Privacy Policy

Last updated February 23, 2023


By using the website and making use of a Milarki Account (the “Account”) and all its related features, you understand that your data in relation with your use of our Services is processed according to the following privacy policy. This policy states what data we collect through your access and use of our Services, and the use we make of such data. This privacy policy is to be read and understood as being a complement to our terms of service.

The Services are operated by Milarki AB (“We”), located at c/o S-ekonomi AB, Fyrislundsgatan 68, 754 50 Uppsala, Sweden and is therefore governed by the laws and regulations of Sweden.

We value your privacy and question everything that stores or processes your personal information. With that in mind, we still need a few external services to publish Milarki.

Contact us

If you have questions about this privacy policy or our use of your data, please contact us by email to

Legal framework

We process personal data on the following legal bases of the GDPR:

  • Fulfillment of contract and pre-contractual actions (Art. 6 (1) lit. b) GDPR): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Compliance with legal requirements (Art. 6 (1) lit. c) GDPR): processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 (1) lit. f) GDPR): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Data collection and usage

Types of data processed

  • Payment data
  • Contact data
  • Content data
  • Inventory data
  • Contract data
  • Usage data
  • Meta, communication and process data

Categories of data subjects

  • Users
  • Customers
  • Interested parties
  • Communication partners
  • Business and contractual partners

Processing purposes

  • Handling of inquiries and communications
  • Fulfillment of contract obligations and customer support
  • Handling and addressing requests
  • Implementation of security measures
  • Administration and internal procedures
  • Enhancing the usability and accessibility of our online services
  • Gathering and addressing customer feedback
  • Maintenance and management of IT systems

Delete your account

If you signed up and want to delete your account, contact us via email to

We will delete your data completely from our database. If you created a subscription with our payment provider Paddle, they’ll need to keep your information for legal reasons though.

List of external services

Hosting (Vercel)

We use Vercel to host our website. Vercel doesn't store any of our data except for caching in order to serve data as fast as possible. If you'd like to know more, read Vercel's caching documentation.

Hosting (Firebase)

We use Firebase and specifically Google Cloud Firestore, Google Cloud Storage and Firebase Auth for storing data. The data is located in multiple European countries as defined by Google's "Multi-Region" eur3. For more information about the region and their service terms, go to their documentation.

Subscriptions (Stripe)

We use Stripe as our payment service provider. In addition to these terms, when signing up for a paid plan on the Site, you agree to their end user terms. You can read their end user terms.

Search (Algolia)

We use Algolia as our search provider, with a data cluster in the United Kingdom. For more information,read their terms. For more information about their data clusters, read their documentation

Security measurements

We take appropriate technical and organizational measures, taking into account legal requirements, the state of technology, and the purposes of the processing, to ensure a level of protection appropriate to the risk. Measures include, among others, controlling access to data and procedures for exercising your rights, deleting data, and responding to data threats. We take data protection into account as early as the development and selection of hardware, software, and processes.

Your Rights

Right to object: You can object at any time to the processing of your personal data for specific reasons, including direct marketing, as per GDPR Article 6(1)(e) or (f) and profiling related to it.

Right to withdraw consent: You have the right to withdraw your consent at any time.

Right of access: You have the right to confirm and obtain information and a copy of your personal data being processed as per the law.

Right of rectification: You have the right to request the completion or rectification of your data as per the law.

Right to erasure and restriction of processing: You have the right to request for the deletion or restriction of processing of your data in accordance with the law.

Right to data portability: You have the right to receive your data in a structured, commonly used, and machine-readable format or to request its transfer to another controller.

Complaints to supervisory authorities: You have the right to file a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

Modifications to the privacy policy

We reserve the right to review and change this policy from time to time periodically. Please inform yourself regularly about the content of our privacy policy. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your consent or other individual notification.