Your data,
our restraint.

Nordic Theory Labs AB (the "studio", "we", "us") is the data controller for the personal data described in this policy. We are registered in Sweden under Stockholm, Sweden — organisation details available on request.

This policy applies to:

• The website nordictheorylabs.com and any subdomains.
• The mobile application Körkort Hero (iOS).
• Email correspondence with our press, partnerships, and studio inboxes.

If something on this page is unclear, that's a bug. Write to privacy@nordictheorylabs.com and we'll rewrite the offending paragraph.

Visiting the website

When you load a page, your browser tells our host (Cloudflare) the usual things — your IP address, the page you requested, your user-agent, and the time. Cloudflare keeps these access logs for a short rolling window for security and to debug outages. We don't tie them to any identifier of you.

The website itself does not run any web analytics — no Google Analytics, no Plausible, no pixels. The only thing your browser stores is a small preference for which language to show you (see section 03).

Writing to us

If you email support@, privacy@, hello@, or any other inbox we publish, we receive your message, your email address, and whatever else you tell us. The legal basis is legitimate interest (Art. 6(1)(f) GDPR) — answering correspondence is necessary to run a studio. We keep threads for two years, then archive or delete them.

Using Körkort Hero

The app is local-first. Your study progress, quiz answers, wrong-answer log, flashcard schedule and stats live in a SQLite database on your device. We don't see them, and there is no account or login.

If you buy a subscription, Apple handles the transaction. RevenueCat (our subscription-management subprocessor) receives an opaque purchase identifier, your subscription state, your platform, and your country — not your name, email, or card. We use this only to verify your subscription is active.

If the app crashes, Sentry receives an anonymised crash report and stack trace so we can fix the bug. There is no personally identifying information in these reports.

Below is the full list of things we store in your browser. If we ever add something to this table, the version number at the top of the page bumps and the change is noted in section 10.

We do not load Google Analytics, Facebook Pixel, TikTok Pixel, Hotjar, or any other tracker. We do not run advertising. We do not embed third-party fonts beyond Google Fonts, which is loaded directly from fonts.googleapis.com and may briefly see your IP — see section 06 for how that's handled.

Data stored on your device

Quiz attempts, answers, timing, flashcard intervals, your chosen study mode, language, theme, notification preferences, and any notes you write. Everything is stored in the app's local SQLite database and is removed when you delete the app.

Subscriptions

Subscriptions are sold through the Apple App Store. Apple sends us a signed receipt containing an opaque purchase ID. RevenueCat processes this receipt on our behalf to confirm the subscription is active and to manage entitlements; it does not receive your name, email, billing address, or card number. Apple's and RevenueCat's privacy policies cover their handling.

Crash & error reports

If the app crashes or hits an unexpected error, Sentry receives an anonymised crash report and stack trace so we can ship a fix. These reports do not contain your name, email, study answers, or any other personally identifying information.

Aggregate usage analytics

Production builds send anonymised usage events (which screens you visit, which features you tap) to Firebase Analytics so we can see which features actually help people pass. No personally identifying information is sent, and these events are disabled in TestFlight builds.

Diagnostics

The app does not phone home for any other reason. It does check our server for question-bank updates roughly once per launch — that request includes only the current bank version, nothing else.

The following service providers ("subprocessors") may process limited data on our behalf. We have a Data Processing Agreement with each:

If we add or change a subprocessor, this list updates and the change is noted in the version history at the bottom of the page.

We keep things in Europe by default. The website is served from EU edge regions; emails sit in EU-mirrored mailboxes; analytics is EU-resident.

Where personal data is transferred outside the European Economic Area — typically because of Apple's global infrastructure, or Cloudflare edge regions outside the EU — the transfer is covered by either:

• The EU–US Data Privacy Framework, where the recipient is certified under it (Apple, Cloudflare, RevenueCat, Sentry, Google).
• Standard Contractual Clauses approved by the European Commission (2021/914), for everyone else.

You can request copies of the relevant transfer mechanism by writing to privacy@nordictheorylabs.com.

The Swedish theory test is taken by candidates aged 16 (for moped) and 17.5+ (for car). Körkort Hero is rated 4+ in the App Store because it contains no objectionable content, but its purpose is for users old enough to drive.

We do not knowingly collect personal data from children under 16 without parental consent. We rely on Apple's "Ask to Buy" and Family Sharing controls for parental oversight of subscriptions. If you believe a child has provided us data, write to privacy@nordictheorylabs.com and we will delete it.