Last updated: 2026-04-12
For municipal IT-security managers and procurement officers: see also Security page for technical security information (encryption, secrets management, incident response, compliance status).
For municipal procurement officers: see also Data protection and subprocessors for operational GDPR detail (subprocessor list, retention per collection, DPIA-light), and the DPA template for a data processing agreement.
Data controller
Data controller: Markus Reimer. Contact: info@skolkoll.se
What data do we collect?
User accounts
If you create an account on Skolkoll, we store the following in our database (Firebase/Firestore, EU region europe-west1):
- Email address and display name — for login and identification in the portal.
- Login method — which social login (Google, Microsoft, etc.) or email/password you use.
- Organisation membership — if you belong to an organisation, we store which organisation and your role (administrator/user).
- Timestamps — when the account was created.
Legal basis: Contract (GDPR Art. 6(1)(b)) — the data is necessary to provide the service.
Retention: Data is stored for as long as the account exists. When an account is deleted, your personal data is removed from our database.
Organisation data
If you create or join an organisation, the following may be stored:
- Organisation name and registration number — public information for identification.
- Billing details — contact person, phone, address, email and reference/PO number for invoicing.
- Customer number (SK-NNNNN) — system-generated for invoice management.
Legal basis: Contract (GDPR Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f)) — necessary for contract management and invoicing.
Payments
Payments are handled by Stripe. We do not store card details — these are handled entirely by Stripe in accordance with PCI DSS. We store transaction IDs and payment status to link payments to the correct organisation.
Retention: Payment history is stored for 7 years in accordance with Swedish bookkeeping legislation (BFL).
Error monitoring
We use Sentry to detect and fix technical errors. Sentry may collect:
- Error messages and stack traces (no personal data)
- Browser, operating system and IP address (anonymised)
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) — necessary to maintain the service's functionality.
Cookies and analytics
If you consent via our consent banner, we use Google Analytics 4 for anonymous visitor statistics. GA4 collects:
- Which pages are visited and for how long
- Device type, browser and screen size
- Approximate geographic location (based on anonymised IP address)
We have enabled IP anonymisation (anonymize_ip) so that your full IP address is never stored by Google. No data is sold or shared with third parties beyond Google as data processor.
Retention period: GA4 data is stored for 14 months and then automatically deleted by Google.
If you choose "Only necessary" in the consent banner, Google Analytics is not loaded at all.
Third-country transfers
Google Analytics may involve data being transferred to and processed in the USA. Google applies EU Standard Contractual Clauses (SCC) as the legal basis for such transfers. More information is available in Google's privacy policy.
Resend (email provider for school watching) is a US-based company and may process email addresses in the USA. Resend applies EU Standard Contractual Clauses (SCC).
Stripe (payment provider for Pro services) is a US-based company. Card details are handled entirely by Stripe in accordance with PCI DSS. Stripe applies EU Standard Contractual Clauses (SCC). More information in Stripe's privacy policy.
Sentry (error monitoring) is a US-based company that may receive technical error information (anonymised IP, browser info). Sentry applies EU Standard Contractual Clauses (SCC).
Anthropic (AI assistant) is a US-based company. Chat messages sent via Kollen are processed by Anthropic to generate responses. Anthropic applies EU Standard Contractual Clauses (SCC). Processing is governed by Anthropic's Data Processing Agreement (DPA) included in their API terms of service. Anthropic may retain message content for up to 30 days for trust and safety purposes, in accordance with their API terms. Messages are not permanently stored by Skolkoll. More information in Anthropic's privacy policy.
Other third-party services (Nominatim, ResRobot, Skolverket API) process data within the EU/EEA. D3.js and Leaflet are loaded from CDN servers (unpkg.com) that may have servers outside the EU.
Email for school watching
If you choose to watch a school, you provide your email address. The following is stored in our database (Firestore):
- Email address — used to send notifications. Deleted when you unsubscribe.
- SHA-256 hash of your email — used to look up your existing watches without exposing your email in database queries.
- School unit code and name — which school you are watching.
- Timestamps — when the watch was created, confirmed and last notified.
Legal basis: Consent (GDPR Art. 6(1)(a)) via double opt-in. You confirm your watch through a link sent to your email.
Retention: Your data is stored for as long as the watch is active. If you unsubscribe via the link in any notification email, the watch is marked inactive and your email address is deleted.
What triggers notifications: You receive an email when merit score changes by more than 5 points, gymnasium eligibility changes by more than 5 percentage points, pupil count changes by more than 20%, or the School Inspectorate issues a new decision about the school.
How to unsubscribe: Every notification email contains an unsubscribe link. You can also contact us at info@skolkoll.se.
Local storage (localStorage)
The following data may be stored locally in your browser:
- Consent (
skolkoll_consent) — your choice in the consent banner (accepted/declined) - Home address (
skolnav_home_location) — if you use the commuting feature, coordinates for your home address are stored locally. When you calculate travel times, the coordinates may be sent to ResRobot via our server as the start point for the trip suggestion. You can delete this by clearing the field in settings or clearing your browser's local storage. - Paywall attribution (
skolkoll_paywall_ab_v1) — if you have accepted analytics consent, we store which paywall variant you saw so we can measure conversion between school-page CTAs and trial starts in analytics events. Click attribution (skolkoll_paywall_last_click) is stored only in sessionStorage and cleared when the browser session ends.
The AI chat also stores conversation and consent in sessionStorage (automatically deleted when the browser tab is closed): skolkoll_ai_consent, skolkoll_ai_chat, skolkoll_ai_context. Paywall click attribution is also stored in sessionStorage under skolkoll_paywall_last_click after accepted analytics consent.
