Kentaur AI
Logga in
Back to KentaurLast updated: March 17, 2026
Privacy Policy

Kentaur Privacy Policy

This privacy policy applies to the Kentaur mobile application provided by Tellusgruppen AB (org. no. 556906-5377), Tegnergatan 35, 111 61 Stockholm, Sweden. It explains what personal data Kentaur uses, why it is used, how long it is kept, and which optional device permissions may be requested.

Key point
Kentaur uses personal data only to run, secure, and support the app.
Key point
Optional permissions are requested only when you use the related feature.
Key point
Retention and access depend on the service setup, legal obligations, and the organisation using Kentaur.
Controller
Who is responsible
Tellusgruppen AB provides the Kentaur mobile app.

Controller / provider: Tellusgruppen AB

Registered address: Tegnergatan 35, 111 61 Stockholm, Sweden

If your access to Kentaur is provided through a school, preschool, or other organisation, that organisation may control some of the records created in the service and may need to handle related privacy requests.

Account and organisation data
We process the account and role details needed to give users access to Kentaur.
  • This can include name, email address, role, social security number, and organisation, school, or preschool affiliation.
Service and child-related data
We process content created in the service to support childcare, education, and communication.
  • This can include comments, schedules, events, notes, and child-related records handled with added care.
Permission and device data
We process limited technical and permission-related data needed for specific app features.
  • This can include voice input for transcription, selected calendar export details, notification tokens, app version, and security logs.
Why Kentaur requests device permissions
Optional permissions are requested only for the feature that depends on them.

Microphone access

Requested only when you choose voice input.

  • Used only to convert speech to text.
  • Not used for background listening.

Calendar access

Requested only when you export selected dates or events to your calendar.

  • Not required for normal app use.
  • Kentaur uses the lowest-access export flow available.

Notifications

Used to send reminders and relevant updates.

  • Permission can be changed in device settings.
  • Notifications should avoid showing unnecessary personal data on the lock screen.
How we use personal data
Kentaur uses personal data only for defined service, security, support, and legal purposes.
  • Provide, maintain, and secure the Kentaur mobile app.
  • Authenticate users and manage role-based access.
  • Support communication and workflow features between staff and families.
  • Run optional features such as speech-to-text, calendar export, and notifications.
  • Investigate misuse, errors, and security incidents.
  • Comply with legal obligations.
Legal bases under GDPR
The legal basis depends on the feature, data type, and relationship involved.
  • Performance of a contract or delivery of the service requested by the user or customer organisation.
  • Legitimate interests such as security, abuse prevention, support, and reliability.
  • Consent or device-level permission for optional features.
  • Compliance with legal obligations.
Who data may be shared with
Kentaur may share personal data only to the extent needed to run the service and meet legal obligations.
  • Authorised users within the relevant school, preschool, organisation, or family context.
  • Service providers acting on our instructions, such as hosting, support, security, push delivery, and speech-to-text providers if enabled.
  • Authorities where disclosure is required by law or necessary to protect rights or safety.
Retention and deletion
Personal data should not be kept longer than necessary.
  • Personal data is kept only as long as needed for the service, contracts, and legal obligations.
  • Account and access data are usually kept while the account is active and then deleted, anonymised, or archived as required.
  • Service content and child-related records follow the customer organisation's setup, contractual instructions, and legal retention rules.
  • Voice input, calendar export data, notification tokens, and logs are kept only as long as needed to provide the feature, secure the service, or troubleshoot issues.
International transfers
We aim to keep processing within the EU / EEA where possible.

If personal data is transferred outside the EU / EEA, Tellusgruppen will use an adequacy decision or appropriate safeguards such as the European Commission's standard contractual clauses, together with supplementary protections where required.

Security
Kentaur uses technical and organisational measures appropriate to the risk.
  • Role-based access controls and need-to-know limitations.
  • Encryption in transit and other technical safeguards appropriate to the risk.
  • Contracts and instructions for processors handling personal data on our behalf.
  • Monitoring, logging, and review processes designed to detect misuse and improve security.
Your rights
Data subject rights apply according to applicable law, including GDPR where relevant.
  • Access to personal data.
  • Correction of inaccurate or incomplete data.
  • Deletion, where applicable.
  • Restriction or objection, where applicable.
  • Data portability or withdrawal of consent, where applicable.
  • Complaint to the Swedish Authority for Privacy Protection (IMY) or another competent supervisory authority.

If your data is managed by a school, preschool, or other organisation, that organisation may need to handle requests about the records it controls. If Kentaur offers in-app account deletion, it should be available in the app. Some data may still be retained for security, fraud prevention, contractual obligations, or legal compliance. In Sweden, complaints can be made to IMY.

Children's data
Kentaur may involve child-related information and therefore applies added care.
  • Child-related data is treated with added protection.
  • Where consent is required for a child-directed service, parent or guardian consent may be needed. Under Swedish guidance, this is generally relevant for children under 13.
  • Schools, preschools, guardians, and staff should only enter child data that is relevant, authorised, and necessary.