top of page

ReqTangle Privacy Policy

Effective Date: October 20, 2025
Last Updated: October 19, 2025

Service Provider: Ikizler AB (trading as "ReqTangle")

Summary (TL;DR)

ReqTangle is committed to protecting your privacy and personal data. Here are the key points:

​

  • Who we are: Ikizler AB (ReqTangle), a Swedish company providing AI-assisted requirements management software

  • What we collect: Account information (name, email), project data (requirements, descriptions), and usage analytics

  • Why we collect it: To provide our service, process AI suggestions, and improve the product during beta

  • Where it's stored: Microsoft Azure Sweden Central (100% EU data residency) via our platform provider Codicent Inside AB

  • Who processes it: Codicent Inside AB (our platform and AI provider) and Microsoft Ireland Operations Ltd (Azure infrastructure)

  • Your data stays in the EU: No transfers to third countries; all processing within the European Economic Area

  • Never used for AI training: Your requirements data is never used to train AI models or shared with third parties

  • Your rights: Access, correct, delete, export, or object to processing of your data at any time

  • How to contact us: Email our Data Protection Officer at dpo@reqtangle.ai
     

This policy complies with the EU General Data Protection Regulation (GDPR) and Swedish data protection law. You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

Read the full policy below for complete details.

1. Identity & Contact of Data Controller

ReqTangle is committed to protecting your privacy and personal data. Here are the key points:

​

  • Who we are: Ikizler AB (ReqTangle), a Swedish company providing AI-assisted requirements management software

  • What we collect: Account information (name, email), project data (requirements, descriptions), and usage analytics

  • Why we collect it: To provide our service, process AI suggestions, and improve the product during beta

  • Where it's stored: Microsoft Azure Sweden Central (100% EU data residency) via our platform provider Codicent Inside AB

  • Who processes it: Codicent Inside AB (our platform and AI provider) and Microsoft Ireland Operations Ltd (Azure infrastructure)

  • Your data stays in the EU: No transfers to third countries; all processing within the European Economic Area

  • Never used for AI training: Your requirements data is never used to train AI models or shared with third parties

  • Your rights: Access, correct, delete, export, or object to processing of your data at any time

  • How to contact us: Email our Data Protection Officer at dpo@reqtangle.ai.
     

This policy complies with the EU General Data Protection Regulation (GDPR) and Swedish data protection law. You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

Read the full policy below for complete details.

​

Data Controller

Ikizler AB (trading as ReqTangle)
Organization Number: 5569388068
Hageby Allé 21 b
141 69 Huddinge, Sweden

 

Regulatory Roles: Ikizler AB acts as the Data Controller under GDPR Article 4(7) and as the AI Deployer under EU AI Act Article 3(4) for all ReqTangle services and AI-assisted features.

 

Contact Information

General Privacy Inquiries:

Email: privacy@reqtangle.ai

Website: https://www.reqtgl.com/
 

Data Protection Officer:

Email: dpo@reqtangle.ai

Postal Address: Hageby Allé 21 b, 141 69 Huddinge, Sweden


Our Data Protection Officer is responsible for overseeing our data protection practices and is your primary contact for all privacy-related matters.

2. What Data We Collect

ReqTangle processes two main categories of data: Personal Data (information about you) and Project Data (content you create in the platform).

​​

2.1 Personal Data

Account Information:

  • Full name

  • Email address

  • Company/organization name (optional)

  • Job title or role (optional)

  • Account creation date

  • Account preferences and settings

Authentication Data:

  • Password (stored as cryptographic hash only—we never see your actual password)

  • OAuth tokens (if you sign in via third-party providers)

  • Two-factor authentication credentials (if enabled)

  • Session identifiers and tokens

Usage Analytics:

  • Login timestamps and frequency

  • Features accessed and used

  • Time spent in the application

  • Browser type and version

  • Operating system IP address (for security and fraud prevention)

  • Device identifiers (for session management)

​

2.2 Project Data

Requirement Content:

  • Requirement text, titles, and descriptions

  • Tags, labels, and categorizations

  • Status indicators and workflow states

  • Version history and change logs

Project Metadata:

  • Project names and descriptions

  • Team member assignments

  • Collaboration and sharing settings

  • Folder and organizational structures

AI Interaction Data:

  • Prompts and queries submitted to

  • AI features AI-generated suggestions and recommendations

  • User acceptance/rejection of AI suggestions

  • Feedback provided on AI quality

​

2.3 Data We Do NOT Collect

  • Credit card information (beta is free; when paid, payment processor handles this)

  • Sensitive personal data (racial origin, political opinions, health data, etc.)

