Privacy Policy

Last updated: April 11, 2026

This Privacy Policy explains how Meyer Utvikling Frilans Tjenester, a company registered in Norway ("we", "us", "our"), collects, uses, and protects your information when you use PlanForScale ("the Service"). We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and Norwegian data protection law.

1. Information We Collect

When you use PlanForScale, we collect the following information:

  • Account information: Name, email address, and a securely hashed password when you register.
  • Workspace data: Jobs, bookings, suppliers, resources, and other content you create within your workspace.
  • Technical data: IP address, browser type, operating system, and session information required for authentication.
  • Payment data: If you subscribe to a paid plan, payment information is collected and processed directly by Stripe. We do not store your credit card details.

2. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the GDPR:

  • Contractual necessity (Article 6(1)(b)): Processing account information and workspace data is necessary to provide the Service you signed up for.
  • Legitimate interest (Article 6(1)(f)): Processing technical data for security, fraud prevention, and service improvement. Our legitimate interest does not override your fundamental rights.
  • Legal obligation (Article 6(1)(c)): Retaining certain data as required by Norwegian law, such as accounting and tax obligations.
  • Consent (Article 6(1)(a)): For any optional processing, such as marketing communications. You may withdraw consent at any time.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the PlanForScale platform.
  • Authenticate your identity and manage your account and sessions.
  • Send transactional emails such as workspace invitations and account notifications.
  • Process payments and manage subscriptions through Stripe.
  • Protect against fraud, abuse, and unauthorized access.
  • Comply with legal obligations.

4. Data Storage and International Transfers

Your data is stored on servers located in the United States, operated by our infrastructure providers. As your data is transferred outside the European Economic Area (EEA) and Norway, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission with our service providers.
  • Our providers maintain industry-standard security certifications and encryption measures.

We use encryption in transit (TLS) and at rest to protect your information. Access to your data is restricted to authorized personnel only.

5. Sub-processors

We use the following third-party service providers to operate PlanForScale:

  • Neon (United States) — Database hosting and storage.
  • Vercel (United States) — Application hosting and delivery.
  • Resend (United States) — Transactional email delivery.
  • Stripe (United States) — Payment processing.

Each sub-processor is contractually obligated to process your data only as necessary to provide their service and in accordance with applicable data protection laws.

6. Data Sharing

We do not sell your personal data. We may share your information with:

  • Sub-processors: As listed above, solely to operate the Service.
  • Legal requirements: When required by law, regulation, court order, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets. You will be notified before your data is transferred to a new entity.

7. Your Rights Under GDPR

Under the GDPR and Norwegian data protection law, you have the following rights:

  • Right of access (Article 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): Request deletion of your personal data, subject to legal retention requirements.
  • Right to restriction (Article 18): Request that we restrict processing of your data in certain circumstances.
  • Right to data portability (Article 20): Request your data in a structured, machine-readable format.
  • Right to object (Article 21): Object to processing based on legitimate interest.
  • Right to withdraw consent (Article 7): Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@planforscale.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no or your local supervisory authority if you are located in another EEA country.

8. Cookies

We use strictly essential cookies to maintain your session and authenticate your account. These cookies are necessary for the Service to function and cannot be disabled. We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

If we introduce non-essential cookies in the future, we will implement a consent mechanism before they are set and update this policy accordingly.

9. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., accounting records under Norwegian law, which must be retained for 5 years).

Technical logs (IP addresses, session data) are retained for a maximum of 90 days for security purposes, after which they are automatically deleted.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Norwegian Data Protection Authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay (Article 34).

11. Children's Data

PlanForScale is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform at least 14 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision. Continued use of PlanForScale after the effective date constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at:

Meyer Utvikling Frilans Tjenester
Email: privacy@planforscale.com