AI assistant (Kollen)
Kollen is not specifically directed at children under 13.
Skolkoll offers an AI-powered chat ("Kollen") that answers questions about school statistics. If you choose to use Kollen, the following applies:
- Consent — the first time you open the chat, a consent prompt is displayed. Consent is stored in
sessionStorageand applies to the current browser session. - Message processing — your chat messages are sent to Anthropic (USA) via their Claude API to generate responses. Messages are not permanently stored by Skolkoll — they are forwarded in real time and only temporarily stored during your session in the browser's
sessionStorage. - Screening — each question is first sent to Anthropic's Claude Haiku model for relevance classification (on-topic/off-topic). Irrelevant questions are filtered out without being answered.
- Audit log — for each AI call, the following is logged: SHA-256 hash of your IP address (16 characters), length of the question and response (not content), school context code, status and timestamp. The log is stored for 90 days and then automatically deleted. Audit log entries are pseudonymised and automatically deleted after 90 days. You can request immediate deletion via info@skolkoll.se.
- Rate limiting — a hash of your IP address is stored for 48 hours for the daily limit (a limited number of questions per day), and for up to 2 hours for short-term burst limiting (max requests per hour).
Legal basis: Consent (GDPR Art. 6(1)(a)) — you accept the terms before using the chat. The consent prompt informs you of your right to withdraw consent.
Data processor: Anthropic PBC (San Francisco, USA) — the AI model that generates responses. Anthropic processes messages as a sub-processor. Transfer to the USA is supported by EU Standard Contractual Clauses (SCC).
Withdraw consent: Close the browser tab to delete session consent. You can also click "Withdraw AI consent" in the chat to immediately revoke consent.
Third-party services
The following services are contacted from your browser in specific situations:
| Service | When | Data sent |
|---|---|---|
| Google Analytics 4 | Page view (requires consent) | Anonymised IP, page views, device info |
| Nominatim (OpenStreetMap) | "Near me" or home address | Your address query for geocoding |
| ResRobot (Trafiklab) | Commuting tab in school view | Coordinates for start/destination (via our server) |
| JobEd Connect (JobTech) | Career tab in school view | Education text for occupational matching |
| Skolverket API | School view (surveys, documents) | School unit code (no personal data) |
| D3.js / Leaflet (CDN) | Map and statistics pages | IP address when downloading scripts |
| Resend | School watching (confirmation and notification emails) | Email address (via our server) |
| Firebase / Google Cloud | User accounts and database | Account data, organisation data (EU region) |
| Stripe | Payment for Pro services | Email, organisation name, card details (handled by Stripe) |
| Sentry | Automatically on technical errors | Error messages, browser info, anonymised IP |
| Anthropic (Claude API) | AI chat (Kollen) — requires consent | Chat messages, school context (via our server) |
Nominatim, ResRobot and JobEd Connect are contacted only when you actively use a feature that requires them — they are never loaded automatically.
Fonts
We use the typefaces Literata and Sora, which are self-hosted on our server. No requests are sent to Google Fonts or other font providers.
School data and public information
All school data shown on Skolkoll is public information from Skolverket, SCB, Bolagsverket and Skolinspektionen.
Personal data about school staff
In a school's detail view, the following personal data may be displayed:
- Principal's name — from Skolverket's public school unit register
- School contact details (email and phone number) — fetched in real time from Skolverket's API and not stored by Skolkoll
The principal's name is public information published by Skolverket in their school unit register. Our legal basis for displaying this is legitimate interest (GDPR Art. 6(1)(f)) — the information is already publicly available and there is a public interest in transparency regarding school leadership.
We publish no personal data about pupils, teachers or other school staff beyond the above.
Balancing test
We have conducted a balancing test under GDPR Art. 6(1)(f):
- Legitimate interest: The public's interest in transparency about who leads publicly funded schools
- Source: Data is obtained exclusively from Skolverket's open API — we do not collect data independently
- Limitation: Only the principal's name is displayed. We do not publish personal contact details, home address or other private information about school staff
- Right to object: If you are a named principal and object to your name being displayed, contact us and we will remove it for your school
Embeddable widgets
Skolkoll offers embeddable widgets (/widget/skola/{slug}/ and /widget/kommun/{slug}/) that can be used on external websites. We do not restrict which domains may embed them — they are openly available and designed to support transparency around school data.
Attribution is preserved through the widget footer, which links back to Skolkoll. If you observe misuse (e.g. phishing sites embedding our widgets to gain credibility), contact us at info@skolkoll.se and we will assess the need for additional measures.
Your rights
Under GDPR, you have the right to:
- Decline consent — choose "Only necessary" in the consent banner
- Withdraw consent — go to Settings and click "Revoke cookie consent", or clear your browser's local storage. For the AI chat: click "Withdraw AI consent" in the chat window, or close the browser tab.
- Delete data — you can delete your account under account settings. All personal data (profile, memberships, watches) will be deleted. Organisation data and billing history are retained if other members remain. Locally stored data (home address, consent and paywall attribution) is deleted by clearing your browser's localStorage. AI chat data (conversation) and paywall click attribution in sessionStorage are deleted when you close the browser tab. Audit log entries are automatically deleted after 90 days.
- Object to processing — if you are a named principal and do not want your name displayed, contact us at info@skolkoll.se and we will remove it
- Right of access — you have the right to request a copy of your personal data. Contact us at info@skolkoll.se
- Data portability — you have the right to receive your personal data in a structured, machine-readable format
- Restrict processing — you have the right to request restriction of processing of your personal data under certain circumstances
- Lodge a complaint — you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY), imy.se
Changes
We may update this policy as needed. The latest version is always available on this page.