Privacy Policy
Last updated: April 1, 2026
1. Data controller
Kooyman AS (org. no. 832 489 522) is the data controller for personal data collected through StandbyOS. For operator customer data, the operator is the data controller and StandbyOS acts as data processor.
E-post: post@standbyos.com
2. What data we collect
Operator accounts
- Name, email, phone number
- Company name and org. number
- Address
- Payment information (processed by Stripe/Vipps)
- Login data (IP address, user agent, session)
Storage customers (operator's customers)
- Name, email, phone, address
- Vehicle information (registration number, make, model, dimensions)
- Booking history and invoices
- Condition photos and reports
- Digital signatures
Website visitors
We use Umami Analytics, which is self-hosted and does not use cookies. Only anonymous aggregate data is collected: page views, referrer, country, and device type. No personal data is collected from website visitors.
3. Purpose and legal basis
| Purpose | Legal basis |
|---|---|
| Provide the service | Contract fulfillment (GDPR art. 6(1)(b)) |
| Billing and payment | Contract fulfillment |
| Service emails (booking, invoice) | Legitimate interest (GDPR art. 6(1)(f)) |
| Vehicle lookup (Statens vegvesen) | Legitimate interest |
| Security and fraud prevention | Legitimate interest |
4. Data storage and security
- All data is stored on servers physically located in Norway
- Database encrypted at rest, HTTPS in transit
- Automatic daily backups with 6-month retention
- Rate limiting and brute-force protection on all authentication
- Email verification required for new accounts
5. Third-party services
| Service | Purpose | Data location |
|---|---|---|
| Resend | Transactional email | EU |
| Stripe | Payment processing | EU/USA (SCC) |
| Vipps MobilePay | Login and payment | Norway |
| Statens vegvesen | Vehicle data lookup | Norway |
| Google OAuth | Login (optional) | EU/USA (SCC) |
No data is sold to third parties. Third-party services only receive the minimum data required to provide their function.
6. Cookies
StandbyOS only uses essential cookies required for the service to function:
| Cookie | Purpose | Duration |
|---|---|---|
| better-auth.session_token | Login session | 7 days |
| sidebar_state | UI preference | 7 days |
We do not use tracking cookies, advertising cookies, or analytics cookies. Our analytics tool (Umami) is cookieless.
7. Your rights
Under GDPR, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data
- Data portability (export your data)
- Object to processing
- File a complaint with Datatilsynet (datatilsynet.no)
To exercise your rights, contact us at post@standbyos.com. We will respond within 30 days.
8. Data retention
- Active accounts: data retained as long as the account exists
- Deleted accounts: data permanently removed within 30 days
- Expired trials: data retained for 90 days, then deleted
- Invoices and financial data: retained for 5 years (Norwegian bookkeeping law)
9. Contact
Kooyman AS
Org.nr: 832 489 522
E-post: post@standbyos.com