Privacy Notice

Last updated: 21 April 2026

Aptide is committed to protecting and respecting your privacy.

We at Aptide AS ("Aptide", "us", "we", or "our") want you to feel safe when we process your personal data. This Privacy Notice explains how we ensure that your personal data is handled in compliance with applicable legislation, including the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven).

1. Aptide's role when processing your data

Aptide is the data controller for the processing of your personal data other than when we act as a processor or service provider on behalf of a customer that is a company or public-sector subscriber. Aptide is responsible for ensuring that the processing is carried out in accordance with applicable legislation.

When Aptide is delivered to a Norwegian municipality (kommune) or other public-sector body, the customer organisation is the data controller for personal data processed inside the Aptide service, and Aptide acts as the data processor (databehandler) under a written data processing agreement (databehandleravtale) in accordance with GDPR Article 28. Activity inside the service — including conversations, prompts, generated answers and audit logs — is processed on the customer's behalf and on the customer's documented instructions.

2. Our use of your personal data

The personal data that we process about you is data that you have provided us with or that we have otherwise acquired as part of the provision of our services.

  • Account creation and authentication data
  • Content you provide (prompts, uploaded documents, generated drafts)
  • Interaction and audit data (timestamps, models invoked, token counts, classifications, hash values)
  • Communications with our support and sales teams

3. Why we use your data

We process personal data for the following purposes:

  • To provide and operate the Aptide service
  • To administer agreements with our customers
  • To provide support and respond to inquiries
  • To ensure traceability, information security and incident response
  • To meet documentation and archiving obligations of public-sector customers (the customer's legal basis is GDPR Art. 6(1)(c) and Art. 6(1)(e), including obligations under Norwegian archive law (arkivlova))
  • For quality assurance and improvement of the service, only where there is a valid legal basis to do so
  • To comply with our own legal obligations

Conversation content from one customer is not shared with other customers and is not used to train external, general-purpose language models.

4. Sub-processors

To deliver the language-model functionality of the Aptide service, Aptide engages the following sub-processors:

  • Microsoft Ireland Operations Ltd. (Microsoft Azure OpenAI Service) — large language model inference and embeddings, hosted in the EU.
  • Google Ireland Ltd. (Google Cloud — Gemini API) — supplementary language model functionality, hosted in the EU.

Aptide engages these sub-processors under written agreements that contractually prohibit the use of customer content (including prompts, uploaded documents and generated answers) to train the providers' general-purpose models. Each sub-processor is subject to a written agreement that flows down the controller's instructions in line with GDPR Article 28(4). An up-to-date list of sub-processors is available to customers on request and is appended to the data processing agreement.

5. AI-specific safeguards

Where required, Aptide maintains activity logs and technical documentation to support traceability and oversight of AI-assisted processing. If parts of the service are subject to specific rules on artificial intelligence (such as the EU AI Act), additional requirements for logging, documentation and human oversight may apply, and Aptide will support the customer's compliance with those obligations.

6. Retention of personal data

We retain personal data only for as long as necessary for the purposes for which it was collected, in accordance with this Privacy Notice and applicable data protection regulations. When Aptide acts as a processor, retention periods follow the customer's documented instructions and the customer's own legal obligations, including obligations under archive law.

7. Your rights

You have the right to access, rectification, erasure, restriction and data portability of your personal data, as well as the right to object to certain processing under GDPR Article 21. Where Aptide is the data processor, requests are normally directed to the customer organisation as the data controller; we will support the customer in responding within statutory deadlines.

8. Contact details

Do not hesitate to contact us if you have any questions about this Privacy Notice, our processing of your personal data, or if you wish to exercise your rights.

Aptide AS
Email: privacy@aptide.ai
Website: https://aptide.ai

Vi bruker kun essensielle informasjonskapsler for innlogging. Analyse er informasjonskapsel-fritt og personvern-vennlig.

Les mer