Richtus AB

Legal

Privacy Policy

Last updated: 2026-05-20

This privacy policy explains how Richtus AB processes personal data in connection with our business operations and our products and services. We follow the EU General Data Protection Regulation (GDPR) and Swedish data-protection law.

Data controller

Richtus AB, organisation number 556645-7635, with registered office at Kyrkogatan 15, 571 32 Nässjö, Sweden, is the controller for the personal data described in this policy. For data-protection enquiries, contact info@richtus.se.

What personal data we process

Website visitors

This website does not set tracking cookies and does not run third-party analytics. Our hosting provider (Vercel) maintains standard server logs that may include IP address, user-agent string, requested URL, and timestamp. These logs are used for security and operational diagnostics only.

Clients of Accent Studio

When we onboard a client of Accent Studio (a brand we operate marketing for), we process business-contact data and the data necessary to perform the services, governed by a signed services agreement. We may also receive access tokens for third-party platforms the client uses (such as Klaviyo, Omnisend, or Meta) for the duration of the engagement.

End-users of platforms we integrate with

When operating marketing programs for a client, we process end-user data already held in the client's own platforms. We act as a data processor for that client, never as an independent controller. The data types and processing purposes are defined in the client's own privacy notice and our data-processing agreement with the client.

Purposes of processing

  • Operating and securing the website and our internal systems.
  • Delivering contracted services to clients of Accent Studio.
  • Responding to enquiries received by email.
  • Meeting legal and accounting obligations under Swedish law.

Legal basis

We rely on the following legal bases under GDPR Article 6:

  • Contract (Art. 6(1)(b)) — for services delivered to clients.
  • Legitimate interest (Art. 6(1)(f)) — for normal business operations, including server logs and responding to enquiries.
  • Legal obligation (Art. 6(1)(c)) — for retention of accounting records under the Swedish Bookkeeping Act (bokföringslagen).
  • Consent (Art. 6(1)(a)) — where consent is the relevant basis, for example for direct marketing.

Retention

We retain personal data only for as long as needed for the purposes above. Accounting records are retained for seven years from the end of the relevant financial year, as required by Swedish law. Operational records (server logs, support correspondence) are kept for a shorter period, typically up to twelve months. When an engagement with a client ends, we delete operational data and revoke platform access according to the terms of the agreement.

Your rights

Under GDPR you have the right to request access to your personal data, rectification of inaccurate data, erasure, restriction of processing, data portability, and to object to processing carried out on the basis of legitimate interest. Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, write to info@richtus.se. You also have the right to lodge a complaint with the Swedish data-protection authority, Integritetsskyddsmyndigheten (IMY).

International transfers and sub-processors

We use the following sub-processors in delivering our services:

  • Vercel — website hosting. Data may be processed in the European Union or the United States under the EU–US Data Privacy Framework.
  • Supabase (EU region) — application database and storage for internal systems. Data is processed in the European Union.
  • Anthropic — large-language-model inference for our AI tooling. Data may be processed in the United States under appropriate transfer mechanisms.
  • Google Workspace — email and document storage for internal operations.

Where personal data is transferred outside the European Economic Area, we rely on European Commission adequacy decisions or Standard Contractual Clauses, supplemented by additional safeguards where appropriate.

Security

We apply reasonable technical and organisational measures to protect personal data, including access controls, encryption in transit, and least-privilege handling of credentials. No system is absolutely secure, but we treat data protection as an operational priority.

Changes to this policy

We may update this policy as our processing changes or as the law evolves. The "last updated" date at the top reflects the most recent revision.

Contact

For any question about this policy or about our processing of personal data, email info@richtus.se.