Privacy policy
Last updated: 26/04/2026
Privacy Policy — AgerTechAI Consulting AS
*Last updated: 2026-04-26*
AgerTechAI Consulting AS ("AgerTechAI", "we", "us") is committed to protecting the privacy of everyone who visits our website and gets in touch with us. This policy explains what personal data we collect, how we use it, who we share it with, and your rights.
The processing is carried out in accordance with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act.
1. Data controller
• **Company name:** AgerTechAI Consulting AS
• **Organisation number:** 937 616 694
• **Address:** Flafjellet 34a, 1454 Fagerstrand, Norway
• **Email:** roger.agerup@gmail.com
• **Privacy contact:** Roger Agerup
AgerTechAI has assessed that we are not required to appoint a Data Protection Officer (DPO). All privacy-related enquiries can be directed to the contact person above.
2. What personal data we process, and why
2.1 Visiting the website
When you visit agertechai.no we collect limited technical information such as your IP address (short-term), browser type, language preference, and the pages you view. This is used for operations, debugging, and security.
• **Legal basis:** legitimate interest in operating and securing the website (GDPR art. 6(1)(f)).
• **Retention:** technical logs are deleted within 7 days. IP addresses are pseudonymised (hashed with a daily salt) when used for chat and log lookups.
2.2 Contact form and enquiries
When you fill in our contact form or send us an email, we process the data you provide — typically your name, email address, company, role, and the content of the message.
• **Purpose:** to respond to your enquiry and follow up on any potential collaboration.
• **Legal basis:** consent at submission (GDPR art. 6(1)(a)) and/or steps prior to entering into a contract (art. 6(1)(b)).
• **Retention:** up to **3 years** after last contact, unless a customer relationship is established (see 2.6).
2.3 Minni — AI assistant
The website provides Minni, an AI-powered chatbot that answers questions about AgerTechAI. When you use Minni we process:
• conversation content (your messages and Minni's responses),
• an anonymous visitor ID (cookie named `agertechai_vid`, valid for 12 months),
• a hashed IP address (daily-salted) for limited abuse protection,
• timestamps and metadata such as message count per session.
• **Purpose:** to provide the service, prevent abuse, and improve answer quality.
• **Legal basis:** legitimate interest in offering a useful self-service tool (GDPR art. 6(1)(f)). You have the right to object to this processing (see section 7).
• **Retention:** conversations are automatically deleted after **90 days**. Hashed IP is deleted after **7 days**.
• **Important:** Do not enter sensitive or confidential information into the chat. Minni is intended for general questions about us and our services.
2.4 Web analytics — Plausible and Google Analytics
We use two analytics tools with different scope and different legal bases:
Plausible Analytics (no consent required). Plausible is a privacy-friendly service that does not set cookies and does not track you across websites. It collects aggregated, anonymous data (page views, referrer, country, device type).
• **Legal basis:** legitimate interest (GDPR art. 6(1)(f)). Because the solution sets no cookies and does not process personal data about you as an individual, consent is not required under § 2-7b of the Norwegian Electronic Communications Act.
Google Analytics 4 (consent required). If you accept analytics cookies in our consent banner, we activate Google Analytics 4 (GA4) to understand usage patterns across pages and sessions. GA4 is configured with IP anonymisation so your full IP address is not stored. GA4 may set cookies (typically `_ga`, `_ga_*`) and collects data such as page views, events, approximate geographic location, and technical device information.
• **Legal basis:** consent (GDPR art. 6(1)(a) and § 2-7b of the Norwegian Electronic Communications Act). You can withdraw consent at any time via the cookie settings at the bottom of the page.
• **Purpose:** understand what users do on the site, measure marketing effectiveness, and improve the website.
• **Transfer:** GA4 data is processed by Google LLC (USA). See section 5 for transfer safeguards.
• **Retention in GA4:** maximum **14 months** (configured to the lowest available setting in GA4).
2.5 Meeting booking (Calendly)
If you book a meeting via Calendly, you provide your name, email, and any additional information you choose to share. This data is processed by Calendly LLC (USA).
• **Purpose:** to schedule and conduct the meeting.
