Privacy Policy

Körkort Hero · Privacy Policy Version 2026.04 · Last Updated: May 7, 2026

Körkort Hero works offline, requires no account, and keeps your study data on your device. The only data leaving your device is purchase information (handled by RevenueCat) if you subscribe to premium, and anonymized crash reports (handled by Sentry) to help us fix bugs. We do not sell your data, do not show ads, and do not build a profile of you.

This Privacy Policy explains how Nordic Theory Labs ("we", "us", "our") handles personal data when you use Körkort Hero, our Swedish driving theory exam preparation app available on iOS, Android, Windows, and the web. We have built the app to work primarily offline and to require no account or login, which means we collect as little personal data as possible. This policy applies to all users of the app, with a particular focus on users in Sweden and the European Union, and it is governed by Swedish law and the EU General Data Protection Regulation (GDPR).

Data We Collect

Purchase and subscription data: if you buy a premium subscription, RevenueCat receives and stores your purchase identifier, subscription status, platform, and country to validate and manage your entitlement. We do not collect or store your payment card details — those are handled directly by Apple, Google, or Microsoft.
Crash reports and diagnostic data: when the app crashes or hits a serious error, Sentry receives an anonymized report containing your device model, operating system version, app version, an anonymized stack trace, and occasionally an anonymized screenshot of the screen at the moment of the crash.
Local app preferences: your selected language, theme, notification settings, quiz progress, and flashcard mastery are stored only on your device using the operating system's standard preferences storage. This data never leaves your device and is not visible to us.
Push notification schedule: if you enable study reminders, the times you choose are stored locally on your device and used by the operating system to trigger notifications. We do not receive or store these schedules on any server.

How We Use Your Data

To deliver the service you paid for: purchase data is processed to unlock and maintain access to premium features, on the legal basis of performance of a contract (GDPR Art. 6(1)(b)).
To keep the app stable: crash and diagnostic data is processed to identify, reproduce, and fix bugs, on the legal basis of our legitimate interest in providing a reliable product (GDPR Art. 6(1)(f)).
To personalize your study experience: your preferences and progress stay on your device and are used only to remember your settings, track your learning, and schedule the reminders you have chosen.
We follow data minimization: we only collect what is strictly necessary for the purposes above, we do not use your data for advertising or profiling, and we do not sell or share it with anyone outside the processors named in this policy.

Third-Party Services

RevenueCat Inc. (United States) acts as our processor for subscription management. Their handling of your data is described at https://www.revenuecat.com/privacy.
Sentry, operated by Functional Software, Inc. (United States), acts as our processor for crash and error reporting. Their handling of your data is described at https://sentry.io/privacy/.
Both processors are based in the United States, so transfers outside the EU/EEA may occur. These transfers rely on the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses approved by the European Commission as the legal mechanism under GDPR Chapter V.
Apple, Google, and Microsoft process your actual payment when you subscribe, under their own privacy policies. We never see your payment card or bank details.

Your Rights Under GDPR

You have the right to access the personal data we hold about you and to receive a copy of it in a structured, commonly used, machine-readable format (right of access and portability).
You have the right to correct inaccurate data, to have your data erased, and to ask us to restrict processing in the situations defined by GDPR Articles 16, 17, and 18.
You have the right to object to processing based on legitimate interest, including our use of crash reports, by contacting us or by disabling crash reporting in the app's settings where available.
You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or the data protection authority in your EU country of residence.

Data Retention and Security

Crash reports and diagnostic data are retained by Sentry for a maximum of 90 days, after which they are automatically deleted.
Purchase and subscription data is retained by RevenueCat for as long as needed to manage your subscription and meet legal and tax obligations, in line with the RevenueCat privacy policy.
Local data on your device (preferences, progress, flashcard mastery, scheduled reminders) is kept until you clear it, reset the app, or uninstall it — at that point it is gone, because we never had a copy.
Data in transit to our processors is protected by TLS encryption, and our processors apply industry-standard organizational and technical security measures to protect data at rest.

Contact and Requests

To exercise any of your rights or ask a question about this policy, contact us at privacy@nordictheorylabs.com and we will respond within 30 days as required by GDPR.
Because the app does not require an account, please include enough information in your request (for example, your subscription receipt or RevenueCat user identifier) so we can locate any data that relates to you.
This policy is governed by Swedish law and the EU General Data Protection Regulation (Regulation (EU) 2016/679).
If we make material changes to this policy, we will update the "Last Updated" date and notify users in the app before the changes take effect.