  • Data from children under 16 years of age

  • Behavioral tracking across other websites (no third-party ad cookies)
     

Important User Responsibility (GDPR Article 9): You must not upload or process special categories of personal data in ReqTangle, including data revealing:
 

  • Racial or ethnic origin

  • Political opinions

  • Religious or philosophical beliefs

  • Trade union membership

  • Genetic data

  • Biometric data for the purpose of uniquely identifying a person

  • Health data

  • Data concerning a person's sex life or sexual orientation
     

ReqTangle is not designed or authorized to process such data. Processing special category data without proper legal basis and safeguards violates GDPR and may result in account termination.

3. Legal Basis for Processing (GDPR Article 6)

We only process your data when we have a valid legal basis. Here's what applies to ReqTangle:
​​
3.1 Contract Performance (GDPR Art. 6(1)(b))

Processing necessary to provide the ReqTangle service you've signed up for:

  • Creating and managing your account

  • Storing and displaying your requirements data

  • Processing data through AI features when you use them

  • Providing customer support

  • Delivering service updates and technical notifications

Without this processing, we cannot provide the service.

​

3.2 Legitimate Interest (GDPR Art. 6(1)(f)

Processing necessary for our legitimate business interests, balanced against your rights:

  • Product improvement: Analyzing usage patterns to enhance features (anonymized where possible)

  • Security: Detecting and preventing fraud, abuse, and security threats

  • Service optimization: Improving performance, reliability, and user experience

  • Beta testing: Gathering feedback and insights to refine the product

 

Legitimate Interest Assessments (LIA): We conduct and document formal assessments to ensure our legitimate interests do not override your fundamental rights and freedoms. These assessments are maintained internally and available upon request to supervisory authorities.
Your rights: You can object to processing based on legitimate interest at any time (see Section 7).

​

3.3 Consent (GDPR Art. 6(1)(a))

Only for optional activities where you provide explicit consent:

  • Marketing emails about product updates and new features

  • Participation in user research or beta feedback surveys

  • Optional analytics and product improvement programs

You can withdraw consent at any time without affecting your ability to use ReqTangle.​

​

3.4 Legal Obligation (GDPR Art. 6(1)(c))

In limited cases, we may process data to comply with legal requirements:

  • Responding to valid legal requests (court orders, law enforcement)

  • Tax and accounting obligations

  • Regulatory reporting requirements

4. How We Use Your Data

​​4.1 Service Delivery

Core Platform Functions:

  • Authenticate you and maintain your session

  • Store and retrieve your requirements and project data

  • Display your data in the user interface

  • Enable collaboration with team members

  • Backup your data for disaster recovery

​

AI-Assisted Features:

When you use AI-powered features (e.g., requirement quality suggestions, dependency analysis):

  • Your requirement text is sent to Codicent Inside AB's AI engine

  • Processing occurs entirely within Microsoft Azure Sweden Central (EU region)

  • AI analyzes your text and generates suggestions

  • Results are returned to you and stored with your project

  • Your data is never used to train AI models for other users

  • AI processing is temporary; data is not retained by the AI engine beyond the session
     

​AI Limitations (EU AI Act Recital 81): AI-generated suggestions may not always be accurate, complete, or contextually appropriate. You must apply human judgment and verify all AI outputs before implementing them in your projects. AI systems use probabilistic models that can produce errors or unexpected results.


You can opt out of AI features at any time in your account settings. This will disable AI suggestions but won't affect other ReqTangle functionality.
 

4.2 Product Improvement (Beta Phase)

During the public beta, we use aggregated and anonymized usage data to:

  • Identify bugs and stability issues

  • Understand which features are most valuable

  • Prioritize development based on usage patterns

  • Improve user interface and workflows
     

Beta-Specific Activities:

  • We may review anonymized project structures (not content) to understand usage patterns

  • With your explicit consent, we may request access to specific data to debug issues you report

  • Feedback you provide may be used to inform product decisions

​

4.3 Communication

Service-Related Communications (always sent, based on contract):

  • Account verification and password resets

  • Critical service announcements

  • Security alerts and breach notifications

  • Changes to Terms of Service or Privacy Policy


​Optional Communications (require consent):

  • Product update newsletters

  • Beta testing invitations

  • User research surveys

  • Tips and best practices

You can opt out of optional communications at any time via your account settings or unsubscribe links.

