No tracking. No cookie wall.·100 % EU-hosted on Hetzner
Use casesPrivacy

Document review: a retention policy, paragraph-cited

Your counsel or DPO needs a defensible review of the company's data-retention policy — every finding pinned to the exact paragraph it concerns, hash-anchored so it stays checkable after the next revision.

Citations6
Tool calls33
Captured withclaude-fable-5

How the gateway answered

Captured 2 July 2026 — a point-in-time run; corpora and tools have been updated since.

Editor's note. Reference 13 in the transcript links bokföringslagen via the SFS-number URL the source corpus returned; riksdagen.se has since moved that page. The citations panel and downloads use the working canonical URL. The fictional subject document was authored for this capture and is downloadable above; the gateway calls, citations, and report are the real session output.
Captured sessionclaude-fable-5 · company tier · gateway.ansvar.eu
You

Upload our data-retention policy and run a document review against GDPR storage-limitation requirements and Swedish practice. Cite the exact paragraph of the policy for every finding, and the regulatory basis from the sources — flag anything you can't ground.

Ansvar gateway — 33 tool calls
register_document_init(filename="nordbram-retention-policy-v2.1.md" mime_type="text/markdown" file_size=3037)Error: documents_service_error: 415 (unsupported media type)
register_document_init(filename="nordbram-retention-policy-v2.1.md" mime_type="text/markdown" file_size=3037)Retry — same error: documents_service_error: 415
register_document_init(filename="nordbram-retention-policy-v2.1.md" mime_type="text/plain" file_size=3037)OK — document_id 1ad7b053-cf78-4e53-b11c-0ec85fb0da68 (DOC-GEKG), presigned PUT URL returned; bytes then PUT via curl with Content-Type text/plain, HTTP 200
register_document_finalize(document_id="1ad7b053-cf78-4e53-b11c-0ec85fb0da68")status=ready, source SHA-256 5448b09c624cc817790ba2e21eea994f82fa03429ffc71fb5339bf8dc65300b2
start_workflow(workflow_type="review" entity_description="Nordbram Logistics AB — review of data-retention poli…" jurisdictions=[SE, EU])workflow_id 1df0135f-7ebf-411b-9c80-a2b8d975cb25 started; first step upload.provide_document
submit_response(workflow_id="1df0135f-7ebf-411b-9c80-a2b8d975cb25" step_id="upload.provide_document" responses=[object Object] user_acknowledged=true)Rejected — at least 1 document must be registered to the workflow first (register_document)
Show all 33 tool calls
get_document_segments(document_id="1ad7b053-cf78-4e53-b11c-0ec85fb0da68")Segment outline returned: 1 section + 32 paragraph refs (0.p1–0.p32) with char ranges and content hashes
register_document(workflow_id="1df0135f-7ebf-411b-9c80-a2b8d975cb25" document_id="1ad7b053-cf78-4e53-b11c-0ec85fb0da68" role="evidence")Bound to workflow, binding_id adb3c0c4-b84c-44d2-8e43-babf4b428e9d
submit_response(workflow_id="1df0135f-7ebf-411b-9c80-a2b8d975cb25" step_id="upload.provide_document" responses=[object Object] user_acknowledged=true)Accepted — next step review.findings
get_current_step(workflow_id="1df0135f-7ebf-411b-9c80-a2b8d975cb25")review.findings: requires summary, findings (id/title/observation/severity/evidence_references with doc:// paragraph URIs), recommendations
search(query="storage limitation retention of personal data" jurisdictions=[SE, EU] frameworks=[GDPR] limit=10)10 results: GDPR art_5, CJEU ECLI:EU:C:2022:805 (C-77/21 Digi), EDPB Guidelines 4/2019 relevant; rest off-topic
search_guidance(query="retention periods storage limitation personal data de…" jurisdictions=[SE, EU] limit=10)EDPB Guidelines 4/2019 with quotable retention passage; remaining hits (CERT-SE newsletters etc.) irrelevant
get_provision(jurisdiction="EU" law="GDPR" article="5")Full text of GDPR Art. 5 incl. 5(1)(b),(c),(e) and 5(2) accountability; canonical GDPR:art_5
get_provision(jurisdiction="EU" law="GDPR" article="17")Full text of GDPR Art. 17 right to erasure incl. 17(1)(a), 17(3)(b),(e); canonical GDPR:art_17
search_guidance(query="kamerabevakning lagringstid inspelat material" jurisdictions=[SE] limit=8)No relevant guidance — single CERT-SE newsletter hit only
search(query="gallring personuppgifter arbetssökande rekrytering" jurisdictions=[SE] limit=8)Indirect hits (GDPR art-88/recital-155, Swedish propositions); no quotable provision on applicant-data retention periods
search(query="räkenskapsinformation arkivering sju år bokföringslag…" jurisdictions=[SE] limit=8)Bokföringslagen (1999:1078) surfaced incl. lookup ref; prop 2017/18:149 notes archiving period shortened 10→7 years
get_provision(canonical_ref="1999:1078:7:2" jurisdiction="SE")Full text bokföringslagen 7 kap. 2 §: räkenskapsinformation kept until end of 7th year after calendar year fiscal year closed
get_decision(jurisdiction="EU" canonical_ref="ECLI:EU:C:2022:805")CJEU C-77/21 Digi (2022-10-20): Art. 5(1)(b)+(e), purpose/storage limitation, retention period in light of purposes
search(query="kamerabevakning inspelat material bevarande" jurisdictions=[SE] limit=8)IMY 'Vägledning vid kamerabevakning' (2021:2) surfaced with lookup ref; also prop 2017/18:231 and HFD camera cases
get_provision(canonical_ref="imy:vagledning-vid-kamerabevakning" jurisdiction="SE")Catalogue entry only (title/date/URL) — no substantive retention-duration text retrievable
search(query="diskrimineringslagen preskription talan arbetssökande…" jurisdictions=[SE] limit=8)Only indirect refs (SFS 1999:678 § 50 cross-referencing diskrimineringslagen 2008:567); 1 source temporarily unavailable; no quotable limitation-period provision
resolve_document_segment(uri="doc://1ad7b053-cf78-4e53-b11c-0ec85fb0da68/segment/pa…" quote="Customer account data and shipment records are retain…")valid=true, paragraph fidelity, hash 97eef893...
resolve_document_segment(uri="doc://1ad7b053-cf78-4e53-b11c-0ec85fb0da68/segment/pa…" quote="CVs, cover letters, and interview notes of unsuccessf…")valid=true, paragraph fidelity, hash 10fbdd14...
resolve_document_segment(uri="doc://1ad7b053-cf78-4e53-b11c-0ec85fb0da68/segment/pa…" quote="All staff email accounts are archived in full...")valid=true, paragraph fidelity, hash 826355a8...
resolve_document_segment(uri="doc://1ad7b053-cf78-4e53-b11c-0ec85fb0da68/segment/pa…" quote="Backup media are retained according to the backup rot…")valid=true, paragraph fidelity, hash f63cf6e2...
resolve_document_segment(uri="doc://1ad7b053-cf78-4e53-b11c-0ec85fb0da68/segment/pa…" quote="Paper records are stored in the Gothenburg archive ro…")valid=true, paragraph fidelity, hash 3b01dcaf...
resolve_document_segment(uri="doc://1ad7b053-cf78-4e53-b11c-0ec85fb0da68/segment/pa…" quote="Camera recordings from terminal and warehouse premise…")valid=true, paragraph fidelity, hash 089b61ad...
resolve_document_segment(uri="doc://1ad7b053-cf78-4e53-b11c-0ec85fb0da68/segment/pa…" quote="Electronic data is deleted using the standard deletio…")valid=true, paragraph fidelity, hash e839cc33...
submit_response(workflow_id="1df0135f-7ebf-411b-9c80-a2b8d975cb25" step_id="review.findings" responses=[object Object] evidence_references="[7 doc:// URIs + 6 regulatory URLs]" user_acknowledged=true)Accepted — next step review_handoff.user_review
get_current_step(workflow_id="1df0135f-7ebf-411b-9c80-a2b8d975cb25")review_handoff.user_review: server-enforced human gate, requires user_approved
submit_response(workflow_id="1df0135f-7ebf-411b-9c80-a2b8d975cb25" step_id="review_handoff.user_review" responses=[object Object] user_acknowledged=true)Accepted — next step report.generate
generate_report(workflow_id="1df0135f-7ebf-411b-9c80-a2b8d975cb25" format="json")Report generated: 7 findings (1 critical/3 major/3 minor), 7 recommendations, 13 provenance entries, all doc hashes verified, drifted=false
Cited answer

