Balence ("we", "us", "our") is operated by Balence AI Sweden AB, org.nr 559561-9163. This policy describes how we collect, use, and protect your personal data when you use our service.

1. What Data We Collect

Account Data

Name and email address
Workspace name and role
Authentication data (managed by Clerk)

Financial Documents

Invoices, receipts, credit notes, and other documents uploaded to the platform
Extracted data: supplier names, organisation numbers, amounts, dates, account codes

Communication

Messages sent in client portal threads
Document request responses

Email Data

Emails sent to workspace catch-all addresses for invoice processing
Sender email address, subject, and PDF attachments

Usage Data

Log data (IP address, browser type, timestamps)

2. How We Use Your Data

Purpose	Legal Basis (GDPR)
Providing the Balence service	Performance of contract (Art. 6(1)(b))
Processing invoices and documents	Legitimate interest of the data controller (Art. 6(1)(f))
Sending notifications and invitations	Performance of contract (Art. 6(1)(b))
AI-powered data extraction	Legitimate interest of the data controller (Art. 6(1)(f))
Improving the service	Legitimate interest (Art. 6(1)(f))

When Balence processes data on behalf of an accounting firm (the data controller), the firm's legal basis applies. Balence acts as a data processor under their instructions.

3. AI Processing

We use AI to extract structured data from uploaded documents.

All processing happens within EU data centers
No human review of your documents
AI providers do not use your data for model training
Extracted data is stored only within your workspace

4. Where Your Data Is Stored

All financial data and documents are stored within the EU.

Service	Location
Database	EU
Files and documents	EU
Email processing	EU
AI processing	EU

Authentication is provided by Clerk, Inc. in the US, certified under the EU-US Data Privacy Framework. Only identity data (name, email) is processed by Clerk — no financial data.

5. Who We Share Data With

We never sell your data. We share data only with:

Sub-processors necessary to provide the service (see our DPA for the full list)
Fortnox when your workspace connects their accounting system (authorized per company via OAuth2)
Authorities if required by Swedish or EU law

6. Data Retention

Active accounts: Data retained while the workspace is active
Deleted workspaces: Data deleted within 90 days
Client portal users: Data retained as long as the workspace maintains the client relationship
Documents: Retained in accordance with Swedish bookkeeping requirements (Bokföringslagen) where applicable

7. Your Rights

Under GDPR, you have the right to:

Access your personal data
Rectify inaccurate data
Erase your data ("right to be forgotten")
Restrict processing
Data portability — receive your data in a structured format
Object to processing based on legitimate interest

Workspace members and client users: Contact your accounting firm first, as they are the data controller for your financial data. For account-level requests, contact us directly.

8. Cookies

We use essential cookies only for authentication and session management. We do not use tracking or advertising cookies.

9. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, role-based access controls, and data isolation between workspaces.

10. Changes

We may update this policy. Significant changes will be communicated via email or in-app notification.

11. Contact

Balence AI Sweden AB
Email: philip@trybalence.com
Website: trybalence.com

You may also contact the Swedish Authority for Privacy Protection (IMY): imy.se