Privacy Policy

Last updated: June 2026. We respect your privacy and comply with the EU/EEA GDPR and the Norwegian Personal Data Act.

This policy explains what personal data VisitKort ("we", "us") collects, why, how long we keep it, and the rights you have. VisitKort is the data controller for the information described here. If you have questions, contact us at privacy@visitkort.no.

Note: This document is a general template provided for transparency and should be reviewed by qualified legal counsel before you rely on it for compliance.

What we collect

Account data: your name, email and password (stored securely, never in plain text).
Card content: the details you choose to publish — title, company, bio, links, services and images.
Usage data: views, scans and clicks on your card, used to provide your analytics.
Payment data: processed by Stripe and SumUp; we never store full card numbers.

Why we use it (lawful basis)

We process data to provide the service you signed up for (contract), to keep the platform secure and improve it (legitimate interests), to meet legal obligations, and — where required — with your consent. You can withdraw consent at any time.

How long we keep it

We retain your account and card data for as long as your account is active. When you delete your account, we remove your personal data within 30 days, except where we must retain limited records to meet legal or accounting obligations.

Sub-processors & transfers

We use trusted providers to run VisitKort, including Google Firebase (hosting, database, authentication), Stripe and SumUp (payments). Data stays within the EU/EEA where possible; any transfer outside the EEA relies on an adequacy decision or appropriate safeguards such as Standard Contractual Clauses.

Your rights

Under the GDPR you have the right to access, correct, delete, restrict and port your data, and to object to certain processing. To exercise any right, email privacy@visitkort.no. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

Security & breaches

We use encryption in transit, strict access controls and reputable infrastructure to protect your data. In the unlikely event of a personal data breach, we will notify Datatilsynet without undue delay and, where required, within 72 hours.