Compliance Review Report — Nordbram Logistics AB Data Retention Policy v2.1

EntityNordbram Logistics AB (fictional Swedish logistics company)
Documentnordbram-retention-policy-v2.1.md (DOC-GEKG, source SHA-256 5448b09c624cc817790ba2e21eea994f82fa03429ffc71fb5339bf8dc65300b2)
WorkflowDocument Review (Paragraph-Cited), 1df0135f-7ebf-411b-9c80-a2b8d975cb25
JurisdictionsSE, EU (framework: GDPR)
Generated2026-07-02T20:26:22Z
ApprovalUser-review gate passed — "approved by operator for capture"

Summary

The document is Nordbram Logistics AB's Data Retention Policy v2.1 (approved 2025-11-04), covering personal data of employees, applicants, customers, carrier partners and visitors across Sweden and Norway. The policy states the correct general principle (retention only as long as necessary), but several concrete rules contradict it: indefinite retention of unsuccessful applicants' data, blanket 10-year full email archiving, discretionary postponement of disposal, and undefined backup and physical-archive schedules. Measured against GDPR Art. 5(1)(e) (storage limitation), Art. 17 (erasure), CJEU C-77/21 (Digi) and EDPB Guidelines 4/2019, the policy needs one critical and several major corrections; the 7-year bookkeeping-based periods are broadly aligned with bokföringslagen (1999:1078) 7 kap. 2 § but are applied too widely.

Severity profile: 1 critical · 3 major · 3 minor.

Findings

F-1 · CRITICAL …

Every claim traces to a source you can open

A typical AI assistant invents a citation that looks plausible. Ansvar retrieves the real one. Every finding above rests on one of these 6 sources — official legislation, guidance from standards bodies or regulators, and case_law — each a link you or your auditor can open and check. Nothing here is generated.

Run this on your own data

Bring your own documents and scope, and we'll run it end-to-end — every finding cited and validated by the expert who delivers it.