Privacy policy

Last updated April 21, 2026

Data controller

[COMPANY AS], org. no. [XXXXXXXXX]. Contact: [email protected].

Data we process

• Email, name (if provided), employer (if on certificate)
• Course progress and test results
• Billing data (for certificate + accounting)
• Technical: IP, user-agent, attribution tags at checkout (gclid, utm_*, referrer)

Legal basis

• GDPR art. 6(1)(b) to deliver the course and issue the certificate
• Art. 6(1)(c) for bookkeeping obligation (5 years — Norwegian Bookkeeping Act §13)
• Art. 6(1)(f) for security and fraud prevention (legitimate interest)

Processors

• Stripe (payments, EEA/USA, SCCs)
• Resend (email, EU)
• Hetzner (hosting, EU)
• Sentry (error logging, EU)
• Fiken (B2B invoicing, Norway)

Retention

• Invoice documents: 5 years (Bookkeeping Act §13)
• Certificate data: as long as account is active; deleted on request
• Attribution data: 24 months
• Sessions: 30 days, rolling

Your rights

Access, rectification, erasure (where legally possible), data portability, and complaint to the Norwegian Data Protection Authority (Datatilsynet). Requests: [email protected].

Cookies

We use strictly necessary cookies (session, csrf, language, attribution). No third-party analytics without consent.