​

4.4 Security & Fraud Prevention

We process data to protect ReqTangle, our users, and the public:

  • Detecting unusual login patterns or suspicious activity

  • Preventing unauthorized access and data breaches

  • Investigating and responding to security incidents

  • Enforcing our Terms of Service

5. Data Processors & Third Parties

ReqTangle does not sell, rent, or trade your personal data. However, we work with trusted service providers who process data on our behalf.


5.1 Primary Data Processor: Codicent Inside AB

Codicent Inside AB provides the platform infrastructure and AI engine that powers ReqTangle.

What they process:

  • All data described in Section 2 (personal data and project data)

  • Infrastructure operations (hosting, database management, backups)

  • AI processing (when you use AI features)

Where they process:

  • Microsoft Azure Sweden Central (100% EU data residency)

  • No data transfers outside the European Economic Area (EEA)

Their role:

  • Data Processor under GDPR Article 28 (for your data)

  • Data Controller for platform telemetry and billing data (not your requirements)


Legal Safeguards: Codicent Inside AB has signed a comprehensive Data Processing Agreement (DPA) with Ikizler AB that includes:

  • Processing instructions and limitations

  • Security obligations (GDPR Article 32)

  • Sub-processor authorization and notification

  • Assistance with data subject rights and breach notification

  • Audit rights and compliance monitoring

Certifications:

  • ISO 27001 (Information Security Management)

  • ISO 27701 (Privacy Information Management)

  • SOC 2 Type II (Service Organization Controls)
     

​Data Protection Officer:

Email: dpo@codicent.ai

Data Processing Agreement: Available upon request at dpo@reqtangle.ai

​

5.2 Sub-Processor: Microsoft Azure

Microsoft Ireland Operations Ltd provides cloud infrastructure via Azure Sweden Central.​

​
What they process:

  • Underlying infrastructure and storage

  • Encryption, networking, and compute resources

  • Data backups and disaster recovery 

​Where they process:

  • Azure Sweden Central region (Stockholm and Gävle datacenters)

  • Backup redundancy within Sweden/EU only

Legal safeguards:

  • Microsoft EU Data Boundary commitment (data stays in EU)

  • Standard Contractual Clauses (SCCs) for GDPR compliance

  • EU-US Data Privacy Framework certified (backup safeguard)

Privacy information: https://privacy.microsoft.com/

​

5.3 Other Service Providers (If Applicable)

During beta, we may use limited additional services:

  • Email delivery: Transactional email service (EU-based provider)

  • Analytics: Basic usage analytics (if used, data anonymized and EU-hosted)

  • Support tools: Customer support ticketing (EU servers only)

We will update this policy when additional processors are added.

​

5.4 No Third-Party Sharing

We do NOT share your data with:

  • Advertising networks

  • Data brokers or aggregators

  • Social media platforms (beyond OAuth login, which you control)

  • Analytics providers that track across websites

  • Any entity for marketing purposes

6. Data Retention

6.1 Active Accounts

While your account is active:

  • Personal data: Retained as long as necessary to provide the service

  • Project data: Retained indefinitely (you control deletion via the UI)

  • Usage logs: Retained for 90 days, then aggregated and anonymized

​​

6.2 Inactive Accounts

If you don't log in for 12 months, we will:

  • Send email reminders at 9 and 11 months

  • Permanently delete your account and data after 12 months

  • You can prevent deletion by logging in at any time

​

​​6.3 Deleted Accounts

When you delete your account (or we delete due to inactivity):

  • Immediate: Access revoked, account marked for deletion

  • 30 days: Grace period—data recoverable if you contact us

  • After 30 days: Permanent deletion from production systems

  • 90 days: Purged from encrypted backups
     

​Exception: We may retain minimal data (email address and deletion date) for up to 2 years solely for fraud prevention purposes — to prevent account recreation fraud and abuse of our service. This data is not used for any other purpose, including marketing, analytics, or profiling. Retention is based on GDPR Article 6(1)(f) (legitimate interest) and is proportionate to the fraud risk.