• **Legal basis:** consent / steps prior to entering into a contract (GDPR art. 6(1)(a) / (b)).
• **Retention:** in Calendly for as long as the account is active; with us alongside other client correspondence.
2.6 Customer and engagement data
When we enter into a service agreement, we process contact information about you as a contact person, and any personal data you choose to share as part of the engagement.
• **Purpose:** to perform the agreement, invoice, and meet legal requirements (accounting, etc.).
• **Legal basis:** contract (GDPR art. 6(1)(b)) and legal obligation (art. 6(1)(c), incl. the Norwegian Bookkeeping Act).
• **Retention:** invoicing and accounting records are kept for **5 years** after the end of the financial year, per the Bookkeeping Act. Other client correspondence is kept as long as there is a reasonable need, typically up to **3 years** after the engagement ends.
• When AgerTechAI processes personal data *on behalf of* a customer as part of an engagement, a separate Data Processing Agreement is signed. In that case the customer is the data controller and AgerTechAI is the data processor.
3. Cookies
On your first visit you'll see a cookie banner where you can choose which categories you accept. The default is that only necessary cookies are activated. Analytics and marketing cookies are set only if you actively consent.
3.1 Necessary cookies (always active)
3.2 Analytics cookies (consent required)
Plausible Analytics sets no cookies and is active regardless of consent.
3.3 Changing or withdrawing consent
You can change or withdraw your consent at any time via the "Cookie settings" link at the bottom of the page, or by clearing cookies in your browser.
4. Who we share data with
We only share personal data with vendors that help us deliver our services. They act as data processors and are bound by a Data Processing Agreement:
We never sell personal data and do not disclose it to other third parties unless required by law or court order.
5. Transfers to countries outside the EEA
Some of the vendors above are based in the USA. Transfers to the USA are safeguarded through:
• the **EU–US Data Privacy Framework** where the vendor is certified, or
• the **EU Commission's Standard Contractual Clauses (SCC)** combined with supplementary measures following the Schrems II ruling.
An up-to-date overview of sub-processors and transfer safeguards is available in our [Data Processing Agreement](databehandleravtale.md) (Annex C). You can contact us to request the current overview and transfer impact assessment.
6. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, deletion, or disclosure, per GDPR art. 32. These include:
• encryption of data in transit (TLS) and at rest,
• strong authentication and least-privilege access controls,
• regular backups,
• logging and incident response.
In the event of a personal data breach that involves a risk to your rights, we report to the Norwegian Data Protection Authority (Datatilsynet) within 72 hours and notify you when required by law.
7. Your rights
You have the following rights under GDPR:
• **Access** (art. 15) — find out what data we hold about you.
• **Rectification** (art. 16) — have inaccurate or incomplete data corrected.
• **Erasure** (art. 17) — have data deleted, provided we are not legally required to retain it.
• **Restriction** (art. 18) — request that processing be temporarily restricted.
• **Data portability** (art. 20) — receive data you have provided to us in a machine-readable format.
• **Objection** (art. 21) — object to processing based on legitimate interest (incl. Minni chat and logging).
• **Withdraw consent** (art. 7(3)) — when processing is based on consent. Withdrawal does not affect processing carried out before the withdrawal.
Send enquiries to roger.agerup@gmail.com. We typically respond within 30 days.
8. Right to complain
If you believe we are processing personal data in breach of the law, you can lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet). We encourage you to contact us first so we can try to resolve the issue.
• **Datatilsynet:** [www.datatilsynet.no](https://www.datatilsynet.no) — postkasse@datatilsynet.no — +47 22 39 69 00.
9. Automated decisions
We do not make automated decisions with legal or similarly significant effects on you. Minni provides automated answers, but none of these constitute decisions within the meaning of GDPR art. 22.
10. Children
Our services target businesses and professionals. We do not target children under 16 and do not knowingly collect personal data about children.
11. Changes to this policy
We may update this privacy policy when our services or applicable law change materially. The current version is always published on this page with a date stamp. Material changes will be notified to you in an appropriate manner.
12. Contact
If you have questions about this policy or how we process personal data, please contact:
Roger Agerup
AgerTechAI Consulting AS
Email: roger.agerup@gmail.com