Integritetspolicy

Senast uppdaterad: 1 May 2026

Den här sidan finns just nu endast på engelska. Vi översätter den snart.

This Privacy Policy explains how KDC Sweden AB (“Bouny”, “we”, “us”) collects, uses and protects personal data when you visit bouny.ai, sign up for the Bouny service, or interact with apps and chats built on Bouny.

1. Who we are

The data controller is KDC Sweden AB, corporate registration number 556983-5720, registered in Sweden. For privacy questions, contact us at support@bouny.ai.

2. What data we collect

We collect personal data in three contexts:

2.1 Account data (Bouny customers)

• Name, email address, password hash, organization name
• Billing data (handled by Stripe — we never store full card numbers)
• Content you create on Bouny: agent configurations, system prompts, uploaded documents, app branding
• Usage data: API calls, login history, feature use, IP address, browser and device information

2.2 End-user data (people using apps built on Bouny)

If you use a chatbot or app built by a Bouny customer, that customer is the data controller for your conversations. Bouny processes the data on their behalf as a data processor. Typical data:

• Email address (if the app requires sign-in)
• Chat messages and any files you attach
• Usage logs (timestamps, message counts)

2.3 Website visitors

• Analytics via Google Analytics 4 (anonymized IP, page views, session data)
• Cookies set by Google Tag Manager

3. Why we process the data and legal basis

• Provide the service — performance of contract (GDPR art. 6(1)(b))
• Billing and accounting — legal obligation (art. 6(1)(c))
• Security, abuse prevention, product improvement — legitimate interest (art. 6(1)(f)). For the targeted content review we may carry out when investigating suspected abuse, see Section 9.
• Marketing emails — your consent or legitimate interest for existing customers (you can opt out at any time)

4. Sub-processors

We rely on the following sub-processors to deliver the service. All are bound by data-processing agreements:

• Amazon Web Services (AWS) — hosting, storage, DynamoDB, Bedrock LLM inference (EU regions where possible)
• Vercel — web hosting for the Bouny portal
• Stripe — payment processing
• Mailjet — transactional email
• Sentry — error monitoring
• Google (Analytics, Tag Manager) — website analytics

A current list of sub-processors is available on request. We notify customers of material changes.

5. International transfers

We host Bouny primarily in the EU. Some sub-processors may transfer data outside the EU/EEA. Where this happens, we rely on the EU Standard Contractual Clauses or equivalent safeguards.

6. How long we keep data

• Account data — for the duration of your account, plus up to 90 days after deletion for backups
• Billing records — 7 years (Swedish accounting law)
• Conversation logs — controlled by the customer who owns the agent. Default: kept until customer deletes them
• Server logs — 30 days

7. Your rights

Under GDPR you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion (right to be forgotten)
• Restrict or object to processing
• Receive your data in a portable format
• Lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten, IMY)

To exercise any of these rights, email support@bouny.ai. We respond within 30 days.

8. Security

We use TLS in transit, AES-256 at rest, role-based access controls, and audit logging. Access to production systems is restricted to authorized personnel.

9. Content review and abuse investigation

Where we have reasonable grounds to suspect a breach of our Terms of Service — for example content prohibited under our Acceptable Use Policy, jailbreak attempts, fraud, or harm to end users — authorized Bouny personnel may review your content (agent configurations, system prompts, and conversation logs) to the extent necessary to investigate. The legal basis is our legitimate interest in security and abuse prevention (GDPR art. 6(1)(f)).

Such reviews are:

• Targeted — only triggered by a specific signal, report, or detected policy breach
• Proportionate — limited to the data needed to assess the suspicion
• Logged — we record who reviewed what, when, and the reason
• Confidential — restricted to a small set of authorized staff bound by confidentiality

If a review confirms a breach, we may suspend or terminate the account. If you believe a review was not proportionate, you can lodge a complaint with the Swedish Data Protection Authority — see Section 7.

10. Data Processing Agreement (DPA)

Customers processing end-user personal data on Bouny act as data controllers. We sign a DPA on request — email support@bouny.ai.

11. Cookies

We use strictly necessary cookies (session, CSRF) and optional analytics cookies (Google Analytics). You can disable non-essential cookies in your browser.

12. Changes to this policy

We may update this policy. Material changes will be communicated by email or via the portal at least 30 days before they take effect.

13. Contact

KDC Sweden AB
Org. nr 556983-5720
Email: support@bouny.ai