​

6.4 Beta-Specific Retention

Data collected during the beta phase:

  • Test data and feedback retained for 30 days after beta ends

  • Used to prepare for general availability launch

  • Then permanently deleted or anonymized

​

6.5 Legal Holds

In rare cases, we may retain data longer if:

  • Required by law (e.g., tax records, legal disputes)

  • Necessary to investigate

  • Terms of Service violations

  • Subject to litigation hold or regulatory inquiry

You will be notified if your data is subject to a legal hold.

7. Your Rights Under GDPR (Articles 15-22)

As a data subject in the European Union, you have the following rights:​

​​

7.1 Right of Access (Article 15)

You can request a copy of all personal data we hold about you.

What you'll receive:

  • Copy of your personal data in JSON or CSV format

  • Information about how it's processed

  • List of processors and recipients

How to request: Email dpo@reqtangle.ai with subject "Data Access Request"

​

7.2 Right to Rectification (Article 16)

You can correct inaccurate or incomplete data.

How to do it:

  • Most data can be updated directly in your account settings

  • For data you can't edit, email dpo@reqtangle.ai

​​​

7.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your data when:

  • It's no longer necessary for the original purpose

  • You withdraw consent (for consent-based processing)

  • You object to processing based on legitimate interest

  • The data was processed unlawfully

How to do it:

  • Delete your account via account settings, OR

  • Email dpo@reqtangle.ai with subject "Data Deletion Request"

Limitations: We may retain data if required by law or to defend legal claims

​

7.4 Right to Restrict Processing (Article 18)

You can request we limit how we process your data while:

  • Verifying accuracy of contested data

  • Determining the legitimacy of processing you've objected to

  • Retaining data you need for legal claims (even if we no longer need it)

Effect: Data is stored but not actively processed until the restriction is lifted.

​

7.5 Right to Data Portability (Article 20)

You can receive your data in a structured, machine-readable format and transfer it to another service.

What you'll receive:

  • Your account information (JSON)

  • Your requirements and project data (JSON or CSV)

  • Data provided with consent or for contract performance

How to request: Use the "Export Data" feature in account settings, or email dpo@reqtangle.ai

​

7.6 Right to Object (Article 21)

You can object to processing based on:

  • Legitimate interest: We must stop unless we demonstrate compelling legitimate grounds

  • Direct marketing: We must stop immediately (no exceptions)

How to do it:

  • Opt out of marketing emails via unsubscribe link

  • For other objections, email dpo@reqtangle.ai

​

7.7 Right to Withdraw Consent (Article 7)

For consent-based processing (marketing, research), you can withdraw consent at any time.

  • Effect: We stop that processing immediately (doesn't affect lawfulness of prior processing).

  • How to do it: Account settings or email dpo@reqtangle.ai

​

7.8 Right to Lodge a Complaint (Article 77)

If you believe we're violating your privacy rights, you can complain to:
 

Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten - IMY)

Box 8114 104 20 Stockholm, Sweden

Phone: +46 (0)8-657 61 00

Email: imy@imy.se

Website: https://www.imy.se

We encourage you to contact us first so we can address your concerns directly.

8. How to Exercise Your Rights

Step 1: Submit Your Request

Email: dpo@reqtangle.ai

Include:

  • Subject line indicating your request type (e.g., "Data Access Request")

  • Your full name and account email address

  • Description of your request

  • Any relevant details or timeframes

​

Step 2: Identity Verification

To protect your privacy, we must verify your identity before processing requests.

We may ask for:

  • Confirmation from your registered email address

  • Answers to account security questions

  • For deletion requests: Additional authentication via login

We will NOT ask for: Passwords, credit card numbers, or sensitive personal information.

​​​

Step 3: Processing

Timeline:

  • Acknowledgment: Within 3 business days

  • Fulfillment: Within 30 days (may extend to 60 days for complex requests—we'll notify you)

Free of charge: First request is always free. We may charge a reasonable fee for excessive or repetitive requests.

​

Step 4: Delivery

  • Digital delivery: Secure email or download link

  • Large datasets: Encrypted file transfer

  • Postal delivery: Available upon request (may incur shipping costs)

​

Questions or Problems?

