Privacy Policy

Effective from April 22, 2025

This policy describes how Quadrata AB, trading as Devolv ("Devolv", "we", "us", "our"), processes your personal data. By reading this policy you will gain a clearer understanding of how we handle personal data and of your rights. The policy applies to all Devolv services, for example when you visit our websites or interact with us in other related ways. It does not cover Devolv's Terms of Use, which govern the legal agreement between you and Devolv for using the service; you can find those on our Terms of Use page.

1. Legal Basis for Processing

We rely on one or more of the following legal bases under the GDPR to process your personal data:

  • Consent: Where you have given us permission to use your personal data for a specific purpose.
  • Performance of a Contract: Where processing is necessary to fulfill our contractual obligations to you, including providing our services or at your request prior to entering into a contract.
  • Legal Obligation: Where processing is necessary for us to comply with a legal obligation (e.g., cooperating with law enforcement, regulatory authorities, exercising or defending our legal rights, or disclosing data as evidence in legal proceedings).
  • Vital Interests: Where processing is necessary to protect your or another person's vital interests, such as in situations involving potential threats to someone's safety.

2. Personal Data We Collect

2.1 User Data

To use our service, we must collect certain personal data, which depends on which Devolv services you use.

Account Registration: When you create an account, we record your name. Platform Interactions: When you interact with others on the platform, your name appears in conversations and projects.

2.2 Usage Data

While you use the service, we collect data such as:

  • Search history
  • Saved properties
  • Saved projects
  • Saved models
  • Saved buildings
  • Content you upload (e.g., images, profile pictures, text)
  • Interactions with other users
  • Account settings

2.3 Technical Data

We may collect technical information including:

  • Browser type
  • IP address
  • Operating system
  • Device type
  • Screen resolution

2.4 Third-Party Login Data

If you choose to register using a third-party account (Facebook, Google, Apple, etc.), we collect the information described in section 5 below. All personal data you provide must be accurate, complete, and up to date, and you must notify us of any changes.

2.5 Other Data

If you contact us for support, we store your contact information in order to respond. We rely on a legitimate-interest assessment for this processing, balancing our interest in handling your inquiry against your privacy rights.

For details on how we use cookies and how you can manage your settings, please see our Cookie Policy

3. Sharing Your Information

We may share certain data with partners and technology providers. We remain responsible for your data when it's shared with third parties, and we require them to comply with our data-processing rules, to protect your data, and to retain it only as long as we specify.

Categories of third parties we share with include:

  • Cloud storage services
  • Web hosting providers
  • Communication tools

The following is a list of specific subprocessors we use. All are contractually bound to process personal data in accordance with this policy and GDPR.

Provider Address Purpose Privacy Policy Location
Yelles AB (Inleed) Ovabacksgattu 10, 793 70 Tällberg Hosting and data storage Link Tällberg, Sweden
PostHog 660 3rd St, San Francisco, CA 94107, USA Product analytics and user-data management Link EU (Frankfurt)
Cloudflare 101 Townsend St, San Francisco, CA 94107, USA Security and disaster recovery Link EU
Customer.io 9450 SW Gemini Dr., Suite 43920, USA Email service provider Link EU

4. Handling Third-Party Login Data

When you register or log in through a third party, we receive certain profile data (typically your name, email address, profile picture, and any other information you choose to share publicly). We use this data only for the purposes described in this policy or as otherwise made clear to you. We do not control, and are not responsible for, the third party's own processing of your data. Please review their privacy policies for details on how they collect, use, and share your information.

5. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes set out in this policy. Once the data is no longer needed, we delete or anonymize it in accordance with our retention schedules.

6. Data Security

We have implemented appropriate technical and organizational measures to safeguard the personal data we process. However, no electronic transmission over the internet or storage technology can be guaranteed 100% secure. Therefore, while we strive to protect your data, transmission and storage are at your own risk. We recommend using our services in a secure environment.

7. Your Rights Under the GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Rectify any inaccurate or incomplete personal data.
  • Erasure ("right to be forgotten") in certain circumstances.
  • Restriction of processing in certain circumstances.
  • Data portability to receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests or direct marketing.

For more information about your rights, please visit the Swedish Authority for Privacy Protection at imy.se.

8. Withdrawing Consent

If we process your personal data based on consent, you may withdraw that consent at any time by contacting us at [email protected] or by updating your settings.

9. Email Communications

We only send marketing emails if you’ve explicitly opted in, and you can unsubscribe at any time via the link in those emails or in your account settings. However, we may still send necessary non‑marketing emails (e.g. account notifications, billing updates, security alerts, and support responses). You can configure your email preferences in your account settings.

10. Changes to This Policy

We may update this policy when necessary. For material changes, we will notify you either by posting a prominent notice or by sending you a direct message. Please review this policy regularly to stay informed about how we protect your data.

11. Data Controller

Quadrata AB (559367-4665) is the data controller for all personal data processed under the Devolv brand.

If you have any questions about this privacy policy, please contact us at [email protected]

Address: Torshamnsgatan 35, 164 40 Kista, Sweden