Privacy Policy | Athanor Foundation

Who We Are

Athanor Foundation (Stiftelsen Athanor)
Research organization dedicated to consciousness-aligned intelligence

Website: https://athanor.se
Email: privacy@athanor.se
Location: Norrköping, Sweden

Data We Collect

We collect minimal data necessary to provide our services and improve your experience.

Information You Provide

Email address - Newsletter signup, contact forms
Name - Optional, for personalization
Message content - When you contact us via forms
Professional affiliation - Optional, helps us understand our audience

Information Automatically Collected

Access logs: IP address, timestamp, pages visited (90-day retention for security)
Browser information: Type, version, language preferences
Device information: Type (mobile/desktop), screen size (for responsive design)
Referring website: Where you came from (understanding traffic sources)

What we DON'T collect: Detailed browsing history, cross-site tracking, advertising profiles

Cookies & Local Storage

Essential (no consent required):

Language preference - Stores your selected language (en/sv)
Theme preference - Light/dark mode setting
Session state - Keeps you logged in to docs navigation

Analytics (consent required):

Privacy-friendly analytics - Aggregated, anonymized usage statistics
No third-party tracking - We don't use Google Analytics, Facebook Pixel, or advertising cookies

Note: Analytics are not currently implemented. When added, we will use EU-hosted, privacy-first solutions (Plausible or Umami) that don't track individual users.

Text-to-Speech (TTS) Data

Our documentation includes a Text-to-Speech feature for accessibility:

Processed locally: TTS audio is generated in your browser using Web Speech API
No server involvement: We don't receive, store, or log TTS usage
No recordings: Audio is not recorded or saved by us
Your browser: Your browser (Chrome, Edge, Safari) may log TTS usage locally - see your browser's privacy policy

Privacy benefit: Complete client-side processing means zero data collection for TTS features.

PDF & LaTeX Exports

Our documentation system allows exporting to PDF and LaTeX formats:

Client-side generation: PDFs are generated in your browser using jsPDF
No uploads: We don't receive, store, or log your exports
Download only: Files are created on your device and downloaded directly
Metadata: Exports include download date and source URL (for citation purposes, not tracking)

Privacy benefit: Complete client-side processing means we never see what you export or when.

Legal Basis for Processing

We process your data based on the following legal grounds under GDPR:

Consent (Article 6(1)(a))

Newsletter subscriptions (explicit opt-in)
Analytics cookies (optional consent via cookie banner)

Legitimate Interest (Article 6(1)(f))

Website security and fraud prevention
Service improvement and optimization
Responding to your inquiries

Legal Obligation (Article 6(1)(c))

Maintaining security logs (Swedish law requirement)
Tax and accounting records (Swedish accounting law)

How We Use Your Data

Send quarterly research updates and project announcements
Analyze engagement (open rates, click rates) to improve content
Segment by interests (if you provide them)

You can unsubscribe at any time using the link in every email.

Contact Forms

Respond to your inquiries
Maintain communication history for context
Improve our services based on feedback

We keep contact form submissions for 2 years, then archive or delete them.

Analytics

Understand website usage patterns
Identify popular content
Optimize user experience

Note: Analytics are not currently implemented. When added, we will use privacy-friendly analytics (Plausible or Umami) hosted in the EU with anonymized data only.

Data Sharing

We respect your privacy and minimize data sharing.

We DO Share With

Email service provider (Resend): For newsletter delivery (Data Processing Agreement in place)
Analytics provider (Plausible/Umami): EU-hosted, privacy-friendly (no personal data shared)
Hosting provider: EU-based servers for website hosting

We DON'T Share With

Advertisers: We don't sell your data. Ever.
Third-party trackers: No Google Analytics, Facebook Pixel, etc.
Data brokers: We don't share or sell your information

Data Retention

Newsletter subscriptions: Until you unsubscribe + 30 days
Contact form messages: 2 years, then archived or deleted
Analytics data: Aggregated, anonymized, retained indefinitely
Access logs: 90 days (security requirement)

Your Rights (GDPR)

To exercise your rights: Email us at privacy@athanor.se

We will respond within 30 days as required by GDPR.

Access

Request a copy of your data

Rectification

Correct inaccurate data

Erasure

Request deletion ("right to be forgotten")

Portability

Receive your data in machine-readable format

Objection

Object to processing (e.g., analytics)

Withdraw Consent

Unsubscribe from newsletter, revoke cookie consent

Data Security

We implement appropriate technical and organizational measures:

Encryption: HTTPS/TLS for all connections
Secure servers: Regular security updates and patches
Access controls: Limited access to personal data
Incident response: Procedures for data breaches

International Transfers

Primary hosting: EU region
Email service (Resend): US-based with EU Data Processing Addendum
Compliance: EU-US Data Privacy Framework (where applicable)

Children's Privacy

Our website is not directed at children under 16. We do not knowingly collect data from minors. If we discover we have collected data from a child, we will delete it immediately.

Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements.

Material changes will be communicated via:

Email notification (if you're subscribed)
Prominent website notice

Continued use of our website after changes indicates acceptance.

Contact & Complaints

Data Protection Contact:
Email: privacy@athanor.se

Swedish Data Protection Authority (IMY):
Website: https://www.imy.se
Email: imy@imy.se
Phone: +46 (0)8 657 61 00

If you believe we've violated GDPR, you have the right to lodge a complaint with IMY.