Privacy Policy

Incrane (“we”) cares about your privacy. This policy describes how we process personal data when you visit incrane.se, contact us, or use our client portal — and the rights you have under the General Data Protection Regulation (GDPR).

Last updated: 2026-06-10

Data controller

Incrane, Gothenburg, Sweden (reg. no. 19910327-5955) is the data controller for the processing described in this policy.

Contact for privacy matters: info@incrane.se.

What data we collect

We collect the following data:

  • Contact form: name, email address, phone number (optional), company (optional), selected service, and your message.
  • Client portal: name, email address, and account details when you are invited to or sign up for our client portal, plus project-related information and messages.
  • Email communication: the contents of emails you send us.
  • Technical information: anonymised visitor statistics (see the cookie section below).

Why we process the data (legal basis)

  • Responding to enquiries and quote requests — legitimate interest and pre-contractual steps (Art. 6(1)(b) and (f) GDPR).
  • Delivering services and operating the client portal — performance of a contract (Art. 6(1)(b)).
  • Sending confirmation and notification emails related to your enquiry or account — legitimate interest (Art. 6(1)(f)).
  • Accounting and invoicing — legal obligation (Art. 6(1)(c)).

How long we keep the data

Contact form enquiries are kept while the dialogue is ongoing and deleted no later than 12 months after the last contact, unless a client relationship has begun. Data tied to client agreements is kept for the duration of the agreement and thereafter as required by the Swedish Bookkeeping Act (normally 7 years for accounting records).

Who has access to the data

We never sell your data. Data is shared only with the providers (data processors) required to run the website and our services:

  • Convex (database and backend) — storage of enquiries, accounts, and project data.
  • Clerk (sign-in and account management for the client portal).
  • Vercel (hosting and anonymised visitor statistics).
  • Resend (transactional email, e.g. confirmations).

Transfers outside the EU/EEA

Some of our providers process data in the United States. Transfers rely on the European Commission's Standard Contractual Clauses (SCCs) and/or the EU–U.S. Data Privacy Framework.

Your rights

Under the GDPR you have the right to:

  • Request access to the data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased (“the right to be forgotten”).
  • Request restriction of, or object to, the processing.
  • Receive your data in a machine-readable format (data portability).
  • Lodge a complaint with the Swedish Authority for Privacy Protection (IMY), imy.se.

Cookies

incrane.se uses strictly necessary cookies only. No marketing or tracking cookies are set, which is why no cookie banner is shown.

  • Sign-in (Clerk): necessary session cookies required for the client portal and sign-in to work. Set only in connection with signing in.
  • Statistics (Vercel Analytics): cookie-free, anonymised visitor statistics — nothing identifying is stored in your browser.

Changes to this policy

We may update this policy when needed, for example when changing providers or launching new features. The latest version is always available on this page. We notify active clients by email of material changes.