Privacy Policy

Last updated: June 2026

This policy explains what personal data AutoAI collects, why, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Swedish Data Protection Act.

1. Who is responsible for your data (Data Controller)

The data controller is Marcus Engström, established in Sweden (EU).
For any privacy question or to exercise your rights, contact: [email protected].

2. What we collect and why

Data	Purpose	Legal basis (GDPR Art. 6)
Email address (waitlist / account / checkout)	To contact you, create your account, and deliver the service you requested	Consent (waitlist) / Contract (account & purchases)
Approximate country & browser type (user-agent)	Security, fraud prevention, and basic service statistics	Legitimate interest
Payment details	To process purchases. Handled directly by Stripe; we never see or store your card number	Contract
Content you submit to AI tools	To generate the output you request	Contract
First-party usage events (page/funnel)	To understand how the site is used	Legitimate interest

3. Cookies and local storage

AutoAI does not use third-party advertising or tracking cookies. We use your browser's local storage only to remember your session and preferences so the app works. Our usage analytics are first-party and contain no third-party trackers (no Google Analytics, no Facebook Pixel). Because we set no non-essential trackers, no cookie-consent banner is required — but this notice keeps you informed.

4. Who we share data with

We do not sell your personal data. We share it only with processors that run the service on our behalf:

Cloudflare — hosting and storage (data may be processed in the EU and elsewhere under standard contractual clauses).
Stripe — payment processing.

5. How long we keep it

Waitlist emails are kept until you ask us to remove them or the waitlist closes. Account and purchase records are kept for the life of your account plus the period required by Swedish accounting law (up to 7 years for transaction records). You can request earlier deletion of anything not legally required.

6. Your rights

Under the GDPR you have the right to access, correct, delete ("right to be forgotten"), restrict, or object to our use of your data, and to receive a copy of it (data portability). Where we rely on consent, you can withdraw it at any time. To exercise any right, email [email protected] — we respond within 30 days.

You also have the right to lodge a complaint with the Swedish supervisory authority, Integritetsskyddsmyndigheten (IMY).

7. Changes

We may update this policy; the "last updated" date above will change. Material changes will be highlighted on the site.

Data controller: Marcus Engström (Sweden) · [email protected]