Helkrypt AI er et norsk selskap som spesialiserer seg på å hjelpe små og mellomstore bedrifter med å ta i bruk kunstig intelligens på en praktisk og lønnsom måte. Vi tilbyr AI-integrasjoner, arbeidsflytautomatisering og onboarding-programmer.

Hvilke systemer integrerer Helkrypt AI med?

Helkrypt AI integrerer sømløst med over 50 norske og internasjonale systemer, inkludert Visma, Tripletex, 24SevenOffice og Fiken. Integrasjonene krever ingen koding.

Trenger jeg teknisk kompetanse for å bruke Helkrypt AI?

Nei, Helkrypt AI er designet for å brukes uten koding eller store IT-ressurser. Vår visuell flytbygger og AI Onboarding Program gjør det enkelt å komme i gang, uansett teknisk bakgrunn.

Hvordan får jeg et tilbud fra Helkrypt AI?

Helkrypt AI tilbyr skreddersydde løsninger tilpasset din bedrifts behov. Kontakt oss for et tilpasset tilbud.

Hvordan kommer jeg i gang med Helkrypt AI?

Fyll ut kontaktskjemaet på nettsiden vår, så tar vi kontakt for en uforpliktende kartlegging av din bedrifts behov. Vi starter typisk med en AI-audit for å identifisere de største automatiseringsmulighetene.

Privacy Policy

Helkrypt AI AS

Last updated: 5 April 2026

1. Who We Are

Helkrypt AI AS (“Helkrypt AI”, “we”, “us”, or “our”) is a Norwegian company providing AI-powered automation products, including MindBridge and SvarAI.

We are the data controller for personal data processed through our products and website.

Contact: privacy@helkrypt.no

2. What Data We Collect

Account and Identity Data

Name, email address, password (hashed)
Company name and job title (for B2B users)
Profile photo (if provided)

Usage and Product Data

Prompts, inputs, and outputs within MindBridge and SvarAI
Feature usage, session duration, product interactions
Conversation history (retained per your account settings)

Payment Data

Billing name, address, and payment method details
Transaction history
Full card numbers are never stored by us — processed by Stripe

Technical Data

IP address, browser type, operating system
Device identifiers
Log data (access times, pages visited, errors)

Communications Data

Messages sent to our support team
Responses to surveys or feedback forms

3. How We Use Your Data

Purpose	Examples
Provide our services	Run MindBridge and SvarAI
Manage your account	Login, billing, preferences
Process payments	Invoicing, subscription management
Improve our products	Aggregate usage analytics, bug fixing
Communicate with you	Product updates, support responses
Security and fraud prevention	Detect unauthorized access
Legal compliance	Meet GDPR, tax, and regulatory requirements

We do not sell your personal data to third parties.

4. Legal Basis for Processing (GDPR)

Processing Activity	Legal Basis
Providing the service you signed up for	Contract (Art. 6(1)(b))
Processing payments	Contract (Art. 6(1)(b))
Security monitoring and fraud prevention	Legitimate interests (Art. 6(1)(f))
Product improvement (aggregated analytics)	Legitimate interests (Art. 6(1)(f))
Sending marketing communications	Consent (Art. 6(1)(a))
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))

5. Data Sharing and Sub-Processors

All sub-processors are bound by data processing agreements (DPAs) requiring GDPR-compliant data handling.

Sub-Processor	Purpose	Location	Safeguard
Supabase (AWS)	Database, authentication, storage	EU (AWS eu-west-1)	GDPR DPA, SCCs
Vercel	Web hosting, edge functions	EU + US	GDPR DPA, SCCs
Stripe	Payment processing	EU (Stripe Payments Europe, IE)	GDPR DPA — EU entity, no SCC required
Anthropic	AI inference (Claude API)	EU (DPA active via Ireland)	GDPR DPA — EU entity, no SCC required

We do not share your data with advertising networks or data brokers without your consent.

6. International Data Transfers

Where any sub-processor operates outside the EU/EEA (e.g. Vercel US edge nodes), we rely on:

Standard Contractual Clauses (SCCs) (EU Commission Decision 2021/914)
Adequacy decisions where applicable

Stripe and Anthropic are contracted through EU legal entities and do not require SCC transfers for core data processing.

Request a copy of applicable SCCs: privacy@helkrypt.no

7. How Long We Keep Your Data

Data Category	Retention Period
Account data	Duration of account + 3 years after deletion
Conversation/prompt history	90 days (rolling), adjustable in settings
Payment records	7 years (Norwegian Bokføringsloven)
Support communications	2 years from resolution
Log/technical data	90 days
Marketing consent records	Duration of consent + 3 years

8. Cookies and Tracking

Category	Purpose	Can be disabled?
Essential	Login sessions, security, core functionality	No
Analytics	Aggregate usage statistics	Yes — via cookie banner
Marketing	Targeted advertising (only with consent)	Yes — via cookie banner

EU/EEA users must opt in to non-essential cookies. Manage preferences via the cookie settings link in our footer.

9. Your Rights — EU/EEA Users (GDPR)

Under GDPR Articles 15–22 and the Norwegian Personopplysningsloven:

Right	Description
Right of Access (Art. 15)	Request a copy of your personal data
Right to Rectification (Art. 16)	Correct inaccurate or incomplete data
Right to Erasure (Art. 17)	Request deletion of your data
Right to Restrict Processing (Art. 18)	Pause processing of your data
Right to Data Portability (Art. 20)	Receive your data in machine-readable format
Right to Object (Art. 21)	Object to legitimate-interests or direct marketing processing
Right re: automated decisions (Art. 22)	Request human review of automated decisions
Withdraw consent (Art. 7(3))	Withdraw consent at any time

Submit a request: privacy@helkrypt.no — we respond within 30 days.

Supervisory authorities:
Norway: Datatilsynet — www.datatilsynet.no
EU: Your local data protection authority

10. Your Rights — California Users (CCPA)

Categories of personal information collected: Identifiers, commercial information, internet activity data, inferences.

Right	Description
Right to Know	Categories and specific pieces of data collected; sources; purposes; third parties
Right to Delete	Request deletion of your personal information
Right to Correct	Correct inaccurate personal information
Right to Opt-Out	We do not sell your personal data and do not share it for behavioral advertising without consent
Non-Discrimination	We will not discriminate for exercising CCPA rights

Submit a CCPA request: privacy@helkrypt.no (subject: “CCPA Request”) — we respond within 45 days.

11. Children's Privacy

Our products are not intended for users under 16 (or 13 in the US). We do not knowingly collect data from children. Contact privacy@helkrypt.no if you believe a child has submitted data.

12. Security

In transit: TLS 1.2+ encryption
At rest: AES-256 encryption
Access controls: Role-based, least-privilege access
Breach notification: Datatilsynet notified within 72 hours of qualifying breach (GDPR Art. 33); affected users notified without undue delay (Art. 34)

Suspected unauthorized access: contact security@helkrypt.ai immediately.

13. Changes to This Policy

Material changes will be:

Posted with an updated “Last updated” date
Emailed to registered users at least 30 days before taking effect
Subject to fresh consent where required by law

14. Contact Us

Helkrypt AI AS
privacy@helkrypt.no
Norge

Complaints (Norway): Datatilsynet — www.datatilsynet.no

This Privacy Policy applies to all Helkrypt AI products: MindBridge and SvarAI.