Privacy Notice

Last updated: 2026-02-23

Who We Are

Sounding Craft is an interactive sound installation by Erik Lindeborg / Small House. For questions about your data, contact us at privacy@smallhouse.io.

What This Installation Does

When you visit the gallery and connect to Sounding Craft through your phone, you become part of a collective musical performance. Your interactions — scanning QR codes, tilting your phone, choosing colors, painting on screen, sending messages as morse code — shape the music that everyone hears in real time.

What Data We Collect

From all visitors who connect

Data	Purpose	How long
Session ID (randomly generated)	Manages your connection and enforces capacity limit	Live session deleted within 30s of disconnecting; also recorded with interaction data (retained for artistic research)
Connection/disconnection timestamps	Operational logs	30 days
GPS coordinates (approximate)	Verified once to confirm you are at the gallery	Not stored

From visitors who participate in interactive features

Data	Purpose	How long
Device orientation (tilt angles)	Controls sound parameters in real time	Retained for artistic research
Camera color samples	Controls sound parameters in real time	Retained for artistic research
Paint strokes (coordinates, color, speed)	Controls sound parameters and creates visual art	Retained for artistic research
Morse code text (max 32 characters)	Transmitted as sound in the installation	Retained for artistic research
Charge interactions (press-and-hold)	Triggers sound events	Retained for artistic research

Collective audio recording

The sound output of the installation — the collective performance created by all connected visitors together — is recorded. This recording captures what the installation produces as a whole. It does not contain your voice or any sound from your phone's microphone. Individual contributions cannot be meaningfully isolated from the collective recording.

These recordings are retained indefinitely for artistic research purposes and may be published or exhibited.

Intellectual Property and Publication

The music produced by the installation is authored by Erik Lindeborg. The compositions, synthesis systems, generative algorithms, and sound design are original works created by the artist. Visitor interactions — scanning a QR code, tilting a phone, selecting a color, drawing a shape — provide control input to the artist's system but do not constitute independent creative authorship of the resulting music.

Recordings of the collective performance and anonymous interaction data may be published, exhibited, or used in artistic research. No visitor will be personally identified in any publication without their explicit, separate consent.

What We Do Not Collect

Your name, email, phone number, or any account information (unless you voluntarily provide a username)
Your IP address (not logged or stored)
Cookies or tracking data of any kind
Data from your phone beyond what is described above
Your phone's microphone audio

Why We Process Your Data

We process your data based on your consent (GDPR Article 6(1)(a)). You give consent by accepting this notice when you connect to the installation. You can withdraw your consent at any time by disconnecting.

For long-term retention of interaction recordings and collective audio recordings, we rely on the exemption for archiving in the public interest and artistic/scientific research (GDPR Article 89, Swedish Dataskyddslag 2018:218).

Your Rights

Under the GDPR, you have the right to:

Access your data — ask us what we hold about you
Rectify inaccurate data
Erase your data (right to be forgotten) — see below
Restrict processing of your data
Data portability — receive your data in a machine-readable format
Withdraw consent at any time
Lodge a complaint with the Swedish Authority for Privacy Protection (IMY): imy.se

To exercise any of these rights, email privacy@smallhouse.io. We will respond within 30 days.

About the right to erasure

Your session is identified only by a random ID that is not displayed to you and not linked to your identity. If you provided a username, we can locate and delete your interaction data. If you were the only visitor connected at a given time, we may be able to identify your session from the timestamps. In all other cases, your data cannot be linked back to you — by us or anyone else — which means it is effectively anonymous.

Regarding collective audio recordings: these capture the combined output of all participants and cannot be decomposed into individual contributions. Erasing one participant's influence from a collective real-time performance is not technically possible — the other participants' actions were shaped by yours and vice versa. We retain these recordings under the GDPR exemption for artistic and scientific research (Article 17(3)(d) and Article 89).

Data Security

Your data is processed on servers located in Finland (within the EU/EEA). Your data does not leave the European Economic Area. Connections are encrypted via HTTPS/WSS (TLS).

Session data is held only in server memory and is automatically deleted within 30 seconds of disconnection.

No Cookies or Tracking

This installation does not use cookies, local storage, or any form of persistent tracking on your device. We do not use analytics services or advertising technology.

No Automated Decision-Making

No automated decision-making or profiling is performed on your data.

Changes to This Notice

If we update this notice, the revised version will be available at this URL.

Contact

Data controller: Erik Lindeborg / Small House
Email: privacy@smallhouse.io
Address: Stenbäcken 10, 816 93 Ockelbo, Sweden

Supervisory authority: Integritetsskyddsmyndigheten (IMY)
Website: imy.se
Email: imy@imy.se