UDDA Logo

UDDA Privacy Policy

Last updated: January 19, 2026

This Privacy Policy explains how UDDA TRANSLATION AB (“UDDA”, “we”, “us”) collects and uses personal data when you visit udda.ai or use the UDDA web app and services.

We built UDDA for people who feel they can’t market alone—so we treat your data like the product. Our default posture is: store what you intentionally give us, protect it with strict access controls, and never sell or train models on it.

1) Who we are (Data Controller)

Data Controller: UDDA TRANSLATION AB

Brand name: UDDA

Organisation number: 559465-7255

VAT: SE559465725501

D-U-N-S: 315547172

Registered address: Johannes plan 5, c/o Carlsson, 111 38 Stockholm, Sweden

Email: [email protected]

If you have privacy questions or want to exercise your rights, email [email protected].

2) Who this applies to

This policy applies to:

  • Website visitors (udda.ai)

  • Users of UDDA (individual or business)

  • Team/organisation users (where you share projects and data with other people)

Age limit: UDDA is for users 18+.

3) What we collect (categories of personal data)

A. Account & profile data

  • Email address and authentication identifiers (Supabase Auth OTP; optional Google/Microsoft sign-in)

  • Name, role/title, company name (if provided)

  • Organisation/team membership and roles (e.g., user/member/editor/admin/owner)

B. Content you deliberately store in UDDA

Stored in our systems (not on third-party “training” datasets):

  • Chat transcripts (text)

  • Voice recordings

  • Voice transcripts

  • Uploaded documents (PDFs, docs, slides)

  • Notes, strategy outputs, and structured project data

  • Vector embeddings generated from your content

  • Graph relationships/links derived from your content (knowledge graph)

C. Payment & billing data

  • Billing identifiers and transaction metadata via Stripe (we do not store full card numbers; Stripe handles payment card data as the payment processor).

D. Website & attribution data (when you browse udda.ai)

  • Basic event/usage data for site measurement via Simple Analytics

  • Campaign and click identifiers you arrive with (for example, query parameters such as UTM parameters and click IDs like “gclid” / “fbclid” if present)

We use these for attribution (understanding what brought you to UDDA), not for selling your data.

About Simple Analytics: Simple Analytics states it does not set cookies or use fingerprinting, and does not store IP addresses. (Simple Analytics Docs)

4) Why we collect it (purposes)

We use personal data to:

  1. Provide the service

    • Create your account, authenticate you, and operate projects and teams.

  2. Store your work so UDDA can be useful over time

    • Your conversations, documents, memory, and strategy outputs are stored so UDDA can remain context-aware for you.

  3. Run AI-assisted features you request

    • Generate responses, summaries, plans, and structured outputs from your inputs.

  4. Security & reliability

    • Prevent abuse, debug failures, and keep the platform stable.

  5. Billing & account administration

    • Manage subscriptions, invoices, and payments.

  6. Product improvement (without training foundation models on your content)

    • We may analyze aggregated and/or de-identified usage patterns to improve UX and reliability (e.g., feature performance, error rates).

5) Our AI and model stance (clear commitments)

We do not train foundation models on your data

We do not sell your data, and we do not allow your UDDA content to be used to train foundation models.

We prefer EU-based inference when available

We aim to process AI requests on EU-based infrastructure where available (and we architect UDDA to keep your stored data in our controlled environment).

Some providers may process data outside the EU

Depending on the provider and your use of specific features, processing may involve providers outside the EU/EEA. When that happens, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms.

Zero-retention configuration (where available)

For voice/agent tooling, we configure privacy settings for maximum privacy wherever technically supported. ElevenLabs, for example, documents that you can set retention to 0 days (scheduled deletion) and disable audio saving for maximum privacy. (ElevenLabs)

Future direction (non-binding)

Our direction is an open-source-leaning, closed ecosystem approach: a system designed to keep personal and business data safe, with a long-term ambition toward more self-hostable and verifiable infrastructure. This is a product direction, not a legal guarantee.

6) Legal bases (GDPR)

We process personal data under the GDPR on these bases:

  • Contract (Article 6(1)(b)) — to provide UDDA (accounts, projects, AI features you request).