If you're unsatisfied with our response, you can:

  1. Reply to explain your concerns—we'll review again

  2. Escalate to our Data Protection Officer

  3. Lodge a complaint with IMY (see Section 7.8)​

9. Security Measures

Protecting your data is our top priority. ReqTangle implements comprehensive technical and organizational security measures.

​​​​

9.1 Encryption

Data in Transit:

  • TLS 1.2+ encryption for all connections (TLS 1.3 where supported)

  • Perfect Forward Secrecy (PFS) to protect past sessions

  • HTTPS enforced for all web traffic

Data at Rest:

  • AES-256 encryption for all stored data

  • Encrypted database volumes

  • Encrypted backup files

​​Key Management:

  • Azure Key Vault for cryptographic key storage

  • Regular key rotation

  • Separation of encryption keys from encrypted data​​

​

9.2 Access Controls

Authentication:

  • Strong password requirements (minimum 12 characters, complexity rules)

  • Optional two-factor authentication (2FA/MFA)

  • OAuth 2.0 for third-party sign-in

  • Automatic session timeout after inactivity

Authorization:

  • Role-Based Access Control (RBAC) for team members

  • Principle of least privilege for system access

  • Azure AD/IAM for infrastructure access

  • Logical tenant separation (your data isolated from other customers)

​​

9.3 Infrastructure Security

Microsoft Azure Sweden Central:

  • ISO 27001, ISO 27701, SOC 2 Type II certified

  • Physical security for datacenters (biometric access, 24/7 monitoring)

  • DDoS protection and network firewalls

  • Regular security patching and updates

Codicent Inside AB Platform:

  • NIS2 and ENISA cybersecurity alignment

  • Continuous security monitoring and incident detection

  • Regular penetration testing and vulnerability assessments

  • Security Operations Center (SOC) monitoring

​

9.4 Organizational Measures

Employee Access:

  • Background checks for employees with data access

  • Confidentiality agreements (NDAs)

  • Regular privacy and security training

  • Access logging and audit trails

Data Minimization:

  • Collect only necessary data

  • Pseudonymization and anonymization where possible

  • Automated data retention and deletion

Privacy Governance (GDPR Articles 30 & 35): ReqTangle maintains comprehensive privacy documentation including:

  • Records of Processing Activities (RoPA) — documenting all data processing operations, legal bases, processors, and retention periods

  • Data Protection Impact Assessment (DPIA) — assessing privacy risks of AI-assisted processing and implementing mitigation measures

  • Regular reviews and updates in accordance with IMY (Swedish Authority for Privacy Protection) guidance on privacy-by-design principles

Incident Response:

  • 24/7 security incident monitoring

  • Documented incident response plan

  • Breach notification within 72 hours (GDPR Article 33)

  • Post-incident reviews and improvements

​

9.5 Backups & Disaster Recovery

Backup Strategy:

  • Automated daily backups

  • Encrypted backup storage within EU

  • Geographic redundancy within Sweden/EU

  • Regular backup restoration tests

Business Continuity:

  • Documented disaster recovery plan

  • Recovery Time Objective (RTO):

  • 4 hours Recovery Point Objective (RPO): 24 hours

  • Regular disaster recovery drills

​

9.6 Third-Party Security

All data processors are required to:

  • Maintain ISO 27001 or equivalent certification

  • Sign Data Processing Agreements (DPAs) with security obligations

  • Undergo regular security audits

  • Report security incidents within 24 hours

​

9.7 Security Limitations (Beta Disclaimer)

Important: ReqTangle is in public beta. While we implement industry-standard security measures:

  • The platform may have undiscovered vulnerabilities

  • Security features are still being refined

  • We recommend not storing highly sensitive or regulated data until general availability

Report security issues: security@reqtangle.ai (encrypted contact available upon request)

10. Cookies & Tracking

10.1 Cookies We Use​​​​

ReqTangle uses cookies (small text files stored in your browser) for essential functionality.

 

Regulatory Compliance: This section complies with the EU ePrivacy Directive (2002/58/EC) as implemented by the Swedish Electronic Communications Act (2003:389, Lagen om elektronisk kommunikation) and GDPR Article 5(3).

Essential Cookies (always active, no consent required):

  • Session cookies: Keep you logged in during your session

  • Authentication tokens: Verify your identity

  • Security cookies: Prevent cross-site request forgery (CSRF)

  • Preference cookies: Remember your language and UI settings

  • Lifespan: Session cookies deleted when you close your browser; preference cookies stored for up to 1 year.

