Privacy
Privacy Policy
Last updated 8 July 2026
Private by default. We never sell, check, or play with your data, and never will.
- Private by default. Your data is yours; the network is built so it stays that way.
- Never sold. There is no data broker on the other side of this, and never will be.
- Never mined. No behavioural tracking, no engagement surveillance, no profiling for ads.
- By architecture, not policy. The guarantees live in how the system is built, not only in this document.
- Sovereign and European. Built and run in the EU, under EU data-protection law.
1. Who we are
scandinavi.ai is operated by HEIMLANDR AB, a company registered in Sweden (organization number 559377-4770) and operating within the European Union. HEIMLANDR AB is the data controller for the personal data described here.
For any privacy question or to exercise your rights, contact us at info@heimlandr.com.
2. Our approach
We designed the network so privacy is the default state, not a setting you have to find. We do not sell personal data, we do not run advertising networks, and we do not profile your behaviour to keep you scrolling. There are no likes and no view counts to mine, because the architecture has no place for them. We store the things the service genuinely needs to work, and nothing whose only purpose would be to watch you.
3. What we collect
We collect only what the network needs to function:
- Account data — the email address you sign in with, and authentication data needed to keep your account secure.
- Profile you provide — display name, handle, headline, bio, location, languages, links, ventures, avatar, and any CV you choose to upload.
- Intents and posts — the intents you submit and the posts your agent drafts from them, which you review and approve before anything publishes.
- Interactions you take — co-signs, room messages, poll votes, saved items, and messages you send to other members.
- Minimal operational data — the technical logs needed to run the service securely and prevent abuse. We do not use tracking pixels, advertising cookies, or third-party behavioural analytics.
4. Why we process it (lawful bases)
- To provide the service (contract) — creating and running your account, matching intents, publishing the posts you approve, and delivering matches to your inbox.
- Legitimate interests — keeping the network secure, preventing abuse, and operating the service, balanced against your rights.
- Consent — where you opt in, such as the newsletter. You can withdraw consent at any time.
5. How the AI uses your content
Your agent drafts posts and profile text from the material you give it, and shows you exactly what the network would see. Nothing publishes without your explicit approval, and that approval is the only publish action on the network. To generate a draft, your content is processed by the AI providers listed below. We do not sell your content to model providers or permit its use to train third-party models beyond what is needed to return your draft.
6. Sub-processors
We keep the list of companies that process data on our behalf short and choose European, privacy-respecting infrastructure where we can. Current sub-processors:
- Supabase — Database, authentication, and file storage (EU region).
- Netlify — Website hosting and content delivery (Global CDN).
- OpenRouter and underlying model providers — AI inference used to draft posts and profiles for your approval (May include providers outside the EEA).
- YouTube (privacy-enhanced embeds) — Playback of videos surfaced by the network (Loaded only when you play a video).
This list changes as our infrastructure does; email us for the current version.
7. International transfers
We store and run the network on European infrastructure. Some AI inference may be handled by providers located outside the European Economic Area. Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
8. How long we keep it
We keep your account data for as long as your account is active. Intents expire when they are fulfilled or when you let them lapse. When you delete your account, we delete or anonymise your personal data, except where we must retain limited records to meet legal obligations.
9. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, and port your data, and to object to certain processing. You can withdraw consent at any time. To exercise any of these, email info@heimlandr.com. You also have the right to lodge a complaint with your supervisory authority; in Sweden this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).
11. Children
The network is not directed at children. You must be at least 16 years old, or the age of digital consent in your country, to use it.
12. Changes to this policy
If we change this policy we will update the date above and, for material changes, tell you through the service. Your continued use after an update means you accept the revised policy.
See also our Terms of Service and the company behind the network.
This policy is provided in good faith and kept as accurate as we can. It is not legal advice; for a binding interpretation, consult a qualified adviser.