← Akunta

Privacy Policy

Last updated: 10 April 2026

1. Data Controller

Akunta is the data controller for the processing of your personal data. Contact us at support@akunta.se for any data protection enquiries.

2. What data do we collect?

  • Account data: name, email address, password (hashed)
  • Business data: company name, organisation number, VAT number, address
  • Accounting data: receipts, invoices, transactions, payroll records and related documents you enter
  • Technical data: IP address, browser type, device type, error logs (Sentry) and anonymous usage patterns (Vercel Analytics)

3. Why do we process your data?

  • Contract performance (Art. 6.1.b GDPR): To provide the bookkeeping service — store your data, generate reports and invoices
  • Legal obligation (Art. 6.1.c GDPR): Swedish tax law (Skatteverket) and the Bookkeeping Act require us to handle accounting records correctly
  • Legitimate interest (Art. 6.1.f GDPR): Error logging to maintain service stability; anonymous performance measurements

4. Where is your data stored?

All accounting data is stored in a PostgreSQL database hosted by Supabase (AWS eu-west-1, Ireland). Uploaded files (receipt images, invoice PDFs) are stored in Supabase Storage (same region). No personal data is transferred to third parties outside the EU/EEA without adequate safeguards.

5. How long do we keep your data?

Accounting data is retained for as long as your account is active and for at least 7 years after the end of the financial year, as required by the Swedish Bookkeeping Act (7 ch. BFL). On account deletion, data is anonymised or deleted within 30 days, except where legally required.

6. Your rights

Under GDPR you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request erasure ("right to be forgotten"), subject to legal retention requirements
  • Request restriction of processing
  • Object to processing based on legitimate interest
  • Data portability — export your data in machine-readable format

Send requests to support@akunta.se. You may also lodge a complaint with the Swedish Data Protection Authority (IMY) at imy.se.

7. Cookies and tracking

We use the following cookies:

  • akunta_session — essential login token (httpOnly, 30 days)
  • akunta_auth — login UI indicator (30 days)
  • locale — language preference (1 year)
  • cookie_consent — your cookie consent choice (1 year)

With your consent, we enable Sentry (error monitoring) and Vercel Analytics (cookieless, anonymous page-view statistics). Vercel Analytics does not collect personal data and does not require consent.

8. Contact

Questions about this policy? Contact us at support@akunta.se.