  • Legitimate interests (Article 6(1)(f)) — security, fraud prevention, service reliability, and product analytics that do not override your rights.

  • Legal obligation (Article 6(1)(c)) — accounting and compliance where required.

  • Consent (Article 6(1)(a)) — where we ask for it (e.g., certain communications or optional features).

7) How teams and sharing work

UDDA supports:

  • An individual user with multiple projects

  • Organisations with role-based permissions

  • Optional team plans where members may be from different legal entities

Important: If you choose to share documents or project content with team members, you are instructing UDDA to make that content available to those members according to the permissions you set. You can revoke access by changing roles, removing members, or separating projects.

8) Web crawling and public data (Firecrawl and similar tools)

UDDA may fetch and process publicly available web content to support market/strategy research features.

Our operating constraints:

  • We only crawl public content

  • We do not attempt to de-anonymize individuals

  • We respect robots.txt where applicable

  • We use crawled data for market/strategy insight, not personal profiling

If you believe UDDA is indexing content that should not be used, contact [email protected] and we will review.

9) Who we share data with (sub-processors)

We use vetted service providers to operate UDDA. These providers act as processors (or in some cases independent controllers for their own compliance obligations).

Typical categories:

  • Hosting / compute

  • Database & storage

  • Voice and AI inference

  • Analytics

  • Billing

Based on your current setup, UDDA may use providers such as:

  • Fly.io (app hosting)

  • Supabase (database/auth)

  • Qdrant (vector database)

  • Neo4j (graph database)

  • Nscale and Groq (AI inference providers)

  • ElevenLabs (voice/agent platform; includes Gemini via integration for some flows)

  • Simple Analytics (website analytics)

  • Stripe (payments)

Note: Providers may change over time. We keep this policy updated as our stack evolves.

10) International transfers

If personal data is transferred outside the EU/EEA, we apply safeguards such as:

  • EU Standard Contractual Clauses (SCCs)

  • Adequacy decisions where applicable

  • Other lawful mechanisms permitted under GDPR

(Some providers also reference additional frameworks for EU data transfers; for example Fly.io publishes information related to cross-border transfer mechanisms. (fly.io))

11) Retention (how long we keep data)

Your UDDA content

  • We keep your stored content (conversations, recordings, transcripts, documents, embeddings, graph data) until you delete it or request deletion, because persistent memory is part of the product.

  • Inactive accounts: We plan automatic cleanup after 24 months of inactivity (unless we must retain something longer for legal reasons).

Website analytics and attribution

  • We retain website analytics and attribution identifiers only as long as needed for measurement and business operations, typically aligned with our inactivity and operational retention windows unless a shorter period is implemented.

12) Security

We use technical and organisational measures designed to protect your data, including:

  • Role-based access control and strict permissions

  • Row-level security (RLS) and scoped identifiers for user content

  • Encryption in transit (and encryption at rest where supported by infrastructure)

  • Access minimization and operational logging

No system is perfectly risk-free, but our goal is to behave like the kind of company we ourselves would trust with sensitive strategy work.

13) Your rights (GDPR)

Depending on your situation, you may have rights to:

  • Access your personal data

  • Rectify inaccurate data

  • Delete data (“right to be forgotten”)

  • Restrict or object to processing

  • Data portability

  • Withdraw consent (where processing is consent-based)

To exercise rights: email [email protected].

You also have the right to lodge a complaint with the Swedish supervisory authority: IMY (Integritetsskyddsmyndigheten).

14) Cookies and tracking

We use privacy-friendly analytics. Simple Analytics states it does not set cookies, does not use fingerprinting, and does not store IP addresses. (Simple Analytics Docs)

We may collect campaign parameters (UTMs) and click IDs (like gclid/fbclid) when present in the URL to understand which campaigns are working. This is attribution—not cross-site surveillance—and we do not sell that information.

15) Changes to this policy

We may update this Privacy Policy as UDDA evolves. If changes are material, we will take reasonable steps to notify users (e.g., in-app notice or email). The “Last updated” date at the top shows the current version.

16) Contact

For privacy questions, deletion requests, or anything unclear:

[email protected]

← Back to Legal DocumentsPrivacy PolicyTerms and ConditionsBack to Home