Privacy Policy

Data controller

Knipsa is operated by MixVision Scandinavia AB, company registration number 559352-5685, Prästgatan 39, 774 35 Avesta, Sweden. MixVision Scandinavia AB is the data controller for the processing described in this policy unless expressly stated otherwise.

What data we process

The exact data we process depends on how you use the service. We do not intentionally process more data than is reasonably necessary to provide, secure, and administer Knipsa.

• account and authentication data, such as name, email address, and sign-in related information
• organization and billing data, such as company affiliation, subscription plan, and payment status
• materials submitted by you or your organization, such as receipt originals, extracted receipt data, references, and related bookkeeping information
• integration data from connected services, such as Fortnox connection status, token metadata, and sync-related events
• support and communications data, such as tickets, messages, responses, and operational logs related to support handling
• technical and security data, such as IP address, device information, usage logs, error events, and audit records

How we collect data

We collect data directly from you, from your organization, through your use of the service, and from services that you choose to connect to Knipsa.

• when you register, sign in, update settings, or contact us
• when you or your organization upload or forward receipts and related materials to Knipsa
• when you connect Fortnox or other payment or billing flows required for the service
• when payments are processed through our payment provider Stripe, where card payments or subscriptions are used

Why we process personal data

We process personal data to provide the service, perform our contract, handle support, maintain security, comply with law, and improve Knipsa.

• to create and administer accounts and permissions
• to receive, validate, process, store, and sync submitted materials within the service
• to establish and administer the Fortnox integration
• to manage subscriptions, payments, invoicing, top-ups, and related billing administration
• to prevent misuse, fraud, unauthorized access, and service disruption
• to communicate about operations, support, contracts, security, and product changes
• to comply with bookkeeping, tax, and other applicable legal obligations

Legal bases

Where GDPR or equivalent rules apply, we rely on one or more legal bases depending on the specific processing context.

• contract: where processing is necessary to provide Knipsa to the customer organization
• legitimate interests: where we need to operate, secure, monitor, and improve the service in a proportionate way
• legal obligation: where we must process data to comply with bookkeeping, tax, or other legal requirements
• consent: where we specifically ask for your consent for a particular processing activity and you may withdraw it

AI-assisted processing

Knipsa uses AI-assisted processing to analyze and structure receipt and document data. This forms part of the core service functionality and is covered by this policy.

Where AI processing is used, we aim to send only the information needed to perform the analysis. We use technical and organizational controls to reduce unnecessary exposure and limit risk.

Recipients and processors

We share data only with recipients needed to provide, secure, or administer Knipsa, or where disclosure is required by law.

• Supabase for database, storage, and authentication-related infrastructure
• Twilio for communication or intake flows where messaging is part of the service
• OpenAI for AI-assisted text and image analysis within the service
• Fortnox for integration, archive, and bookkeeping-related flows
• Stripe for card payments, subscriptions, and related payment administration where those billing flows are enabled
• public authorities or other recipients where disclosure is required by law or binding decision

International transfers

We aim to keep processing within the EU or EEA where practical. If a provider processes personal data outside the EU or EEA, or permits remote access from outside those regions, we rely on appropriate safeguards such as Standard Contractual Clauses or another lawful transfer mechanism.

Retention and archiving

Knipsa retains submitted materials, processing history, and related operational data for up to 1 year where needed to provide the service, troubleshoot issues, handle support, and preserve traceability in the automation flow.

Knipsa is not the customer's system of record for accounting retention. Long-term bookkeeping retention is handled in the customer's own systems and processes, such as Fortnox, under the customer's responsibility and applicable rules.

When data is no longer needed for the service, we delete or de-identify it where reasonably possible unless continued retention is required by law or to establish, exercise, or defend legal claims.

Security

We use technical and organizational safeguards to protect personal data, including access controls, encryption where relevant, logging, monitoring, and restricted access to production data.

No internet-based service can guarantee absolute security, but we work systematically to reduce the risk of unauthorized access, loss, misuse, or accidental disclosure.

Your rights

Depending on applicable law, you may have the right to request access, rectification, restriction, portability, objection, or deletion of your personal data.

Those rights may be limited where continued processing is required to comply with legal duties or to establish, exercise, or defend legal claims.

If you believe our processing violates applicable data protection law, you may also lodge a complaint with the Swedish Authority for Privacy Protection or another competent supervisory authority.

Children and minors

Knipsa is not directed to children, and we do not knowingly collect personal data from anyone under 18 as part of the ordinary service.

Changes to this policy

We may update this policy when the service, providers, legal requirements, or our ways of working change. The latest version is published on this page with the updated date shown above.

Contact

If you want to exercise your rights or have questions about this policy, contact us at support@knipsa.se or through the support form on knipsa.se.

Postal address: MixVision Scandinavia AB, Prästgatan 39, 774 35 Avesta, Sweden.