Legal
Privacy Policy
Overview
This Privacy Policy explains how Subosic 2Consulting AB, doing business as Wundrblock ("Wundrblock," "we," "us," or "our"), handles personal data in connection with our website at wundrblock.com (the "Site") and the Wundrblock biographical storytelling service (the "Service").
We have designed our processing activities to comply with the EU General Data Protection Regulation (GDPR), the Swedish Data Protection Act (Dataskyddslagen), and other applicable laws.
The Site is currently a pre-launch page where visitors can learn about Wundrblock and join a waitlist. The Service itself, when made available to you, is offered as an Early Access program — see our Terms of Service for what that means. Some sections of this Policy describe how we will handle data once you begin using the Service; those sections will apply to you when you start using the corresponding features.
This Policy uses the same defined terms ("Your Content," "Generated Content") as our Terms of Service.
1. Who we are
Subosic 2Consulting AB (operating as Wundrblock)
Dalagatan 78, 113 24 Stockholm, Sweden
Org. nr. 559334-5217
Email: info@wundrblock.com
We are the data controller for the personal data processed in connection with the Site and the Service. For privacy questions, requests, or complaints, please contact us at info@wundrblock.com.
2. Personal data we collect
We collect personal data in the following categories.
2.1 Information you give us directly
Waitlist signup: when you join the waitlist on the Site, we collect your email address.
Account information (when the Service is available to you): your name, email address, password (stored in encrypted form), and any optional profile information you choose to add.
Your Content: the source material you provide to the Service — including stories, memories, audio recordings, photographs, documents, and other material you upload, dictate, or share.
Your Content may include personal data about you and, where you choose to share it, about other people in your life. Because the Service is in Early Access, we ask you to use your own judgement about what to share, and we recommend not including material that you consider especially sensitive at this stage — for example, detailed health information or sensitive information about identifiable third parties. If you choose to include such material, you do so on your own initiative.
Communications with us: if you contact us by email, through a contact form, or otherwise, we receive the contents of your message and any information you choose to include.
2.2 Information generated by the Service
When you use the Service, our AI produces Generated Content — drafts, summaries, and longer biographical text — based on Your Content. Generated Content may include personal data about you, and about people mentioned in Your Content, presented in new forms.
2.3 Information collected automatically
When you use the Site or the Service, we (or our service providers) collect technical and usage data such as IP address, device and browser information, operating system, pages or features accessed, timestamps, and similar information, recorded in server logs.
The Site uses only strictly necessary cookies (see Section 8). The Service may use additional functional cookies or local storage required to deliver core features; we will keep this Policy up to date as those features are introduced.
2.4 Information about other people
When you tell stories or upload material that mentions identifiable third parties (for example, family members, friends, or colleagues), we also process personal data about those people. You confirm under our Terms of Service that you have the right to provide such material. If a third party contacts us to exercise their rights in relation to data you have provided about them, we will respond in accordance with GDPR.
3. How we use personal data and our legal bases
We use personal data for the purposes set out below. Each purpose is associated with one or more legal bases under GDPR Article 6.
| Purpose | Legal basis |
|---|---|
| Manage the waitlist and notify you when the Service becomes available | Consent — Art. 6(1)(a) |
| Create and operate your account, deliver the Service, and produce Generated Content from Your Content | Performance of contract — Art. 6(1)(b) |
| Operate, secure, troubleshoot, and improve the Site and the Service | Legitimate interests — Art. 6(1)(f) |
| Communicate with you about your account, support requests, and service-related matters | Performance of contract / legitimate interests — Art. 6(1)(b) / 6(1)(f) |
| Send product updates, news, and marketing | Consent — Art. 6(1)(a); you can opt out at any time |
| Comply with legal, accounting, and regulatory obligations | Legal obligation — Art. 6(1)(c) |
| Establish, exercise, or defend legal claims | Legitimate interests — Art. 6(1)(f) |
We do not sell personal data, and we do not use personal data for automated decision-making that produces legal or similarly significant effects on you within the meaning of GDPR Article 22.
4. AI processing
The Service uses artificial intelligence to process Your Content and produce Generated Content. To do this, Your Content is sent to specialised AI service providers, which act as our processors.
The Service is in Early Access (see our Terms of Service), and our AI architecture and choice of providers continues to evolve. We will update this Policy as our practices develop. If we materially change how Your Content is used in connection with AI — for example, to train or fine-tune models — we will inform you in advance and provide opportunities to consent or opt out where required by law.
