Home Supply Tracker
NOEN
Legal

Privacy Policy

Last updated: February 26, 2026

1. Introduction

This privacy policy describes how Appivate AS (hereinafter "we", "us", or "the company"), the developer and operator of Min Beredskap (Home Supply Tracker), collects, uses, stores, and protects personal data through our website (minberedskap.no) and our mobile application Min Beredskap (available on iOS and Android). This policy applies to all users of our services, regardless of geographic location.

We are committed to protecting your privacy and processing personal data in accordance with the EU General Data Protection Regulation (GDPR), the Norwegian Personal Data Act (Personopplysningsloven), the EU ePrivacy Directive, the California Consumer Privacy Act (CCPA/CPRA), and other applicable privacy legislation.

2. Data Controller

The data controller responsible for the personal data collected through our services is:

Appivate AS

Norway

Email: privacy@minberedskap.no

You can contact us at the email address above for all questions related to privacy and the processing of personal data.

3. Personal Data We Collect

3.1 Website

When you visit our website, we may collect the following information:

  • Technical information: IP address, browser type and version, operating system, device information, screen resolution
  • Usage data: pages visited, time of visit, referring URLs, click data, time spent on pages
  • Cookies and similar technologies (see section 7)

3.2 Mobile Application

When you use the Min Beredskap app, we may collect:

  • Account information: email address, display name (if you create an account)
  • Preparedness data: information you voluntarily record about your supplies, preparedness plans, and household
  • Device information: device type, operating system version, app version, unique device identifier
  • Usage data: features used, frequency and timing of use, crash reports and performance data
  • Push notifications: notification token (if you consent)

3.3 Data We Do NOT Collect

  • We do not collect precise location data (GPS)
  • We never sell your personal data to third parties
  • We do not knowingly collect information from children under 16 (see section 12)

4. Legal Basis for Processing

In accordance with GDPR Article 6, we process personal data based on the following legal grounds:

ProcessingLegal Basis
Delivering the app and its featuresPerformance of contract (Art. 6(1)(b))
Analytics and service improvementLegitimate interest (Art. 6(1)(f))
Sending push notificationsConsent (Art. 6(1)(a))
Cookies (non-essential)Consent (Art. 6(1)(a))
Compliance with legal obligationsLegal obligation (Art. 6(1)(c))
Sharing household dataConsent (Art. 6(1)(a))

5. How We Use Your Data

We use your personal data for the following purposes:

  • Provide, maintain, and improve the Min Beredskap app and website
  • Manage your user account and authentication
  • Synchronize preparedness data across devices and household members
  • Send push notifications about expiration dates and preparedness reminders (only with your consent)
  • Analyze usage patterns to improve user experience (anonymized/aggregated)
  • Diagnose technical issues and improve stability
  • Comply with legal obligations and respond to lawful requests
  • Protect against fraud, abuse, and security threats

6. Sharing of Personal Data

We never sell your personal data. We may share information with the following categories of recipients, solely for the purposes described in this policy:

  • Service providers: Cloud providers (hosting, database), analytics tools, and crash reporting. These process data only on our behalf and under data processing agreements.
  • App stores: Apple App Store and Google Play Store may collect data in connection with app distribution, subject to their own privacy policies.
  • Household members: If you use the sharing feature, preparedness data will be shared with the members you invite. You control who has access.
  • Legal reasons: We may disclose information if legally required, for example by court order or government authority mandate.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. We distinguish between:

Strictly Necessary Cookies

These are necessary for the website to function, for example to remember your language preference. These do not require consent.

Analytics Cookies

These help us understand how visitors use the website. They are only set after your consent, in accordance with the ePrivacy Directive and Norwegian Electronic Communications Act § 2-7b.

Marketing Cookies

We currently do not use any marketing cookies. If this changes, you will be asked for consent beforehand.

You can change your cookie preferences at any time through your browser settings or via our cookie settings dialog.

8. International Data Transfers

Your personal data is primarily processed within the EEA. If it is necessary to transfer data to countries outside the EEA (for example when using cloud providers with servers in the US), we ensure that adequate safeguards exist in accordance with GDPR Chapter V, including:

  • European Commission Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission (e.g., EU-U.S. Data Privacy Framework)
  • Supplementary technical and organizational measures where necessary

You may contact us to obtain a copy of the applicable transfer safeguards.

9. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • Account data: Retained as long as you have an active account. Upon account deletion, data is removed within 30 days, except for data we are legally obligated to retain.
  • Preparedness data: Deleted when you delete your account or remove the data manually in the app.
  • Analytics data: Aggregated and anonymized data may be retained indefinitely. Identifiable analytics data is deleted within 26 months.
  • Server logs: Automatically deleted after 90 days.

10. Your Rights Under GDPR

Under the GDPR and the Norwegian Personal Data Act, you have the following rights:

  • Access (Art. 15): You have the right to request information about what personal data we process about you, and to receive a copy of it.
  • Rectification (Art. 16): You have the right to request the correction of inaccurate personal data about you.
  • Erasure (Art. 17): You have the right to request deletion of your personal data ("right to be forgotten").
  • Restriction of processing (Art. 18): You have the right to request restriction of processing of your personal data under certain circumstances.
  • Data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
  • Objection (Art. 21): You have the right to object to processing based on legitimate interest, including profiling.
  • Withdrawal of consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
  • Complaint to supervisory authority: You have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or the supervisory authority in your own EEA country.

To exercise your rights, please contact us at privacy@minberedskap.no. We will respond within 30 days in accordance with GDPR.

11. Rights for US Residents (CCPA/CPRA)

If you are a resident of California or another US state with privacy legislation, you have additional rights beyond those described in section 10.

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

  • Right to know: You have the right to know what categories and specific pieces of personal information we have collected about you, the sources of the information, the purpose of collection, and the categories of third parties with whom we share it.
  • Right to delete: You can request that we delete the personal information we have collected about you, subject to certain exceptions.
  • Right to non-discrimination: We will not discriminate against you for exercising your rights under the CCPA/CPRA.
  • Right to correct: You have the right to request correction of inaccurate personal information.
  • Right to limit use of sensitive information: You can request that we limit the use of sensitive personal information to what is necessary to provide the services.

"Do Not Sell/Share My Personal Information"

We do not sell and have never sold your personal information, as the term "sale" is defined under the CCPA/CPRA. We also do not "share" personal information for cross-context behavioral advertising as defined under the CPRA.

Other US State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), and other states with privacy legislation have similar rights to access, delete, correct, and opt out of targeted advertising. We process all requests in accordance with the applicable law of your state. Contact us at the email address above to exercise your rights.

12. Children's Privacy

Min Beredskap is not directed at children under 16 years of age (in accordance with GDPR Article 8 and Norwegian law) or under 13 years of age (in accordance with the US COPPA — Children's Online Privacy Protection Act). We do not knowingly collect personal information from children below these age thresholds.

If we discover that we have collected personal information from a child without valid parental consent, we will delete the information promptly. If you believe a child has provided us with personal information, please contact us at privacy@minberedskap.no.

13. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access control and role-based authorization
  • Regular security reviews and updates
  • Secure authentication and password hashing
  • Limited access to personal data on a need-to-know basis
  • Data processing agreements with all third-party providers

Despite our measures, no method of electronic transmission or storage can be 100% secure. If you discover a security vulnerability, please contact us immediately.

14. Third-Party Services

Our services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We recommend that you read the privacy policies of any third-party services you use. Relevant third parties may include:

  • Apple (App Store, iCloud integration)
  • Google (Google Play Store, Firebase services)
  • Hosting and cloud providers

15. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Norwegian Data Protection Authority (Datatilsynet) within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33
  • Inform affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms, in accordance with GDPR Article 34
  • Document all breaches and measures taken internally

16. Automated Decision-Making

We do not use any automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you, as described in GDPR Article 22.

17. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or applicable legislation. For material changes, we will:

  • Update the "last updated" date at the top of the policy
  • Notify you via email or push notification in the app if the changes are material
  • Obtain new consent where required

We encourage you to review this policy regularly.

18. Supervisory Authority

The Norwegian supervisory authority for data protection is:

Datatilsynet

Postboks 458 Sentrum

0105 Oslo, Norway

Phone: +47 22 39 69 00

Website: www.datatilsynet.no

You have the right to lodge a complaint with Datatilsynet if you believe that the processing of your personal data violates applicable data protection legislation.

19. Contact Us

If you have questions about this privacy policy, wish to exercise your rights, or have concerns about our privacy practices, you can contact us:

Appivate AS — Privacy Contact

Email: privacy@minberedskap.no

We will endeavor to respond to all inquiries within 30 days.

Back to home