KerrOS

GDPR Compliance

Our Commitment

KerrOS is a Swedish company. GDPR isn't a checkbox for us — it's how we operate. We apply GDPR-level protections to all users regardless of location. Your data rights don't depend on where you live.

The Six Principles

Everything we do with personal data is guided by the six core principles of the GDPR.

Lawfulness, Fairness, and Transparency

We always have a legal basis for processing your data. We tell you what we collect and why — no hidden agendas, no surprises.

Purpose Limitation

We collect data for specific, stated purposes only. We don't repurpose your data without telling you.

Data Minimization

We only collect what we need. If we don't need it, we don't ask for it.

Accuracy

We keep your data accurate and up to date. You can correct your information at any time.

Storage Limitation

We don't keep your data longer than necessary. See our Privacy Policy for specific retention periods.

Integrity and Confidentiality

We protect your data with strong technical and organizational measures to ensure its security and confidentiality.

Your Rights

Under the GDPR, you have comprehensive rights over your personal data. We respond within 30 days — complex requests may take up to 60 days with notice. All rights are free to exercise.

RightWhat It MeansHow to Exercise
AccessSee all personal data we hold about youAccount Settings or privacy+v20260325@kerros.com
RectificationFix incorrect dataAccount Settings or privacy+v20260325@kerros.com
ErasureDelete your personal dataAccount Settings > Delete Account or privacy+v20260325@kerros.com
RestrictionLimit how we process your dataEmail privacy+v20260325@kerros.com
PortabilityGet your data in a structured, machine-readable formatAccount Settings > Export Data
ObjectObject to processing based on legitimate interestEmail privacy+v20260325@kerros.com
Withdraw ConsentRevoke consent at any time without affecting prior processingAccount Settings > Privacy
Automated DecisionsNot be subject to solely automated decisionsWe don't make automated decisions with legal effects
ComplainFile a complaint with a supervisory authorityIMY (imy.se) or your local authority

How We Protect Your Data

  • Encryption at rest: AES-256 for all stored data
  • Encryption in transit: TLS 1.2+ for all connections
  • Application-layer encryption: Additional encryption for secrets and sensitive credentials
  • Minimum privilege: Access to data is restricted to what is strictly necessary

We are a small team. We don't claim to have enterprise-scale security processes — but we design our systems with security and privacy as core principles, and we scale our practices as we grow.

Data Processing

All sub-processors are bound by Data Processing Agreements (DPAs) that meet GDPR requirements. See our Privacy Policy and Data Processing Agreement for full details.

When we add a new sub-processor, we provide 30 days notice. You can object during that period. If we can't resolve your concern, you can terminate.

For international data transfers, we rely on the EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (SCCs), and supplementary technical measures to ensure your data is protected regardless of where it is processed.

Privacy Contact

For questions about how we handle your data, contact us at privacy+v20260325@kerros.com.

Your Right to Complain

If you believe we are not handling your personal data correctly, you have the right to file a complaint with a supervisory authority. Since KerrOS Sweden AB is registered in Sweden, the relevant authority is:

Integritetsskyddsmyndigheten (IMY)

The Swedish Authority for Privacy Protection

imy.se

If you are in another EU/EEA country, you can also contact your local data protection authority.

Breach Notification

In the event of a personal data breach that poses a risk to your rights, we notify the relevant supervisory authority within 72 hours (as required by GDPR Article 33) and affected users without undue delay. Our notification includes:

  • What happened: Nature of the breach
  • What data was affected: Categories and approximate scope
  • Our response: Measures taken to address and mitigate the breach
  • What you can do: Recommendations to protect yourself

KerrOS Sweden AB

Org. nr 559501-8960

Stockholm, Sweden

Postal address: Kivra: 559501-8960, 106 31 Stockholm

Last updated: March 30, 2026