5. Who we share personal data with
We share personal data only with the following categories of recipients, who act as our data processors under written agreements (or, where they are independent controllers, under appropriate transfer terms):
- Hosting and infrastructure providers — to operate the Site and the Service.
- AI service providers — to deliver AI-assisted content generation, as described in Section 4.
- Email and communications platforms — to manage waitlist signups, send transactional and marketing emails, and run the contact channel.
- Print and fulfilment partners — when you order a printed biography, to produce and deliver it.
- Payment processors — when paid features are introduced, to handle payments.
- Software development and IT partners — to support engineering and operations.
- Professional advisors — such as lawyers and accountants, where necessary.
- Authorities — where legally required (for example, in response to a valid legal request).
A current list of our key processors is available on request from info@wundrblock.com.
We do not share personal data with third parties for their own marketing purposes.
6. International transfers
Some of our service providers may be located outside the European Economic Area (EEA).
Where personal data is transferred outside the EEA, we rely on appropriate safeguards under GDPR — typically the European Commission's Standard Contractual Clauses (SCCs), together with any supplementary measures necessary to ensure an adequate level of protection. Where transfers are made to countries that are subject to a European Commission adequacy decision, we rely on that adequacy decision.
You can request more information about the safeguards applied to a specific transfer by contacting info@wundrblock.com.
7. How long we keep personal data
We keep personal data only for as long as we need it for the purposes described above, and in line with the following retention periods.
- Waitlist email addresses: kept until you unsubscribe. If you do not engage with our communications for 18 months, we will send a re-confirmation email and delete your address if you do not respond.
- Account data and Your Content: kept for as long as your account remains active. When you delete your account, we delete or irreversibly anonymise account data and Your Content within 90 days, except where retention is required for legal, security, or backup reasons (in which case the data is kept only for those limited purposes and for no longer than necessary).
- Generated Content: during Early Access, Generated Content may be modified, regenerated, or deleted at any time as we develop the Service (see our Terms of Service). Otherwise, it follows the same retention as your account.
- Correspondence with us: up to 24 months after our last contact, unless retention is required for longer for legal reasons.
- Server logs: up to 90 days for security and troubleshooting.
- Payment and accounting records: retained for 7 years to comply with the Swedish Bookkeeping Act (Bokföringslagen).
After these periods, data is deleted or anonymised.
8. Cookies
The Site uses only strictly necessary cookies required for the Site to function (for example, security and session management). Strictly necessary cookies do not require your consent under EU law.
The Site does not currently use analytics, advertising, or other non-essential cookies. If we introduce them in the future, we will request your consent through a cookie banner before any such cookies are set.
The Service may use additional cookies and local storage that are strictly necessary for delivering its features (for example, to keep you signed in). We will update this Policy and provide further information when those features are made available to you.
9. Your rights
Under GDPR, you have the following rights in relation to your personal data:
- Access — to obtain a copy of the personal data we hold about you.
- Rectification — to have inaccurate or incomplete data corrected.
- Erasure — to have your personal data deleted in certain circumstances ("right to be forgotten").
- Restriction — to limit how we process your personal data in certain circumstances.
- Objection — to object to processing based on our legitimate interests.
- Portability — to receive your personal data in a structured, machine-readable format, where technically feasible.
- Withdraw consent — at any time, where we rely on your consent. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
- Lodge a complaint — with the Swedish data protection authority, Integritetsskyddsmyndigheten (IMY), at imy.se, or with the supervisory authority in your country of residence.
To exercise any of these rights, contact us at info@wundrblock.com. We will respond within one month, unless the request is complex, in which case we may extend the deadline by up to two further months and will tell you why.
You can unsubscribe from marketing emails at any time using the link in any email we send.
10. Security
We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, logging, regular review of our processors, and contractual safeguards. No method of transmission or storage is completely secure, and we cannot guarantee absolute security; however, we work continuously to maintain a high standard of protection.
If we become aware of a personal data breach affecting your data, we will notify the relevant supervisory authority and, where required, you, in line with our obligations under GDPR.
11. Children
The Service is not intended for individuals under 18, and we do not knowingly collect personal data from people under that age. If you believe a person under 18 has provided us with personal data, please contact us and we will delete it.
12. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent version. If we make material changes, we will notify users — by email, in-product notice, or by posting a prominent notice on the Site — before the changes take effect.
13. Contact
For privacy questions, requests, or complaints:
Subosic 2Consulting AB (operating as Wundrblock)
Dalagatan 78, 113 24 Stockholm, Sweden
Org. nr. 559334-5217
Email: info@wundrblock.com