N

nordenagent

Sign inStart free
Template. This is a starter draft. Before public launch, a lawyer in your jurisdiction must review and sign off on every legal document on this site. Do not rely on this for actual legal compliance until that review is complete.

Privacy Policy

Last updated: 2026-04-12

This Privacy Policy explains how nordenagent (“we”) collects, uses, and protects information when you use nordenagent.com (“Service”). We comply with the EU General Data Protection Regulation (GDPR).

1. Data controller

nordenagent, Estonia. Contact: privacy@nordenagent.com.

2. What we collect

Account data: email, password hash, workspace name.

Usage data: pages visited, features used, timestamps.

Integration credentials: API keys you paste into Settings → Integrations. Stored encrypted at rest via Supabase Vault.

Workspace content: the tasks, ads, analytics and reports you create.

Billing data: handled by Stripe; we store only the Stripe customer id + subscription metadata.

3. Why we use it

  • To provide the Service you signed up for (legal basis: contract)
  • To bill your subscription (legal basis: contract)
  • To send transactional emails (legal basis: contract + legitimate interest)
  • To detect abuse and secure the Service (legal basis: legitimate interest)
  • To comply with legal obligations (legal basis: legal obligation)

4. Third parties we share with

  • Supabase — database, auth, storage. Data stored in the EU.
  • Stripe — billing, payment processing, tax compliance.
  • Resend — transactional email delivery.
  • Vercel — website hosting (if applicable).

We never sell your data. We do not share it for advertising.

5. Your rights (GDPR)

  • Access — export all your data from Settings → Account.
  • Rectification — edit profile fields at any time.
  • Erasure — delete your account from Settings → Account.
  • Portability — the export is in a machine-readable JSON format.
  • Restriction / objection — email privacy@nordenagent.com.
  • Complaint — to your local data protection authority.

6. Retention

We keep workspace data for as long as the account is active. On deletion, data is permanently removed within 30 days. Billing records are retained for 7 years as required by tax law.

7. Security

All traffic is encrypted via HTTPS. Passwords are hashed by Supabase. Integration secrets are encrypted at rest via Supabase Vault. Cross-tenant access is enforced by Postgres row-level security.

8. Cookies

We only set cookies that are strictly necessary for the Service to work (authentication session). See our Cookie Policy for details.

9. Changes

We will post any material changes to this policy here and notify you by email at least 7 days before they take effect.

10. Contact

privacy@nordenagent.com