Privacy Policy

Version 2026-07-03 · Effective 2026-07-03 · Last updated 2026-07-03

  • Accounts
  • Stockr
  • Stable
  • Lagom
  • Compact

In short

  • We are one company behind all Compact apps, and one data controller for your account.
  • You sign in once through Compact Accounts; that shared login stores your email, security settings, and security logs.
  • Each app only holds the data it needs — most of Stockr stays on your device, Lagom stores your receipts, Stable holds your stable's operational data.
  • We do not sell your personal data. Product analytics are turned off until you consent.
  • You have full GDPR rights. To access, export, or delete your data, email us and we will handle it.

This summary is for convenience only; the full text below is what applies.

Privacy Policy

This Privacy Policy explains what personal data we process, why, and the choices you have. It covers our shared login (Compact Accounts) and every app in the Compact family. Where an app handles data differently, that is called out in its own subsection below.

We have written this in plain language. Defined terms (like "Compact Accounts") are explained the first time they appear.

1. Who we are and how to contact us

The data controller for the personal data described in this policy is:

  • {{LEGAL_ENTITY}} ("we", "us", "our"), a Swedish limited company (aktiebolag)
  • Registered address: {{REGISTERED_ADDRESS}}
  • Company registration number: {{ORG_NUMBER}}
  • Privacy contact: {{PRIVACY_EMAIL}}

One legal entity operates every product covered by this policy, and is the controller for the account and identity data common to all of them.

Data Protection Officer. {{DPO_STATUS — e.g. "We are not required to appoint a Data Protection Officer and have not done so. You can reach our privacy contact using the email above."}}

Supervisory authority. Our lead supervisory authority is the Swedish Authority for Privacy Protection — Integritetsskyddsmyndigheten ("IMY"). You can contact IMY at imy.se, or by post at Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden.

2. The products this policy covers

  • Compact Accounts — the single sign-on service at accounts.compact.se that you log in through for every product below.
  • Stockr — a local-first inventory-counting app for desktop and mobile.
  • Stable — a horse and stable management platform (web and mobile) for businesses.
  • Lagom — a receipt archive and expense manager for individuals and groups.
  • Compact — our marketing website at compact.se.

3. How you get an account

There is no self-serve sign-up. You get a Compact Accounts identity in one of two ways:

  • an administrator invites you and you accept the invitation, or
  • you sign in for the first time with Google or Apple (federated login), which creates your account automatically.

At that moment we record which version of this Privacy Policy and of our Terms of Service you accepted, and when (see Section 12).

4. What we collect and why

Shared core — Compact Accounts (applies to every product)

Because you sign in once and use that identity across all apps, the following is collected by our shared login layer and is the same regardless of which app you use.

4.1 Account and identity data

  • Email address(es). A primary email, plus up to four additional verified addresses if you add them, along with your per-address notification preferences.
  • Display name (optional).
  • Password, stored only as a salted hash (Argon2) — we never store your actual password.
  • Multi-factor authentication (MFA) material, if you enable it: a time-based one-time password (TOTP) secret stored encrypted at rest (AES-256-GCM), passkeys (WebAuthn credentials), and recovery codes stored only as hashes.
  • Federated identity links. If you sign in with Google or Apple, we store the provider's stable subject identifier and the email address that provider gives us — used to recognise you on return, not shared onward.
  • Group and entitlement claims — which groups or plans your account belongs to, so each app knows what you may access.

4.2 Security and anti-abuse data

  • Sessions — a hashed session token, your IP address, and your browser/device user-agent, so we can keep you signed in and let you review and revoke active sessions.
  • Security-audit events — an append-only log of security-relevant actions (for example sign-ins, password changes, MFA changes, new device notifications), each recording the event type, IP address, user-agent, and a timestamp.
  • New-device recognition — a one-way hash of your user-agent, used only to notify you the first time a new device signs in.
  • Rate-limiting counters keyed to IP address and email, used to stop brute-force and abuse.

We rely on these for the legitimate interest of keeping accounts and the service secure (see Section 5).

4.3 Product analytics

Compact Accounts itself contains no analytics or tracking. Some apps use privacy-friendly, EU-hosted product analytics (PostHog EU) to understand feature usage. Where analytics run, they are turned off until you consent in the European Economic Area and the UK, and you can withdraw consent at any time. What each app does is described in its subsection below.

4.4 Error monitoring

Some apps use error monitoring (Sentry) to capture crash and error reports so we can fix bugs. Reports are sampled and are used to diagnose reliability problems, on the basis of our legitimate interest in a stable service.

