← konsultverkstad# Terms of service — Konsultverkstad
_Last updated: 2026-04-26_
These terms govern your use of **Konsultverkstad** ("the Service").
By creating an account, you agree to them.
The canonical Swedish version is rendered at `/legal/terms`. Where
the two versions conflict, Swedish controls.
---
## 1. Who we are
**Konsultverkstad** is operated by **David Martinsson**, sole proprietor,
based in Stockholm, Sweden. Contact: **david.j.martinsson@gmail.com**.
## 2. The service
Konsultverkstad is a workspace for independent consultants. It lets
you organise client engagements as a mind map, log billable hours, and
generate invoices.
We may add, change, or remove features without prior notice. We will
not remove a feature you depend on without giving you a reasonable way
to export the data tied to that feature.
## 3. Your account
You need a valid email address to register. You're responsible for:
- Keeping your password confidential.
- The accuracy of the information you enter.
- All activity under your account, including invoices issued from it.
You must be at least 18 years old, or have a guardian's consent.
We may suspend or terminate accounts that violate these terms or that
have been inactive for more than 24 months without notice (after 12
months we'll email you first).
## 4. Acceptable use
Don't:
- Upload illegal content, malware, or content you don't have the right
to upload.
- Probe, scan, or attack the service or other users.
- Reverse-engineer or scrape the service in bulk.
- Use the service to send unsolicited communications.
- Resell or sublicense the service without our written permission.
We may remove content and terminate accounts that breach this section.
## 5. Your data
You own the data you put into the Service. We hold it as a custodian.
You can export your data at any time from *Profil → Exportera mina
data*. See `PRIVACY.md` for details.
If you delete your account:
- Personal account data is purged after a 30-day grace period.
- **Invoices and the logs that fed sent or paid invoices are retained
for 7 years** to comply with the Swedish bookkeeping act (BFL
1999:1078). After that period, they are irreversibly deleted.
This retention applies even if you delete your account in the
meantime; we are required by law to keep these records.
## 6. Your clients' data
When you log hours against a client or store a client's address, you
are entering personal data about a third party. By using the Service
you confirm you have a lawful basis for processing that data (typical
basis: contract performance + your own bookkeeping obligation).
We act as your processor for that data. The data-processing terms in
**Appendix A (DPA)** are part of these Terms and apply automatically.
## 7. Pricing
The Service is currently free. If we introduce paid plans, we will
give registered users at least 30 days' notice and never invoice
without explicit consent.
## 8. Availability
We aim for high availability but do not offer a formal SLA. The
Service is provided **"as is" and "as available"**. Scheduled
maintenance is announced in advance when possible.
## 9. Liability
To the maximum extent permitted by law, our aggregate liability for
any claim arising from the Service is limited to the greater of:
- 1,000 SEK, or
- the amount you paid us in the 12 months before the claim.
We are not liable for indirect or consequential damages, lost profits,
or lost data, except where Swedish law forbids that limitation.
The above does not limit liability for personal injury caused by our
negligence, intentional misconduct, gross negligence, or fraud.
## 10. Security
We implement RLS on every table, append-only audit logs, encrypted
storage, TLS in transit, and Skatteverket-aligned invoice
immutability. See `SECURITY.md` for the public summary.
You're responsible for keeping your credentials safe. Notify us
immediately at **david.j.martinsson@gmail.com** if you suspect your
account has been compromised.
## 11. Termination
You may delete your account at any time. We may terminate your account
on 30 days' notice for any reason; immediately if you breach these
terms. Sections 5, 6, 9, and 12 survive termination.
## 12. Governing law and disputes
These Terms are governed by Swedish law. Disputes go to Stockholm
tingsrätt as first instance, unless mandatory consumer-protection law
specifies otherwise.
## 13. Changes
We'll publish updates to these Terms at `/legal/terms` and notify
registered users by email at least 14 days before material changes
take effect. Continued use after that constitutes acceptance.
---
## Appendix A — Data Processing Addendum
This DPA forms part of the Terms and is binding when you store any
personal data about your clients in the Service.
**Subject matter.** Processing of personal data about your clients
necessary to deliver the consulting-workspace service.
**Duration.** As long as you have an account, plus the bookkeeping
retention defined in §5.
**Nature and purpose.** Storage, organisation, retrieval, and
generation of invoice documents from data you input.
**Categories of data subjects.** Your clients (and their named
contacts), end users you invite as canvas guests.
**Categories of personal data.** Names, organisation numbers,
addresses, email, billing references, hours logged.
**Subprocessors.** Listed in `PRIVACY.md` §5. We will give you 30
days' notice and an opportunity to object before adding a new
subprocessor.
**Security measures.** As described in `SECURITY.md`.
**Subject rights.** You handle data-subject requests from your
clients. We will assist you on reasonable request and at cost.
**Audit.** On reasonable notice, no more than once per year, you may
audit our compliance — typically by reviewing our SOC 2 / ISO 27001
materials when available, or by submitting a written questionnaire.
**Breach notification.** We notify you within 72 hours of becoming
aware of a personal-data breach affecting your data.
**Return / deletion at end.** Upon termination, we return or delete
your data per §5 of the Terms, subject to the bookkeeping retention.
**Liability.** As capped in §9 of the Terms.