Privacy Policy

Last updated: January 15, 2026

1. Introduction

Global InTech AS ("we", "our", or "us"), the company behind kultur.dev, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Cultural Intelligence API and related services. We are incorporated in Norway and comply with the EU General Data Protection Regulation (GDPR) and Norwegian data protection laws.

2. Data Controller

Global InTech AS is the data controller for personal data processed through kultur.dev.

Global InTech AS

Organization Number: 932 541 789

Registered Address: Norway

Data Protection Officer: [email protected]

3. Information We Collect

Account Information: When you create an account, we collect your name, email address, company name, and billing information necessary for service delivery and contract performance.

API Usage Data: We collect metadata about your API requests, including timestamps, response times, and error logs for service improvement and debugging. Query content is processed transiently and not stored permanently.

Technical Data: We automatically collect IP addresses, browser type, and device information when you interact with our services for security and analytics purposes.

4. How We Process Your Content

Important: Content Processing Commitment

  • • Content submitted via the API is processed for analysis only
  • • Content is processed in memory and not stored permanently
  • • Content is never used to train our models or improve our knowledge base
  • • Content is not shared with third parties except as necessary to provide the service

5. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data on the following legal bases:

  • Contract Performance (Article 6(1)(b)): Processing necessary to provide our services as agreed when you sign up
  • Legitimate Interests (Article 6(1)(f)): Processing for fraud prevention, security, and service improvement
  • Legal Obligation (Article 6(1)(c)): Processing required to comply with applicable laws
  • Consent (Article 6(1)(a)): Where you have given specific consent for optional processing (e.g., marketing communications)

6. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of Access (Article 15): Request a copy of the personal data we hold about you
  • Right to Rectification (Article 16): Request correction of inaccurate personal data
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction (Article 18): Request restriction of processing in certain circumstances
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
  • Right to Object (Article 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact our Data Protection Officer at [email protected]. We will respond within 30 days as required by GDPR.

7. Data Retention

We retain your personal information according to the following schedule:

  • Account Data: Retained while your account is active and for 30 days after deletion request
  • API Logs (metadata only): Retained for 90 days for debugging and analytics
  • Billing Records: Retained for 7 years as required by Norwegian accounting law
  • Query Content: Not retained — processed transiently in memory only

8. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), regular security audits, and access controls. Our infrastructure is hosted on enterprise-grade cloud providers with industry-leading security certifications. While we take extensive precautions, no method of transmission over the Internet is 100% secure.

9. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or transfers to countries with an adequacy decision.

10. Third-Party Processors

We use third-party services that process data on our behalf, including payment processing (Stripe), cloud infrastructure, and analytics. All processors are bound by data processing agreements compliant with GDPR Article 28. We do not sell your personal data to third parties.

11. Cookies and Tracking

We use essential cookies necessary for service functionality and optional analytics cookies with your consent. You can manage cookie preferences through your browser settings. Our use of cookies complies with the Norwegian Electronic Communications Act.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our services. Continued use after changes constitutes acceptance of the modified policy.

13. Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet):

Datatilsynet

Postal Address: P.O. Box 458 Sentrum, 0105 Oslo, Norway

Email: [email protected]

Website: www.datatilsynet.no

14. Contact Us

For questions about this Privacy Policy, your personal data, or to exercise your GDPR rights, contact us at:

Global InTech AS

Operating as kultur.dev

Data Protection Officer: [email protected]

General Inquiries: [email protected]