Privacy Policy

Last updated: April 2026

Data controller

Nordan AI AB (org.nr 559552-2524)
Kungsgatan 8, 111 43 Stockholm, Sweden
hello@nordan.ai

This policy describes how we collect, use, and protect your personal data when you use our website and services at nordan.ai.

What we collect and why

We process personal data for the following purposes:

Process analyzer (AI quiz)

Data: Workflow descriptions, quiz responses, and generated analysis results.

Purpose: To generate a personalized AI readiness analysis based on your input.

Legal basis: Consent (Art. 6(1)(a) GDPR). You provide consent by choosing to submit your workflow for analysis.

Retention: 24 months from submission. Browser-stored data is controlled by you.

Contact and demo requests

Data: First and last name, business email, job title, company or institution, country, and the project context you provide in your message.

Purpose: To respond to your inquiry and arrange a demo or introductory call.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) in responding to inquiries directed to us and pre-contractual steps at your request (Art. 6(1)(b) GDPR).

Retention: 24 months from last correspondence.

Marketing communications (opt-in)

Data: Your name, business email, and organization — only if you tick the “product updates” box on our demo form.

Purpose: To send occasional product updates and research from Nordan AI.

Legal basis: Consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time by clicking “unsubscribe” in any email or by emailing us.

Retention: Until you withdraw consent.

Aggregate website analytics

Data: Page views, referrer, approximate location, device type, and a daily-rotating hash derived from IP and user-agent. We do not store raw IP addresses or build user-level profiles.

Purpose: To understand aggregate site usage and improve the site.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) in measuring site performance using privacy-preserving, cookieless analytics.

Retention: Aggregated indefinitely; the daily hash is not retained beyond the day it was generated.

Providing your data is voluntary. If you choose not to, you will not be able to use the process analyzer or contact us through the website.

AI processing

Our process analyzer uses third-party AI language models to evaluate your workflow description and generate recommendations. When you submit a workflow:

  • Your input is sent to third-party AI providers for processing.
  • The AI generates follow-up questions, scores, and recommendations based on your responses.
  • This constitutes automated processing, but no decisions with legal or similarly significant effects are made solely on this basis. The output is informational only.
  • We select providers with data protection practices that align with our obligations under the GDPR. We do not use your data for model training, and we require that our providers do not either.

Third-party processors

We share personal data with the following categories of service providers, solely to deliver our services:

  • AI inference providers — to process and analyze your workflow descriptions.
  • Cloud database providers — to store your quiz results so you can access them later.
  • Email delivery providers — to send transactional emails related to your inquiries.
  • Hosting providers — to serve the website and run our backend services.

Data processing agreements are in place with all processors. We do not sell or share your data for marketing purposes.

International data transfers

Some of our service providers are located outside the EU/EEA, including in the United States. Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs), in accordance with Chapter V of the GDPR.

Data storage

Quiz data is primarily stored in your browser's local storage, which you control. A copy may also be stored in our cloud database to ensure you can access your results across sessions. Database records are automatically deleted after 24 months.

Data security

We implement appropriate technical and organizational measures to protect your personal data, including encrypted data transmission (TLS), access controls, and secure infrastructure provided by established cloud providers.

Your rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Withdraw your consent at any time (without affecting the lawfulness of processing before withdrawal)
  • Object to or restrict processing of your data
  • Request a portable copy of your data
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at hello@nordan.ai.

Supervisory authority

You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):

IMY — Box 8114, 104 20 Stockholm, Sweden
imy.se

Cookies and tracking

This website does not set cookies, use tracking pixels, or fingerprint your device. We use Vercel Analytics, a cookieless analytics service that does not store any information on your device and does not build cross-site profiles. Because no data is stored on your device and no personal identifiers are created, no consent banner is required under the EU ePrivacy Directive.

The AI Process Analyzer uses your browser's local storage to persist your quiz state so you can return to your results. This storage is strictly necessary for the feature you chose to use and is controlled by you — you can clear it at any time from your browser settings.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated by updating the date at the top of this page. We encourage you to review this policy periodically.

Contact

For questions about this policy or how we handle your data, contact us at hello@nordan.ai.