​

10.2 Analytics & Performance

During beta, we may use analytics to understand product usage:

  • First-party analytics: Aggregate usage statistics (no cross-site tracking)

  • Anonymized data: IP addresses anonymized, no personal identification

  • EU-hosted: All analytics data stored within the EU


You can opt out of optional analytics in your account settings

​​

10.3 What We DON'T Use

  • Advertising cookies: No ads, no ad tracking

  • Third-party tracking pixels: No Facebook Pixel, Google Ads tags, etc.

  • Cross-site tracking: We don't follow you around the web

  • Social media widgets: No embedded trackers (OAuth login is isolated)
    ​

10.4 Managing Cookies

Browser Controls:

  • Most browsers allow you to block or delete cookies via settings

  • Blocking essential cookies may break ReqTangle functionality

Do Not Track (DNT):

  • We respect DNT signals for optional analytics

  • Essential cookies still necessary for service operation

​

​10.5 Local Storage

​ReqTangle uses browser local storage for:

  • Caching UI state (faster loading)

  • Temporary draft storage (prevent data loss)

  • Offline functionality (if available)

Local storage can be cleared via browser settings (may affect user experience).​​

11. Children's Privacy

Age Restriction

ReqTangle is not intended for children under the age of 16 years.

We do not knowingly collect data from children:

  • We do not direct marketing to children

  • We do not knowingly allow children to create accounts

  • We have no reason to believe children use our service

​

​If We Discover Child Data

If we become aware that we've collected data from a child under 16 without parental consent:

  1. We will delete the account and data immediately

  2. We will notify the appropriate authorities if required by law

  3. We will investigate how the account was created to prevent recurrence

​​

Parental Notification

If you believe your child has created a ReqTangle account, please contact us immediately:

  • Email: dpo@reqtangle.ai

  • Subject: "Child Data Removal Request"

  • Include: Child's email address and any known account information

We will promptly investigate and delete the account.​

12. Changes to This Policy

Our Right to Modify

We may update this Privacy Policy from time to time to reflect:

  • Changes to ReqTangle's features or data practices

  • New legal or regulatory requirements

  • Feedback from users or regulators

  • Addition or removal of data processors

  • Transition from beta to general availability

​

Notice of Material Changes

For significant changes affecting your rights or how we process data:

  • Email notification: At least 7 days before the change takes effect

  • In-app notification: Banner or modal when you next log in

  • Website posting: Updated policy published with "Last Updated" date

  • Consent requirement: For changes requiring new legal basis, we'll ask for explicit consent

​​

Notice of Minor Changes

For minor updates (typos, clarifications, non-material changes):

  • Updated "Last Updated" date at the top of this policy

  • No email notification required

​

Your Options

After notification of changes:

  • Accept: Continue using ReqTangle (implies acceptance)

  • Reject: Stop using ReqTangle and request account deletion

  • Question: Contact dpo@reqtangle.ai to discuss concerns

Continued use after the effective date constitutes acceptance of the updated policy.

​

Version History

We maintain an archive of previous policy versions:

13. Supervisory Authorityo This Policy

Swedish Data Protection Authority

If you have concerns about how ReqTangle handles your personal data that we cannot resolve, you have the right to lodge a complaint with:

 

Integritetsskyddsmyndigheten (IMY)
Swedish Authority for Privacy Protection

​

Postal Address:

Integritetsskyddsmyndigheten

Box 8114 104 20

Stockholm Sweden
 

Physical Address:

Drottninggatan 29, 5th floor

111 51 Stockholm Sweden

 

Contact:

Phone: +46 (0)8-657 61 00

Email: imy@imy.se

Website: https://www.imy.se

 

Office Hours: Monday-Friday, 09:00-16:00 (CET/CEST)​

​​

Filing a Complaint

IMY handles complaints about:

  • Unlawful processing of personal data

  • Violations of GDPR or Swedish data protection law

  • Failure to respect data subject rights

  • Inadequate security measures

 

What to include:

  • Your contact information

  • Description of the alleged violation

  • Any relevant correspondence with ReqTangle

  • What resolution you're seeking

Timeline: IMY typically responds within 3 months (may extend for complex cases).

