Updated: 30.05.2026. This policy explains which personal data Norsk-Enkelt processes, why it is needed, who may receive it, and what rights users have. The project is aligned with GDPR and Norwegian personal data rules. If the project is registered in Norway later, the actual company details, address, and privacy contact must be added.
1. Controller
Before company registration, the project administration is responsible for data handling. After registration, the Norwegian company or sole proprietor will be listed as the controller.
2. Data we process
We may process account data, learning progress, saved words, exercise answers, AI test results, chat messages, contact requests, payment status, Stripe identifiers, cookies, IP address, user-agent, logs, and uploaded media.
3. Purposes and legal bases
Data is used to provide the service, protect accounts, verify email, save progress, operate chats and AI features, process payments, support users, prevent abuse, and meet legal obligations. Legal bases include contract performance, legitimate interest, consent where required, and legal obligations.
4. AI features
When AI tools are used, prompts, learning context, answers, and parts of conversation history may be sent to an external AI provider. Do not submit passport data, bank data, medical information, children’s data, confidential documents, or other sensitive information.
5. Payments
Payments may be processed by Stripe. Norsk-Enkelt does not store full card details. The platform stores technical payment records such as status, amount, currency, purchase type, Stripe identifiers, payment date, and receipt or invoice links where available.
6. Cookies
Essential cookies are used for login, form protection, sessions, and interface operation. Analytics or advertising cookies should not be enabled without a separate basis and, where required, prior consent.
7. Processors and transfers
Data may be processed by providers such as hosting, email, Stripe, AI providers, logging, analytics, or security systems. Transfers outside the EEA must use GDPR safeguards where required.
8. Retention
Data is kept only as long as needed for the service, support, security, accounting, legal obligations, or dispute handling. Users may request deletion where applicable.
9. User rights
Users may request access, a copy, rectification, erasure, restriction, portability, objection, and withdrawal of consent where processing is based on consent. A request can be sent from the account privacy request page or via contact details.
10. Security
The platform uses roles, authentication, email verification, CSRF protection, rate limiting, password hashing, admin access control, file upload restrictions, and Stripe webhook verification.
11. Complaints
If the project is registered or provides services in Norway, the supervisory authority for personal data is Datatilsynet.