4.5 Email

We send transactional emails (for example account verification, security notices, and password resets) through our email provider (Resend). We process delivery signals (such as bounces) to keep email working.

Per-product data

4.6 Stockr (local-first)

Stockr is local-first. Your stock counts and imported lists live in a database on your device and, by default, never leave it. Unlocking the desktop app uses an offline licence key that is verified on-device — there is no phone-home.

  • Analytics in Stockr are strictly opt-in and originate from your device. {{STOCKR_ANALYTICS — confirm whether the mobile app transmits any analytics, to which endpoint/region, and that it is off by default.}}
  • Stockr Connect is an optional cloud feature. If you choose to enable it, we process a signed organisation roster and sync data you choose to share, so your team can collaborate. Data you have already imported keeps working offline. If you never enable Connect, no count data is sent to us.

4.7 Stable (business / operational data)

Stable is a tool that businesses (stables, riding schools, and similar) use to run their operations. It stores operational data your organisation enters — such as horses, bookings and schedules, inventory, and staff accounts.

  • Controller vs. processor. When your organisation ("the Customer") uses Stable to manage its operations, the Customer is normally the controller of the personal data it enters about its staff, riders, and horse owners, and we act as its processor under a data processing agreement. We remain an independent controller for account, security, and billing data. If you were added by an organisation, contact that organisation first about its data; we will help route your request.
  • Analytics and site tools. The Stable marketing site uses EU-hosted product analytics (PostHog EU) and advertising conversion measurement (Google Ads), both consent-gated, and bot-protection (Cloudflare Turnstile) on forms. The Stable app uses error monitoring (Sentry).
  • Payments. Subscription billing is handled by our billing provider (Polar). Where a Stable business collects payments from its own customers, that is processed by Stripe; we do not store full card details.

4.8 Lagom (receipts and expenses)

Lagom stores your receipts and the expense data extracted from them. Because this is financial data, we treat it with particular care.

  • Receipt images you capture are stored in object storage (Cloudflare R2).
  • AI extraction (OCR). To turn a receipt image into structured data (merchant, totals, tax, tip, line items, currency), the image and an extraction prompt are sent to a third-party AI provider (Mistral AI). See Section 10 for how this automated processing works. {{MISTRAL_DATA_TERMS — confirm Mistral's data-processing agreement, retention, and that user content is not used to train models; disclose the outcome here.}}
  • Expense splitting. If you split expenses with a group, we keep a "who owes whom" settlement ledger. Lagom is not a payment service — it does not move money, and members settle up between themselves outside the app.
  • Currency conversion uses a public exchange-rate API (Frankfurter); no personal data is sent to it.
  • Subscriptions are sold through the Apple App Store and Google Play (managed via RevenueCat) and/or our billing provider (Polar). The app stores never share your full payment details with us.

4.9 Compact (marketing site)

The compact.se website has no user accounts. It uses consent-gated analytics, and — in the future — may let you join a waitlist or newsletter, which would collect the email address you provide for that purpose.

We rely on the following legal bases under the GDPR:

PurposeLegal basis
Providing your account and single sign-on; delivering the app you usePerformance of a contract (Art. 6(1)(b))
Keeping accounts and the service secure; preventing fraud, abuse, and brute-force; audit logging; rate-limitingLegitimate interests (Art. 6(1)(f))
Error monitoring and reliabilityLegitimate interests (Art. 6(1)(f))
Product analytics and advertising measurement (where offered)Consent (Art. 6(1)(a))
Billing and keeping accounting recordsPerformance of a contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)) for accounting
Responding to your requests and legal claimsLegitimate interests (Art. 6(1)(f)); legal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, we have weighed those interests against your rights. You can object to that processing at any time (see Section 9). Where a business (Stable Customer) determines the purposes of processing, that Customer is responsible for the legal basis and we act on its instructions.

6. Sub-processors and other recipients

We share personal data only with service providers ("sub-processors") that help us run the service, and only as needed. We do not sell personal data. The regions and transfer safeguards below must be confirmed against each provider's current terms.

