Last updated: 2026-07-08 · Terms of Use
Kontokollen (the “Application”) is a personal finance application built by RedLin PM AB (“we”, “us”). It is available as a web application and as mobile applications for iOS and Android, and is provided as is. The Application lets you view your own bank accounts and transactions in one place: an overview of income and expenses, automatically categorized transactions, and spending insights.
This page explains what data the Application handles, where it is processed, and what rights you have. Use of the Application is also governed by our Terms of Use.
How bank data is accessed
The Application retrieves account information through Enable Banking Oy, a licensed account information service provider (AISP) operating under PSD2. Access to your bank happens only after you explicitly authorize it by authenticating directly with your bank (for example with BankID). The Application never sees or stores your bank credentials — authentication always happens at your bank.
A bank consent is time-limited (typically 10 days, at most 90) and scoped to reading account information: account identifiers, balances, and transaction history for the period you select. You can revoke a consent at any time — in the Application (“Koppla från”), at your bank, or by contacting us. Enable Banking processes this data under its own privacy policy, available at enablebanking.com.
Where your data lives
Third parties
Technical logs
The backend keeps technical logs for operation and troubleshooting (request paths, timings, and error messages). Logs are deliberately privacy-preserving: account and session identifiers are masked, and tokens, account numbers, amounts, and raw bank statement text are never written to logs. Logs are rotated automatically by the operating system.
Security
All communication uses TLS. The cryptographic keys used to authenticate against Enable Banking exist only on our server and are never included in the web or mobile applications. The backend runs in an isolated container with read-only access to its secrets. No method of transmission or storage is 100% secure, but the Application is designed so that the sensitive surface is as small as possible: there is no server-side database of your financial data to breach.
Your rights (GDPR)
RedLin PM AB is the data controller for the processing described here. The legal basis for accessing your account information is your explicit consent (GDPR Art. 6.1a), which you may withdraw at any time. You have the right to access, rectify, erase, and port your personal data, and to lodge a complaint with the Swedish Authority for Privacy Protection (IMY). Since bank data is not stored server-side, erasure normally amounts to disconnecting your banks in the Application and clearing its local storage — but contact us and we will help with any request.
Children's privacy
The Application is a financial tool that requires a bank relationship and is not directed at children. We do not knowingly collect personal information from children.
Changes to this policy
We may update this policy from time to time. Changes are posted on this page with an updated date and are effective immediately upon posting.
Contact
Questions about this policy or your data: kontokollen@redlin.se (data protection contact: patrik@redlin.se).