Privacy Policy

This Privacy Policy describes how Ordinal ("we," "us," or "our"), a product owned and operated by Studio Kantala AB, collects, uses, and protects your personal data when you use our accounting software as a service (SaaS) platform.

Ordinal is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Swedish data protection laws.

We process your personal data based on:

• Contract Performance: To provide our accounting services to you (GDPR Art. 6(1)(b))
• Legal Obligation: To comply with accounting, tax, and financial regulations (GDPR Art. 6(1)(c))
• Legitimate Interest: To improve our services, prevent fraud, and ensure security (GDPR Art. 6(1)(f))
• Consent: For marketing communications and optional features (GDPR Art. 6(1)(a))

We use your personal data to:

• Provide and maintain our accounting software services
• Process your transactions and generate financial reports
• Comply with legal and regulatory requirements
• Provide customer support
• Send service-related notifications
• Improve and develop our services
• Detect and prevent fraud and security threats
• Send marketing communications (with your consent)

Your data is primarily stored and processed within the EU/EEA. If we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the EU Commission
• Other GDPR-compliant transfer mechanisms

We retain your personal data for as long as:

• You maintain an active account with us
• Required by Swedish accounting laws (generally 7 years for financial records)
• Necessary to comply with legal obligations
• Needed to resolve disputes or enforce our agreements

After the retention period, we securely delete or anonymize your data.

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Restriction: Limit how we process your data
• Data Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for marketing communications at any time
• Lodge a Complaint: File a complaint with the Swedish Authority for Privacy Protection (IMY - Integritetsskyddsmyndigheten)

To exercise these rights, contact us at info@ordinal.sh.

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Employee training on data protection
• Regular backups and disaster recovery procedures
• Monitoring for security threats

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

We use cookies and similar technologies to:

• Maintain your session and keep you logged in
• Remember your preferences
• Analyze usage patterns and improve our services
• Provide targeted advertising (with consent)

You can manage cookie preferences through your browser settings. For more information, see our Cookie Policy.

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification
• Displaying a prominent notice in our application

Your continued use of our services after such changes constitutes acceptance of the updated policy.

For questions, concerns, or to exercise your rights, contact us at:

This Privacy Policy is provided in English. In case of any discrepancy between the English version and any translation, the English version shall prevail, except where local law requires otherwise.