Privacy Policy
Effective Date: March 23, 2026
Last Updated: March 23, 2026
1. Data Controller
Apart Tech AS
Organization Number: 933 801 179
Nedre Ullern terrasse 1, 0280 Oslo, Norway
Email: privacy@apartintelligence.com
Apart Tech AS ("Apart," "we," "us," or "our") is the data controller for the personal data we collect directly from you (e.g., account registration, waitlist signup, support inquiries). When you use the Apart Intelligence platform to store and process your Organization's data, we act as a data processor on your behalf, governed by a separate Data Processing Agreement (DPA).
2. Scope
This Privacy Policy applies to personal data collected through:
- Our website at apartintelligence.com (the "Website")
- The Apart Intelligence platform, including CLI tools, APIs, and cloud services (the "Service")
- Direct communications with us (e.g., email, support requests)
This policy does not apply to third-party websites or services linked from our Website.
3. Personal Data We Collect
3.1 Data You Provide Directly
| Category | Examples |
|---|---|
| Account information | Name, email address, organization name |
| Waitlist signup | Email address |
| Support communications | Name, email, content of messages |
| Billing information (future) | Payment details processed by our payment provider; we do not store full payment card numbers |
3.2 Data Collected Automatically
| Category | Examples |
|---|---|
| Usage data | API calls, CLI commands used, feature usage, timestamps |
| Technical data | IP address, browser type, operating system, device identifiers |
| Log data | Server logs, error reports, performance metrics |
3.3 Platform Content
When you use the Service, you may upload or create Content (knowledge graph data, code references, documents). This Content may include personal data belonging to you or third parties. As described in Section 1, we process this Content as a data processor on your behalf.
4. Purposes and Legal Basis for Processing
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Providing and operating the Service | Performance of contract (Art. 6(1)(b)) |
| Account creation and management | Performance of contract (Art. 6(1)(b)) |
| Processing waitlist signups | Consent (Art. 6(1)(a)) |
| Sending service-related communications | Performance of contract (Art. 6(1)(b)) |
| Sending product updates and marketing (with consent) | Consent (Art. 6(1)(a)) |
| Improving and developing the Service | Legitimate interest (Art. 6(1)(f)) |
| Ensuring security and preventing abuse | Legitimate interest (Art. 6(1)(f)) |
| Responding to support inquiries | Performance of contract (Art. 6(1)(b)) |
| Complying with legal obligations (e.g., tax, bookkeeping) | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your rights and freedoms. You may contact us to request details of these assessments.
5. Data Sharing and Recipients
We do not sell your personal data. We may share your data with the following categories of recipients:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Cloud infrastructure providers | Hosting and operating the Service | DPA, SCCs where applicable |
| Email service providers | Sending transactional and marketing emails | DPA, SCCs where applicable |
| Analytics providers | Understanding usage patterns | DPA, anonymization where possible |
| Payment processors (future) | Processing payments | PCI DSS compliance, DPA |
| Legal and regulatory authorities | When required by law or to protect our rights | As required by applicable law |
All third-party processors are bound by Data Processing Agreements that require them to process data only on our instructions and to implement appropriate security measures.
6. International Data Transfers
We primarily process personal data within the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place:
- Adequacy decisions: Transfers to countries recognized by the European Commission as providing adequate data protection.
- Standard Contractual Clauses (SCCs): EU Commission-approved contractual clauses that bind the recipient to GDPR-equivalent protections.
- EU-U.S. Data Privacy Framework: For transfers to certified U.S. organizations, where applicable.
We conduct Transfer Impact Assessments for all SCC-based transfers. You may request a copy of the safeguards by contacting us at privacy@apartintelligence.com.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Category | Retention Period |
|---|---|
| Account data | Duration of your account plus 30 days after deletion |
| Platform Content | Duration of your account; available for export for 30 days after account termination, then permanently deleted |
| Waitlist signup data | Until the end of the beta period or until you withdraw consent, whichever is earlier |
| Usage and log data | 12 months |
| Support communications | 3 years from resolution |
| Billing data (future) | 5 years as required by the Norwegian Bookkeeping Act (bokføringsloven) |
After the retention period expires, data is permanently deleted or anonymized.
8. Your Rights
Under the GDPR and Norwegian data protection law, you have the following rights:
- Right of access(Art. 15) — Obtain confirmation of whether we process your data and request a copy.
- Right to rectification(Art. 16) — Request correction of inaccurate or incomplete data.
- Right to erasure(Art. 17) — Request deletion of your data under certain conditions.
- Right to restriction(Art. 18) — Request that we limit processing of your data in certain circumstances.
- Right to data portability(Art. 20) — Receive your data in a structured, commonly used, machine-readable format.
- Right to object(Art. 21) — Object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent(Art. 7(3)) — Withdraw consent at any time without affecting the lawfulness of prior processing.
- Right not to be subject to automated decision-making (Art. 22) — Not be subject to decisions based solely on automated processing with legal or similarly significant effects.
How to Exercise Your Rights
To exercise any of these rights, contact us at privacy@apartintelligence.com. We will respond without undue delay and in any event within one month. This period may be extended by two months for complex requests, in which case we will inform you of the extension and the reasons for the delay.
Exercising your rights is free of charge. We may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive.
Right to Lodge a Complaint
You have the right to lodge a complaint with the Norwegian Data Protection Authority:
Datatilsynet
Postboks 458 Sentrum, 0105 Oslo, Norway
Website: www.datatilsynet.no
9. Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
- Multi-tenant architecture with complete data isolation at the database level.
- Customer-managed encryption keys for data at rest.
- Encryption of data in transit using TLS.
- Built-in PII detection and encryption capabilities.
- Access controls and authentication mechanisms.
- Regular security reviews and monitoring.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay when the breach poses a high risk.
10. Cookies and Tracking Technologies
Our Website uses cookies and similar technologies. We categorize cookies as follows:
| Category | Purpose | Consent Required |
|---|---|---|
| Strictly necessary | Essential for the Website to function (e.g., session management, security) | No |
| Analytics | Understanding how visitors use the Website | Yes |
| Functional | Remembering your preferences (e.g., theme) | Yes |
We will not set non-essential cookies without your prior consent. You can manage your cookie preferences at any time through our cookie settings or through your browser settings.
11. Automated Decision-Making and Profiling
We do not use automated decision-making, including profiling, that produces legal effects or similarly significantly affects you. Our PII detection and encryption features involve automated processing for security purposes but do not make decisions about you.
12. Children's Data
Our Service is designed for organizations and professionals. It is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such data promptly. If you believe a child has provided us with personal data, please contact us at privacy@apartintelligence.com.
13. Data Processing Agreement
When you use the Service to process personal data on behalf of your Organization, Apart acts as a data processor. We offer a Data Processing Agreement (DPA) that complies with GDPR Article 28 requirements, including:
- Defined scope and purposes of processing
- Sub-processor list and change notification obligations
- Data breach notification procedures
- Audit rights for the data controller
- Data deletion and return upon termination
- Technical and organizational security measures
To request a DPA, contact us at legal@apartintelligence.com.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the Service at least 30 days before the changes take effect. The "Last Updated" date at the top of this page indicates when the policy was last revised.
We encourage you to review this policy periodically. Your continued use of the Service after the effective date of changes constitutes acceptance of the revised policy.
15. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@apartintelligence.com
- Address: Apart Tech AS, Nedre Ullern terrasse 1, 0280 Oslo, Norway
- Organization Number: 933 801 179