Sub-processorPurposeUsed byRegionTransfer safeguard
CloudflareHosting/CDN, bot protection (Turnstile), object storage (R2)All / Stable / Lagom{{REGION}}{{SCCs / EU-US DPF}}
RailwayBackend hosting (Postgres, Redis)Stable, Lagom, Stockr Connect{{REGION}}{{SCCs / EU-US DPF}}
PostHog EUProduct analytics (consent-gated)Stable, Stockr (opt-in)EUEU-hosted
SentryError monitoringStable, Lagom{{REGION}}{{SCCs / EU-US DPF}}
ResendTransactional emailAccounts, Stable, Lagom{{REGION}}{{SCCs / EU-US DPF}}
Mistral AIReceipt OCR (Lagom)Lagom{{REGION — Mistral is EU-based; confirm}}{{confirm}}
Apple, GoogleFederated sign-in; in-app purchasesAccounts, Stable, Lagom, Stockr{{REGION}}{{SCCs / EU-US DPF}}
PolarSubscription billingStable, Lagom, Stockr{{REGION}}{{SCCs / EU-US DPF}}
RevenueCatMobile in-app-purchase managementLagom, Stockr{{REGION}}{{SCCs / EU-US DPF}}
StripePayment processing for Stable businesses' own customersStable{{REGION}}{{SCCs / EU-US DPF}}

We may also disclose data to professional advisers under confidentiality, to authorities where legally required, and to a successor entity in a business transfer (subject to this policy).

7. International transfers

Some sub-processors may process data outside the EU/EEA. Where that happens, we rely on appropriate safeguards — European Commission Standard Contractual Clauses (SCCs), or an adequacy mechanism such as the EU-US Data Privacy Framework for certified providers — together with supplementary measures such as encryption. You can ask us about the safeguard for a specific transfer at {{PRIVACY_EMAIL}}. The exact mechanism per provider is being confirmed ({{TRANSFER_MECHANISMS}}).

8. How long we keep data

We keep personal data only as long as needed for the purposes above, then delete or anonymise it, unless a longer period is required by law. Some retention is fixed in our systems:

DataRetention
Browser session8 hours (then expires)
Sign-in access token10 minutes
Sign-in refresh token30 days
Invitation link7 days
Password-reset link1 hour
Email-verification link24 hours
MFA challenge5 minutes
Federated login state10 minutes
Rate-limit counters5-minute rolling window
Account and identity dataUntil your account is deleted
Recovery codesUntil regenerated or account deletion — {{RETENTION: confirm}}
Security-audit events{{RETENTION: no automatic deletion today — confirm target, e.g. 12–24 months; PII is redacted on account erasure}}
Stockr on-device dataStays on your device under your control
Lagom receipt images and expense data{{RETENTION: confirm}}
Stable operational (Customer) dataFor the term of the Customer's contract; per the data processing agreement
Billing and accounting records{{RETENTION: up to 7 years — Swedish Bookkeeping Act; confirm}}
Backups{{RETENTION: rolling, e.g. 30–60 days; confirm}}

9. Cookies and tracking

  • Strictly necessary cookies keep you signed in and protect your session. These are always on and do not require consent.
  • Analytics (PostHog EU) and advertising measurement (Google Ads, on the Stable marketing site) are consent-gated: in the EEA and UK they stay off until you opt in, and you can withdraw consent at any time. Compact Accounts uses no analytics or advertising cookies.

10. Automated processing and AI

Lagom uses AI to read your receipts (see Section 4.8): the receipt image is sent to a third-party AI provider (Mistral AI) which returns structured fields such as merchant, totals, tax, and line items. This is a convenience feature to save you typing — it does not make any decision that produces legal or similarly significant effects about you, and you can review and correct every extracted value. AI extraction can be wrong; you are responsible for checking the results (see the Lagom Terms annex). {{MISTRAL_DATA_TERMS — confirm provider retention and no-training stance.}}

11. Your rights

Under the GDPR you have the right to:

  • access your data and get a copy (Art. 15);
  • rectify inaccurate or incomplete data (Art. 16);
  • erase your data in certain cases (Art. 17);
  • restrict processing in certain cases (Art. 18);
  • data portability — receive data you gave us in a structured, machine-readable format (Art. 20);
  • object to processing based on legitimate interests (Art. 21);
  • withdraw consent at any time, where processing is based on consent (Art. 7(3)); and
  • lodge a complaint with IMY (Section 1).

How to exercise them. Account access, export, and deletion are currently handled on request: email {{PRIVACY_EMAIL}} from the address tied to your account. We may need to verify your identity, and we respond without undue delay and normally within one month. When you ask us to delete your account, we erase your identity data and each app deletes the data it holds about you; for security reasons some audit records are kept but have your identifying details removed.

12. Changes and versioning

This policy is versioned by date. The current version is shown at the top of this page. When you accept our policies, we record which version you accepted and when — so there is a clear record of what you agreed to. If we make material changes, we update the version, publish the new text, and — where appropriate — ask you to review and accept it again.

13. Effective date

This Privacy Policy is effective as of the "Effective" date shown at the top of this page.