Legal

Privacy Policy

Last updated 2026-05-31

This policy explains how Sentricue collects, processes and stores personal data through Sentricue ServicePortal. We are subject to the GDPR and the Norwegian Personal Data Act.

1. Data controller

Sentricue is the data controller for personal data about you as an administrator and user of the service. For data you as a business enter about your own customers, you are the controller and we are the processor. A Data Processing Agreement (DPA) is available on request.

2. Data we collect

• Account data: name, email, language preference, organisation, logo image (if uploaded) • Operational data: customers, cases, hours, parts, photos, comments and status you enter • Usage logs: sign-in IP, browser, timestamps • Payment data: handled directly by Stripe — we only store a Stripe customer ID, never card numbers • SMS logs: phone number, time, cost — for billing and support

3. Purposes of processing

We process the data to: • deliver and improve the service • bill subscriptions and SMS usage • provide customer support • notify you of incidents or changes to the terms • comply with legal obligations (bookkeeping, tax)

4. Legal basis

• Contract (GDPR art. 6.1.b) — to deliver the service you've ordered • Legitimate interest (art. 6.1.f) — for security, operational logs and product improvement • Legal obligation (art. 6.1.c) — for bookkeeping and accounting • Consent (art. 6.1.a) — where we ask for it explicitly

5. Sub-processors

We use the following sub-processors who may handle personal data on our behalf: • Supabase (database, auth, file storage) — EU/Stockholm • Stripe (payments, subscriptions) — EU/US, Stripe Data Protection Framework • Resend (email delivery) — EU • Twilio (SMS delivery) — EU/US • Vercel (hosting, analytics) — global All sub-processors have signed a DPA with us and comply with the GDPR.

6. Where data is stored

All primary data is stored in the EU (Stockholm, Sweden) on Supabase. Backups run daily. Some sub-processors may have global infrastructure, but personal data about EU citizens is only transferred via GDPR-approved mechanisms (Standard Contractual Clauses).

7. How long we keep data

We keep your data as long as you have an active subscription. After cancellation we keep data for 30 days to give you time to export. After that, everything is permanently deleted, except: • invoicing data kept for 5 years per Norwegian bookkeeping law • anonymised usage logs which may be kept in statistical form

8. Your rights

You have the right to: • access the data we hold about you • rectification of errors • erasure ("the right to be forgotten") • data portability (export in machine-readable format) • lodge a complaint with the Norwegian Data Protection Authority (www.datatilsynet.no) Contact support@sentricue.com to exercise your rights. We respond within 30 days.

9. Cookies

We use necessary cookies for sign-in and preferences, and anonymous traffic analytics from Vercel. We don't set marketing cookies. See the separate cookie policy for details.

10. Children

The service is not intended for people under 16. We do not knowingly collect data about children. If you become aware that a child has given us information, contact us immediately.

11. Changes to this policy

We may update this policy. Material changes will be announced by email at least 30 days before they take effect.

Sentricue
Norge
support@sentricue.com