Privacy Policy

Fundinn processes personal data from website users, people requesting reports and customers using the portal. This policy explains what we collect, why we use it, where it is stored, which providers we use and which rights you have.

Last updated: 10 June 2026

1. Data controller

The controller for personal data on fundinn.no is:

NILSSON KI
Org.nr. 937 449 798
Engerveien 138
1815 Askim
Norge
E-post: privacy@fundinn.no

2. Personal data we process

  • Contact and account data: name, email address, company name, organisation number and the business you represent.
  • Sign-in data: email, name and profile picture from Google OAuth when you choose Google sign-in. Fundinn does not store your password.
  • Portal use: active site, selected data sources, saved actions, recommendations, report status and events needed to operate the customer portal.
  • Google access: access tokens and data from Google Search Console, Google Analytics 4 and Google Business Profile when the customer connects them.
  • Website data: domain, public pages, technical findings, visibility measurements, competitor observations and report basis for sites you own or are authorised to analyse.
  • Payment data: Stripe customer, subscription, invoice, payment status and selected product tier. Full card details are stored by Stripe, not Fundinn.
  • Technical data: timestamps, error logs and IP address where needed for security and abuse prevention.

3. Purposes and legal basis

  • Deliver a free report or customer portal when requested: contract or steps before contract.
  • Operate subscription, sign-in, billing and support: contract.
  • Send necessary emails about reports, sign-in, payment and service operation: contract.
  • Prevent abuse, secure the service and troubleshoot: legitimate interests.
  • Meet accounting and legal duties: legal obligation.

We do not send marketing emails without consent.

4. Providers and storage

Fundinn uses these providers where needed to deliver the service:

  • Supabase EU: database, authentication and customer portal data. The project should be hosted in an EU region.
  • Hetzner: European infrastructure for background jobs and operations.
  • Google OAuth and Google APIs: sign-in and customer-connected Google data.
  • Stripe: checkout, payments, subscriptions, invoices and payment customer portal.
  • Resend: necessary email delivery.
  • LLMrefs: measurements of whether a business is mentioned in AI answers.
  • DataForSEO: search result data, competitor data and local search results.

Some providers are established outside the EU/EEA. Where personal data is transferred there, Fundinn uses a valid transfer basis, such as EU Standard Contractual Clauses where required.

5. Google data and Limited Use

The use and transfer by Fundinn of information received from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements. Google data is used only to deliver customer-requested features: reports, data sources, visibility measurements, prioritized recommendations and portal follow-up.

We do not use Google data for advertising, sell it or allow humans to read it unless the customer asks for help, it is necessary for security or troubleshooting, or the law requires it. Google access can be revoked in your Google account or by contacting us.

6. Retention

  • Free report: email and domain are normally deleted after 12 months if you do not become a customer.
  • Customer data: retained while the customer relationship is active and then as long as needed for accounting, disputes or legal duties.
  • Payment and invoice data: retained according to accounting rules.
  • Email logs: normally retained for up to 24 months.
  • Security logs and IP data: retained as briefly as practical for abuse prevention.
  • Google tokens: deleted when access is disconnected or the customer asks for deletion, unless legal duties require otherwise.

7. Your rights

You may request access, rectification, erasure, restriction, data portability and objection to processing based on legitimate interests.

Send requests to privacy@fundinn.no. We normally respond within 30 days. You may also complain to the Norwegian Data Protection Authority.

8. Cookies

Fundinn uses necessary cookies for sign-in, security and language choice. We do not use third-party tracking on these legal pages.

9. Security

We use encrypted transport, access control, limited access to production data and encrypted storage of sensitive access tokens where relevant.

10. Changes and contact

We may update this policy when the service or providers change. Material changes will be notified to registered customers.

Questions can be sent to privacy@fundinn.no.