Privacy Policy

Shanova AB · Org. nr: 559193-0069 · Stockholm, Sweden · Last updated: May 2026

Shanova AB ("Shanova", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and applicable Swedish law.

1. Who We Are

Shanova AB is a Swedish limited company registered in Stockholm, Sweden. We are the data controller for personal data collected through this website (shanova.se) and our AI products (Pathways, Forge, Evvio, Fable).

Contact: [email protected]

2. Data We Collect

We may collect the following categories of personal data:

Contact data — name and email address when you submit our contact form or reach out by email.
Usage data — pages visited, time spent, and browser/device information collected via cookies and similar technologies (only with your consent).
Communications — content of messages you send us.

We do not collect sensitive personal data (e.g. health, financial, or biometric data) through this website.

3. How We Use Your Data

To respond to your enquiries and provide our consulting services.
To improve and maintain this website.
To fulfil legal obligations.

We rely on the following legal bases under GDPR Article 6: legitimate interest (responding to enquiries), consent (analytics cookies), and legal obligation where applicable.

4. Cookies

We use cookies to remember your preferences (e.g. cookie consent choice). We only place non-essential cookies (such as analytics) after you explicitly accept via the cookie banner on this site.

You can withdraw consent at any time by clearing your browser's local storage or cookies for shanova.se.

5. Data Sharing

We do not sell your personal data. We may share data with:

Trusted service providers who process data on our behalf (e.g. hosting, email), bound by data processing agreements.
Authorities where required by law.

6. Data Retention

We retain contact enquiry data for up to 24 months, after which it is deleted unless required for ongoing business or legal purposes.

7. Your Rights

Under GDPR you have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request erasure ("right to be forgotten").
Object to or restrict processing.
Data portability.
Withdraw consent at any time (without affecting the lawfulness of prior processing).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.

8. Data Security

We apply appropriate technical and organisational security measures to protect your data against unauthorised access, loss, or disclosure — consistent with our enterprise security expertise.

9. International Transfers

Where data is transferred outside the EEA (e.g. to cloud service providers), we ensure adequate safeguards are in place such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top of this page reflects when changes were last made. Continued use of our website after changes constitutes acceptance of the updated policy.

Questions?

If you have any questions about this Privacy Policy or how we handle your data, please reach out at [email protected].