Privacy
Privacy Policy
Last updated: 30 June 2026
This privacy policy explains how VIKEEP AS ("VIKEEP", "we", "us", "our") collects and processes personal data when you use VISIKT (the "Service") — our app for tracking subscriptions, salary, and inflation-adjusted purchasing power. We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") as incorporated into Norwegian law through the Personal Data Act (personopplysningsloven).
1. Data controller.
VIKEEP AS is the data controller for your personal data in VISIKT. Company: VIKEEP AS. Organisation number: 938 008 272. Address: Oslo, Norway. Email: contact@vikeep.no. Contact us with any questions about this policy or our processing.
2. What personal data we collect.
a) Information you give us at registration and in use: first and last name; email; postal code, city and country; phone number; occupation; password (stored only in securely hashed form — never in plain text); language preference.
b) Financial information you choose to add: subscriptions you track (name, category, cost, billing cycle, start date, notes); salary entries you add (gross annual salary, bonuses, effective dates, notes); your selected plan (Free or Pro) and related settings. This is information you choose to enter so VISIKT can show your costs, salary growth and real purchasing power. We treat it as confidential.
c) Payment information (Pro plans): payment is handled by Stripe. Card details are entered directly with Stripe and are not stored on our servers. We receive limited billing information (subscription status, plan, billing period, payment outcomes) so we can grant access to paid features.
d) Technical and usage data: account identifiers and authentication tokens (including, if you sign in with Google, the basic account information Google returns); limited technical/log data needed to operate the Service securely and detect errors and abuse.
e) Support and contact data: if you contact us — including via the in-app contact form shown if registration or sign-in fails — we process what you provide to help you.
We do not intentionally collect special categories of personal data (such as health, religion, or political opinions); please do not enter such data in free-text fields.
3. Why we process your data and our legal basis.
Where we rely on consent, you may withdraw it at any time (this does not affect prior processing). Where we rely on legitimate interests, we have assessed that our interest in a secure, reliable service does not override your rights; you can object (see Section 8).
| Purpose | Legal basis (GDPR Article 6) |
|---|---|
| Creating and managing your account; providing core features; storing the subscriptions and salary data you enter | Performance of a contract — Art. 6(1)(b) |
| Processing payments and managing paid subscriptions | Performance of a contract — Art. 6(1)(b) |
| Keeping accounting and invoicing records | Legal obligation — Art. 6(1)(c) (Bookkeeping Act, bokføringsloven) |
| Securing the Service, preventing fraud/abuse, improving reliability | Legitimate interests — Art. 6(1)(f) |
| Responding to support requests | Contract and/or legitimate interests — Art. 6(1)(b)/(f) |
| Optional cookies/analytics and any marketing | Consent — Art. 6(1)(a) |
4. Who we share your data with.
We do not sell your personal data and never sell or rent the financial information you enter. We share data only with parties that help us run the Service, acting as our data processors under data processing agreements: hosting/database on Supabase / Lovable Cloud within the EU/EEA, protected with row-level security so each account accesses only its own data; payments via Stripe (https://stripe.com/privacy); sign-in with Google, if you choose it (https://policies.google.com/privacy). We may also disclose data where legally required (e.g. to tax authorities or a lawful request), or to establish, exercise or defend legal claims.
5. Where your data is stored and transfers outside the EEA.
We aim to store and process personal data within the EU/EEA. Where a processor operates outside the EU/EEA, we ensure adequate protection via a GDPR-recognised mechanism (an EU Commission adequacy decision, or Standard Contractual Clauses plus any additional safeguards). Accounting records we are legally required to keep are stored within the EEA in line with the Bookkeeping Act.
6. How long we keep your data.
Only as long as necessary.
Account/profile and the subscriptions/salary data you enter: kept while your account is active; if you delete your account, deleted or anonymised without undue delay, except where we must keep certain information (below) or need it to defend a legal claim.
Accounting and payment records: retained as Norwegian law requires — under the Bookkeeping Act, primary accounting documentation (such as invoices and payment records) must generally be kept for five years after the end of the relevant financial year; we cannot delete this earlier even on request.
Support correspondence: kept as long as needed to handle your request and a reasonable period after.
Backups: data may persist in encrypted backups for a limited period after deletion, then is overwritten.
7. How we protect your data.
Appropriate technical and organisational measures, including: encryption in transit (HTTPS/TLS); row-level security; securely hashed passwords (we never see or store your password in plain text); card data handled entirely by Stripe so card numbers never reach our servers; access controls. No method is completely secure, but we work to protect your data and to detect and respond to incidents. If a personal data breach is likely to result in a high risk to your rights, we will notify you and the Norwegian Data Protection Authority (Datatilsynet) as required.
8. Your rights.
Under the GDPR you have the rights to: be informed; access; rectification; erasure ("right to be forgotten"); restriction of processing; data portability; object (including to direct marketing at any time); and not to be subject to solely automated decisions with legal or similarly significant effects (we do not make such decisions). You can edit much of your profile and your entries directly in the app. To exercise any right, contact contact@vikeep.no; we respond without undue delay and within one month, extendable by up to two further months for complex or numerous requests (we will inform you). Exercising rights is free unless a request is manifestly unfounded or excessive. We may verify your identity before acting.
9. Right to complain.
Please contact us first so we can try to resolve the matter. You may also complain to the Norwegian Data Protection Authority — Datatilsynet, https://www.datatilsynet.no, Postboks 458 Sentrum, 0105 Oslo, Norway.
10. Cookies and similar technologies.
VISIKT uses cookies and local storage that are strictly necessary to operate the Service (e.g. keeping you signed in, remembering your language). These do not require consent. If we introduce non-essential cookies or analytics, we will ask for your consent first, in line with the Electronic Communications Act (ekomloven), and you can change your choice at any time.
11. Children.
VISIKT is intended for adults and is not directed at children. We do not knowingly collect children's personal data; if you believe a child has provided data, contact us and we will delete it.
12. Changes to this policy.
We may update this policy; on material changes we update the "Last updated" date and, where appropriate, notify you in the app or by email.
13. Contact us.
VIKEEP AS, Org.nr 938 008 272, Oslo, Norway, contact@vikeep.no.