Snaelda

Legal

Privacy Policy

Last updated: 1 June 2026

This policy explains what personal data Snaelda collects, why we collect it, and what rights you have under the General Data Protection Regulation (GDPR) and Swedish data protection law.

1. Who is the controller

The controller of your personal data is Mosi hub AB, organisation number 559577-7888, registered at Vallstigen 4, 431 69 Mölndal, Sweden ("Snaelda", "we", "us").

For any privacy question, contact us at privacy@snaelda.io.

2. Personal data we process

Depending on how you use the Service, we may process:

  • Account data: email address, password hash, display name, recovery key, workspace identifiers.
  • Content you create: prompts, site drafts, edits, uploaded media, published site content. This may include personal data about you or others if you choose to include it.
  • Published-site and form data: content displayed on your published sites, form submissions sent through your sites, and basic page-view data for site analytics.
  • Billing data: subscription plan, billing email, invoice history, country, and the last four digits of your card. Full card numbers are handled by Stripe and never touch our servers.
  • Usage and technical data: IP address, device and browser type, language, pages visited, actions taken, timestamps, and error logs.
  • Support communications: the content of emails or messages you send us.

Please do not submit sensitive personal data, credentials, confidential secrets, medical information, financial account details, or other regulated information unless you have a lawful basis and all required rights to do so.

3. Customer sites and visitor data

For personal data in the content, forms, and visitor interactions on a site you create with Snaelda, you are normally the controller and Snaelda acts as your service provider or processor. This means you are responsible for having a lawful basis, privacy notice, and any required consents for the people whose data you collect through your site.

Snaelda remains the controller for account administration, billing, security, platform logs, product emails, and other data we process for our own business and legal purposes.

4. Why we use your data, and the legal basis

  • To provide the Service (drafting, editing, publishing, hosting your site, handling logins and recovery) — performance of a contract (Art. 6(1)(b) GDPR).
  • To process payments via Stripe and manage subscriptions — performance of a contract and legal obligation (Art. 6(1)(b) and (c) GDPR).
  • To generate AI drafts by sending your prompts and related context to our AI provider (OpenAI) — performance of a contract (Art. 6(1)(b) GDPR).
  • To handle published-site forms and basic site analytics for your workspace — performance of a contract (Art. 6(1)(b) GDPR) and, where we protect the platform against abuse, legitimate interest (Art. 6(1)(f) GDPR).
  • To keep the Service secure and abuse-free (rate limiting, fraud detection, log retention) — our legitimate interest in protecting users and our systems (Art. 6(1)(f) GDPR).
  • To comply with legal obligations such as bookkeeping, tax, and responding to lawful requests — Art. 6(1)(c) GDPR.
  • To send product and service emails (transactional messages, important changes) — legitimate interest and contract. For marketing emails we rely on your consent, which you can withdraw at any time (Art. 6(1)(a) GDPR).

5. Sharing and subprocessors

We do not sell your personal data. We share it only with service providers that help us run Snaelda, under contracts that protect your data. Our main subprocessors are:

  • Stripe Payments Europe, Ltd. — payment processing (Ireland / EU, with safeguards for any non-EU transfer).
  • OpenAI Ireland Ltd. / OpenAI, L.L.C. — AI text and image generation. Prompts and related context are sent to OpenAI to produce drafts and suggestions.
  • Resend — transactional email delivery, such as login links, billing notices, and account messages, when production email is enabled.
  • Infrastructure and storage providers — hosting, database, and S3-compatible object storage used to run the Service, store assets, and deliver published sites.
  • Imagery providers such as Pexels — starter image search and downloads where you use image suggestions.

Snaelda's built-in site analytics are first-party and intentionally lightweight. If we add third-party analytics or error-monitoring tools that process personal data, we will update this policy.

We may also disclose personal data when required by law, court order, or to protect the rights, property, or safety of Snaelda, our users, or others.

6. International transfers

Some of our subprocessors are located outside the European Economic Area (EEA), for example in the United States. When we transfer personal data outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, or on an adequacy decision where one applies.

7. How long we keep your data

  • Account and content: for as long as your account is active. When you delete your account, we delete or anonymise your personal data within 90 days, except where we need to keep it longer for legal reasons.
  • Billing records: kept for seven (7) years to comply with Swedish bookkeeping law (Bokföringslagen).
  • Security and access logs: typically up to 12 months.
  • Backups: kept in a short rolling window, normally no more than 30 days where under our control, after which deletions propagate.

8. Your rights under the GDPR

You have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased where we no longer have a lawful basis to keep it;
  • restrict or object to certain processing;
  • receive a machine-readable copy of data you provided to us (portability);
  • withdraw any consent you have given, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, email privacy@snaelda.io. We may need to verify your identity before we act on a request.

You also have the right to lodge a complaint with the Swedish data protection authority, Integritetsskyddsmyndigheten (IMY), imy.se, or with the supervisory authority of your country of residence.

9. Cookies and similar technologies

We use a small number of strictly necessary cookies (and equivalent local storage) to keep you signed in, remember your colour-mode preference, and protect against abuse. These do not require consent under EU rules.

You can block or delete cookies in your browser settings. If you block strictly necessary cookies, login, billing, editing, publishing, or security features may stop working.

If we later add analytics or marketing cookies that require consent, we will ask for your consent first through a cookie banner and give you a way to change your choice.

10. Security

We take reasonable technical and organisational measures to protect your data, including encryption in transit, restricted internal access, and secure password storage. No system is completely secure, so we cannot guarantee absolute security. If we become aware of a personal data breach affecting you, we will notify you and the relevant authority as required by law.

11. Children

Snaelda is not directed to children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this policy

We may update this policy as the Service evolves. If we make material changes, we will notify you through the Service or by email before they take effect. The "Last updated" date at the top tells you when the current version was published.

13. Contact

Privacy questions: privacy@snaelda.io
Postal address: Vallstigen 4, 431 69 Mölndal, Sweden