​

Our Commitment

While you have the right to complain directly to IMY:

  • We encourage you to contact us first at dpo@reqtangle.ai

  • Many concerns can be resolved quickly through direct communication

  • We take all complaints seriously and will investigate thoroughly

  • Contacting us first doesn't affect your right to lodge a complaint with IMY​

14. International Data Transfers

EU Data Residency

All ReqTangle data processing occurs within the European Economic Area (EEA):

  • Primary location: Microsoft Azure Sweden Central (Stockholm and Gävle)

  • Backup redundancy: Within Sweden or other EU regions only

  • No third-country transfers: Data does not leave the EEA

​

Schrems II Compliance

Following the Schrems II decision (CJEU C-311/18), we ensure:

  • Azure Sweden Central: Sovereign EU data processing

  • Microsoft EU Data Boundary: Commitment to keep EU customer data in EU

  • Standard Contractual Clauses (SCCs): In place with all processors

  • No US intelligence access: Swedish data sovereignty prevents FISA/CLOUD Act issues

 

If You Access ReqTangle from Outside the EU

If you use ReqTangle while traveling or located outside the EEA:

  • Your data is still processed and stored in Sweden/EU

  • Your connection to our servers is encrypted (TLS 1.2+)

  • You remain protected by GDPR regardless of your location

  • EU data protection law applies to your data

15. Legal Basis for AI Processing

AI-Assisted Features

When you use ReqTangle's AI features (requirement suggestions, quality analysis):

Legal basis: Contract performance (GDPR Art. 6(1)(b)) and your explicit use of the feature

What happens:

  1. You write or select a requirement

  2. You activate an AI feature (e.g., "Improve this requirement")

  3. Your requirement text is sent to Codicent Inside AB's AI engine

  4. AI analyzes the text and generates suggestions

  5. Suggestions are returned to you

  6. You decide whether to accept, modify, or reject suggestions

​Transparency:

  • AI processing is clearly indicated in the UI ("Powered by Codicent AI")

  • You can opt out of AI features entirely in settings

  • AI suggestions are marked as AI-generated (EU AI Act transparency requirement)

Data protection:

  • Processed within Azure Sweden Central (EU)

  • Not used to train models or improve AI for other customers

  • Processing is temporary (not stored by AI engine)

  • No human review of your prompts or content

​​

EU AI Act Compliance

Under EU AI Act (Regulation 2024/1689):

  • ReqTangle (Ikizler AB): AI Deployer (Article 3)

  • Codicent Inside AB: AI Provider (Articles 3 & 79)

​

Risk classification: Low-risk AI system (general-purpose productivity tool)

Transparency obligations (Article 52):

  • Users informed when interacting with AI (in-app indicators)

  • AI limitations disclosed (suggestions are recommendations, not authoritative)

  • Human oversight emphasized (user makes final decisions)

 

Technical Documentation (EU AI Act Articles 11 & 53): ReqTangle maintains comprehensive technical documentation of its AI system, including:

  • AI system design and development process

  • Data governance and training datasets (for the AI provider's models)

  • Risk assessment and mitigation measures

  • Human oversight mechanisms

  • Accuracy and performance metrics
     

This documentation is available to competent authorities upon request.
For more information, see our AI Act Role Clarification document.

16. Contact Us

Privacy Questions

For questions about this Privacy Policy or our data practices:
Email: privacy@reqtangle.ai

Response time: Within 3 business days

​​

Data Protection Officer

To exercise your GDPR rights or raise data protection concerns:

Email: dpo@reqtangle.ai

Postal Address:

Data Protection Officer

Ikizler AB (ReqTangle)

Hageby Allé 21 b

141 69 Huddinge, Sweden

 

Response time: Acknowledgment within 3 business days, resolution within 30 days.

​

General Support

For technical support or account issues (not privacy-related):

Email: support@reqtangle.ai

Website: https://www.reqtgl.com/support

​

Platform Provider

For questions about Codicent Inside AB's data processing:
 

Codicent Inside AB Data Protection Officer

Email: dpo@codicent.ai

Acknowledgment

By using ReqTangle, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Thank you for trusting ReqTangle with your requirements data. Your privacy is our responsibility, and we take it seriously.

​

End of Privacy Policy

Last reviewed: October 19, 2025

Next scheduled review: January 20, 2026 (or upon material changes)

bottom of page