Privacy Policy

Last updated: December 1, 2025

Our Commitment to Your Privacy

🇳🇴 Språk / Language

Disse vilkårene er tilgjengelige på engelsk. Norske brukere kan be om norsk oversettelse ved å kontakte artdeck@bizziprops.no.

These terms are available in English. Norwegian users may request a Norwegian translation by contacting us.

This Privacy Policy describes how ARTdeck ("we", "us", or "our") collects, uses, and protects your personal information when you use our portfolio builder platform. We are committed to protecting your privacy and being transparent about our data practices in compliance with the EU General Data Protection Regulation (GDPR) and Norwegian data protection laws (Personopplysningsloven).

Data Controller:

Bizziprops (operating as ARTdeck)
Email: artdeck@bizziprops.no
Country: Norway

Legal Entity: Bizziprops AS
Organization Number: 934 859 375
Registered Address: Tronsborgveien 6, 3170 Sem, Norway

1. Information We Collect

1.1 Information You Provide

  • Account Information: Full name, email address, username, and password (encrypted)
  • Profile Information: Bio, avatar/profile picture, contact details, social media links
  • Portfolio Content: Projects, experience, education, skills, images, and other content you create
  • Subscription Information: Billing details, payment information (processed by Stripe), subscription tier

1.2 Automatically Collected Information

  • Usage Data: IP address (used for rate limiting and security purposes, stored in logs for 90 days), browser type, device information
  • Session Data: Authentication tokens and session cookies (HTTP-only, secure)
  • Technical Data: Error logs, performance metrics (stored temporarily for up to 30 days)
2. How We Use Your Information

We use your information to:

  • Provide and maintain the portfolio builder service
  • Create and host your public portfolio website
  • Process your subscription and billing
  • Send important account notifications and service updates
  • Provide customer support and respond to inquiries
  • Prevent fraud, abuse, and ensure platform security
  • Comply with legal obligations
  • Improve our services based on usage patterns (anonymized)

Automated Decision-Making:

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Rate limiting is applied automatically for security purposes, but this does not affect your access to core services under normal usage.

Under GDPR Article 6, we process your personal data based on:

  • Contract Performance: Account services, portfolio hosting, billing, and subscription management
  • Legal Obligations: Tax records, billing documentation, and regulatory compliance (Bokføringsloven)
  • Legitimate Interests: Security, fraud prevention, and service improvement
  • Consent: Optional Google OAuth and marketing communications (you can withdraw consent anytime)
4. How We Share Your Information

4.1 Public Information

Your published portfolio (username, bio, projects, social links) is publicly accessible by design. You control what content to publish and can unpublish at any time.

Search Engine Indexing: Public portfolio pages may be indexed and cached by search engines (Google, Bing, etc.) and third-party archives. When you unpublish or delete content, it is immediately removed from our platform, but de-indexing by search engines can take days to weeks.

4.2 Third-Party Services

We share data with these trusted service providers:

  • Supabase: Database hosting and authentication (data hosted in EU-West region, Frankfurt, Germany)
    We have signed a Data Processing Agreement (DPA) with Supabase ensuring GDPR compliance via Standard Contractual Clauses (SCCs).
  • Stripe: Payment processing via Stripe Payments Europe Limited (Ireland). We do not store credit card details.
    Stripe processes payments within the EEA and complies with GDPR through Standard Contractual Clauses and EU data protection certification.
  • Google OAuth: Authentication service (only if you choose to sign in with Google). Data shared: email, name, profile picture per Google's OAuth consent screen.

4.3 Legal Requirements

We may disclose your information if required by law, subpoena, or to protect our rights and safety.

5. Data Security

We implement security measures to protect your data:

  • Encrypted data transmission (HTTPS/TLS) and storage
  • Secure password hashing (bcrypt via Supabase Auth)
  • Row-level security policies to isolate user data
  • Rate limiting to prevent abuse
  • Regular security updates and vulnerability monitoring
  • Restricted access to personal data (admin-only with audit logs)
6. Data Retention

We retain your personal information as long as your account is active or as needed to provide services. When you delete your account:

  • Immediate Deletion: Your email, password, profile content, portfolio data, and images are immediately deleted from active systems
  • Username Reservation: Your username is retained for 30 days to prevent account hijacking or impersonation. After 30 days, the username becomes available for registration
  • Backups: Deleted data in automated backups may persist up to 90 days before being permanently purged
  • Billing Records: If you had a paid subscription, billing records, invoices, and tax documentation will be retained for 5 years as required by Norwegian Bokføringsloven (Bookkeeping Act). This includes only transaction details, amounts, and dates—not your portfolio content

Content Deletion:

When you delete individual portfolio items (projects, images, sections), they are immediately removed from your public portfolio and marked for permanent deletion within 24 hours. No recovery period applies to content deletion.

7. Your Privacy Rights (GDPR Compliance)

If you are in the European Economic Area (EEA), UK, or other regions with similar privacy laws, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to certain data processing
  • Right to Restrict Processing: Limit how we use your data
  • Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us at artdeck@bizziprops.no. We will respond to your request within one month. For complex requests, this may be extended by up to two additional months, and we will inform you of any such extension within the initial month.

8. Cookies and Tracking

We use minimal, essential cookies for authentication and session management:

  • Authentication Cookies: HTTP-only, secure cookies set by Supabase Auth for maintaining your login session
  • No Tracking: We do not use advertising or analytics cookies

For more details, see our Cookie Policy.

9. Children's Privacy

Our service is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and stored on servers in different countries. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for GDPR compliance
  • Adequate data protection measures with service providers
  • Encryption in transit and at rest
11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification for material changes

Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Privacy Contact: artdeck@bizziprops.no

For Norwegian Residents: You have the right to lodge a complaint with Datatilsynet (Norwegian Data Protection Authority) at datatilsynet.no or by mail to Postboks 458 Sentrum, 0105 Oslo, Norway.

For Other EEA Residents: You may lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

← Back to Homepage