Privacy Policy

Last updated: April 16, 2026

1. Who We Are

Agonist Development AB ("we", "us") operates autocbam.com. Registered in Sweden. Contact: [email protected]

2. What Data We Collect

Data	Purpose	Legal Basis (GDPR)	Retention
Email address	Send risk report, account login	Consent (quiz opt-in)	Until account deletion
Quiz answers	Calculate compliance risk score	Consent	Until account deletion
Company name (optional)	Personalize reports	Legitimate interest	Until account deletion
Payment data	Process subscriptions	Contract	Per Stripe retention policy
Usage analytics	Improve service	Consent (cookie banner)	Per PostHog retention

3. Sub-Processors

Service	Data	Location
Cloudflare (Pages, D1, R2)	All platform data	EU (Frankfurt)
Stripe	Payment data	EU + US (SCC)
Resend	Email addresses	US (SCC)
PostHog	Analytics	EU (Frankfurt)

4. Your Rights (GDPR Articles 15-22)

You have the right to: access your data, correct inaccurate data, delete your data ("right to be forgotten"), export your data (data portability), object to processing, and withdraw consent at any time.

To exercise any right: email [email protected]. We respond within 30 days.

4a. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights. In Sweden: Integritetsskyddsmyndigheten (IMY). You may also contact the supervisory authority in your EU country of residence.

4b. Automated Decision-Making

Our risk assessment quiz uses automated scoring to calculate your compliance risk level. This is NOT a legally-binding decision — it is an informational assessment. You have the right to:

Request human review of any automated decision
Express your point of view on the assessment
Contest the result — email [email protected]

The quiz does not make decisions that produce legal effects (GDPR Art. 22). Results are advisory only.

4c. Data Protection Contact

We have not appointed a formal Data Protection Officer (DPO) as we do not meet the criteria in GDPR Art. 37. For all data protection inquiries, contact [email protected].

5. Cookies

We use essential cookies (session, A/B test variant) and optional analytics cookies (PostHog). You can reject analytics cookies via the cookie banner. Essential cookies cannot be disabled.

6. Data Security

All data encrypted in transit (TLS 1.3) and at rest. Access restricted to authorized personnel. We conduct regular security reviews.

7. Changes

We may update this policy. Changes posted here with updated date. Material changes notified by email.

8. Contact

Agonist Development AB
Email: [email protected]