Last updated: May 2026
1. Who we are
Criterio is operated by NTUS AB, a Swedish limited company. Contact: kundtjanst@ntus.se
2. What data we collect
When you request a scope assessment or contact us: name, email address, company name, and your message. When you use the customer portal: login credentials, audit report views, and session data. Standard web server logs (IP address, browser type, page visited, timestamp) are retained for up to 30 days.
3. How we use your data
To deliver the service you have purchased or enquired about. To communicate about your audit, report, and certificate. To comply with legal obligations. We do not sell your data to third parties.
4. Legal basis (GDPR)
Contractual necessity (Art. 6(1)(b)) for delivering the service. Legitimate interest (Art. 6(1)(f)) for security logging. Consent (Art. 6(1)(a)) where you have explicitly provided it.
5. Data retention
Contact form submissions: 24 months. Audit reports and portal data: for the duration of your subscription and 12 months thereafter. Web server logs: 30 days.
6. Your rights
Under GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. Contact us at kundtjanst@ntus.se. You also have the right to lodge a complaint with Integritetsskyddsmyndigheten (IMY), the Swedish supervisory authority.
7. Cookies
This site uses a session cookie for the customer portal (authentication only). No third-party tracking cookies are set.
8. AI Processing
Criterio’s automated scanner analyses technical properties of URLs submitted for audit: HTML structure, ARIA attributes, CSS, and link attributes. No page content, text, images, or personal data from client sites is stored.
Structural findings (which pages fail which WCAG criteria) are stored to enable re-audit tracking. A checksum is stored per page to detect whether content has changed between audits — the checksum does not reveal the content itself.
AI-assisted remediation suggestions are generated from structural findings only. AI processing is handled via Anthropic’s API (Claude); no page content is transmitted — only anonymised structural findings. All AI-generated suggestions are reviewed and validated by a certified human auditor before they appear in the report.
More detail on our process is available on our Methodology page.
9. Contact
NTUS AB — kundtjanst@ntus.se