Privacy Policy
Who we are
Gandalfur Inc. (Org. No: 559385-3046) is a Swedish company based in Östergötland, Sweden. We are the data controller responsible for personal data processed in connection with this website and our applications.
What we collect and why
This website
Gandalfur.com is a marketing website. We do not operate user accounts, subscriptions, or forms that collect personal information. However, our infrastructure provider, Cloudflare, processes technical data — including IP addresses, request metadata, and device information — as part of delivering and protecting the website. This is inherent to how internet infrastructure works. See Cloudflare's Privacy Policy for details.
When you contact us
When you email us at hello [at] gandalfur.com or legal [at] gandalfur.com, we receive whatever information you include in that correspondence. We use it solely to respond to you. We may use third-party services to assist with handling enquiries and operational tasks; these services process data only for the purposes we specify and are contractually bound not to share or sell it.
Our apps
Each Gandalfur app has its own data practices depending on its features. Apps that operate fully offline and require no account collect no personal data. Where an app does collect data — for example, crash reports or, where applicable, usage analytics — this is disclosed in that app's App Store listing and within the app itself. Apple processes App Store transactions and handles all payment data; we do not receive your payment details.
What we do not collect
- We do not operate accounts on this website
- We do not collect payment information directly — all purchases go through the Apple App Store
- We do not use advertising networks or sell your data to any third party
- We do not collect biometric data, government ID numbers, or precise geolocation
Service providers
We work with a small number of third-party providers to operate our services. Where they process personal data on our behalf, they do so only for the purposes we define and are contractually bound to protect that data.
Cloudflare — website infrastructure, DDoS protection, content delivery. Data may be processed in the United States and the European Union. Cloudflare Privacy Policy.
Apple — App Store distribution and payment processing for all app purchases. Apple Privacy Policy.
We may use additional providers for operational purposes. These providers do not receive your data for their own use.
Legal requirements and business transfers
We may disclose information where required by law, court order, or to protect the rights, property, or safety of Gandalfur Inc. or others. If Gandalfur Inc. is acquired or merged, your data may be transferred to the successor entity, which will remain bound by the terms of this policy or will notify you of any material changes.
Security
We implement appropriate technical and organisational measures to protect personal data. No system is completely secure, and we cannot guarantee absolute protection. You are responsible for keeping any account credentials confidential.
Children
Our apps are not directed at children under 13. We do not knowingly collect personal data from children under 13.
International transfers
As a Swedish company subject to GDPR directly, we handle data within the European Union where possible. Where data is transferred outside the EU — for example, through Cloudflare's global infrastructure — we rely on appropriate safeguards, including the EU-US Data Privacy Framework and Standard Contractual Clauses where applicable.
Your rights under GDPR
If you are located in the European Union or European Economic Area, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data, subject to legal retention requirements
- Restriction — request that we limit how we use your data
- Portability — request your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Complaint — lodge a complaint with a supervisory authority
To exercise any of these rights, contact legal [at] gandalfur.com. We will respond within the timeframes required by applicable law.
Swedish users may also contact the Swedish data protection authority:
Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm, Sweden
imy.se
Changes to this policy
We may update this policy to reflect changes in our practices or legal obligations. The version number and date at the top of this page indicate the current version. Material changes will be communicated through appropriate channels.
Contact
Gandalfur Inc.Org. No: 559385-3046
Östergötland, Sweden
legal [at] gandalfur.com