (only with your consent).

We may also disclose data when required by Swedish or EU law, or to protect our legal rights.

8. International Transfers

All primary data processing occurs within the EU/EEA. Where sub-processors transfer data outside the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

9. Security

We use industry-standard security measures including encrypted connections (TLS 1.2+), hashed API keys, and access controls. API keys are stored using one-way hashes and cannot be recovered by our staff.

10. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access the personal data we hold about you.
• Rectification of inaccurate or incomplete data.
• Erasure of your data ("right to be forgotten").
• Data portability — export your data in a machine-readable format.
• Restriction of or objection to processing.
• Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at privacy@apiverket.se. We will respond within 30 days.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.

11. Cookies, Local Storage & Analytics

Our website uses localStorage to persist:

• Your language preference (EN/SV).
• Cookie/analytics consent status.
• Dashboard session token (after login).

If you accept analytics via the consent banner, we load PostHog (EU-hosted, eu.i.posthog.com) to collect anonymous usage data such as page views, button clicks, and session replays. PostHog stores data in the EU and does not share it with third parties. You can withdraw consent at any time by clearing your browser's localStorage for this site.

We do not use advertising pixels or share data with ad networks.

12. Changes

We may update this policy from time to time. Material changes will be communicated via email to registered users and posted on this page with an updated date.