Privacy Policy

This policy describes how AI Agenten AS ("we", "us") processes personal data, including data fetched from Meta platforms (Facebook and Instagram) and LinkedIn as part of our social media management service.

For Meta and LinkedIn App Review: this page is server-rendered and serves full content without JavaScript. Platform-specific sections: Meta integration, LinkedIn integration, and a dedicated Data Deletion Instructions URL.

1. Data Controller

AI Agenten AS is the data controller for the processing of personal data as described in this privacy policy.

Contact information:
- Email: [email protected]
- Address: Oslo, Norway

2. What Information Do We Collect?

We collect the following types of personal information:

Contact Information:
- Name
- Email address
- Phone number (if you provide it)
- Company name (if you provide it)

Technical Information:
- IP address
- Browser type and version
- Operating system
- Visit time
- Pages you visit on the website

Communication Data:
- Messages you send us via contact form
- Email correspondence
- Support inquiries

3. How Do We Use Your Information?

We use your personal information for the following purposes:

Customer Service and Communication:
- Respond to your inquiries
- Provide you with information about our services
- Manage customer relationships

Analysis and Improvement:
- Analyze website usage
- Improve our services and user experience
- Develop new features

Legal Basis:
- Consent (for marketing)
- Contract fulfillment (for customer relationships)
- Legitimate interest (for analysis and improvement)

4. Cookies and Tracking Technology

Our website uses cookies and similar tracking technology. You provide consent for analytics and tracking tools via our cookie banner, and may withdraw consent at any time via "Endre samtykke" (Change consent) in the footer.

Necessary Cookies (no consent required):
- Store your preferences (e.g., dark mode, language)
- Manage login and session
- Store your cookie consent
- Ensure website functionality and security
Retention: Up to 12 months or until you log out.

Analytics and Tracking Tools (consent required):

• Google Analytics 4 (GA4) — provider: Google Ireland Ltd.
Purpose: Measure traffic, page views, demographics and conversions.
Data: IP address (anonymized), device, browser, click behavior, referral source.
Retention: 14 months.

• Google Tag Manager — provider: Google Ireland Ltd.
Purpose: Manage and fire other tracking tags. Controlled by Google Consent Mode v2 (default "denied" until consent).

• Umami Analytics — provider: AI Agenten AS (self-hosted, EU).
Purpose: Privacy-friendly statistics on page views and traffic sources.
Data: Anonymized page traffic, no personal identifiers.
Retention: 24 months.

B2B Statistics (legitimate interest, no consent required):

• AI Agenten Visitor Tracker (some.aiagenten.no/tracker.js) — provider: AI Agenten AS.
Purpose: B2B statistics — identify which companies visit the site by IP address lookup.
Data: IP address and timestamp only. We do not collect names, emails, behavioral patterns or other personal data about individual visitors.
Retention: 12 months.

Legal basis:
- Consent (GDPR Art. 6(1)(a)) for Google Analytics, Google Tag Manager and Umami. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
- Legitimate interest (GDPR Art. 6(1)(f)) for AI Agenten Visitor Tracker. As a B2B service provider, we have a legitimate interest in knowing which companies are interested in our services. The processing is limited to IP address and timestamp and is minimally intrusive. You may object to this processing by contacting us at [email protected].

You can also disable cookies in your browser settings, but this may affect the functionality of the website.

5. Sharing of Information

We do not share your personal information with third parties, except in the following cases:

Service Providers:
- Supabase (database and hosting, EU)
- OpenAI (AI services, if you use AI features)
- Cloudflare (security and performance)
- Netlify (hosting and edge functions)
- Meta (only for connected Facebook/Instagram accounts, see dedicated section)
- LinkedIn (only for connected LinkedIn accounts, see dedicated section)

All our subcontractors are required to protect your information in accordance with GDPR.

We never sell your personal information to third parties.

6. Your Rights

Under GDPR, you have the following rights:

Access:
- Request a copy of all information we have about you

Rectification:
- Request that we correct inaccurate or incomplete information

Erasure:
- Request that we delete your personal information

Restriction:
- Request that we restrict the processing of your information

Data Portability:
- Receive your information in a structured, machine-readable format

Objection:
- Object to processing based on legitimate interest

Complaint:
- Complain to the Data Protection Authority if you believe we are processing information unlawfully

To exercise your rights, contact us at [email protected]

7. Security

We take the security of your personal information seriously and have implemented the following measures:

Technical Measures:
- Encryption of data in transit (HTTPS/SSL, TLS 1.2+)
- Encryption of data at rest (AES-256)
- Regular security updates
- Access control and authentication, including row-level security in Supabase

Organizational Measures:
- Limited access to personal information
- Employee training in data protection
- Procedures for handling security breaches

We only store your personal information for as long as necessary for the purposes described in this policy.

8. Retention Period

We store your personal information for the following periods:

Contact Requests:
- 2 years from last contact

Customer Relationships:
- During contract period + 5 years (accounting law)

Analytics Data:
- Anonymized after 26 months

Marketing Consent:
- Until you withdraw consent

Social media tokens (Facebook, Instagram, LinkedIn):
- For the duration of the integration. Deleted within 7 days of revocation.

Social media content (posts, comments, messages):
- Up to 24 months for display and analytics, then aggregated/anonymized.

After the retention period expires, the information is deleted or anonymized.

9. Changes to Privacy Policy

We may update this privacy policy from time to time. Any changes will be published on this page.

Last updated: 28 April 2026

We encourage you to regularly review this policy to stay informed about how we protect your information.

10. Contact Us

If you have questions about this privacy policy or how we process your personal information, please contact us:

Email: [email protected]

We will respond to your inquiry within 30 days.

Meta integration (Facebook and Instagram)

What we fetch via the Meta Graph API

  • Facebook user information (name, email, profile picture, user ID).
  • Facebook Page Access Tokens for Pages you administer.
  • Instagram account tokens for connected Business/Creator accounts.
  • Posts, comments and reactions on connected Facebook Pages and Instagram accounts.
  • Direct messages on connected Facebook Pages (Messenger) and Instagram accounts (DMs).
  • Page metadata (page name, category, follower count, post statistics).

Meta permissions (scopes) we request

email public_profile pages_show_list pages_read_engagement pages_read_user_content pages_manage_posts pages_manage_metadata pages_messaging instagram_basic instagram_manage_comments instagram_manage_messages instagram_content_publish business_management

Where data is stored

All Meta-related data is stored in a Supabase Postgres database hosted in the EU (Stockholm, AWS eu-north-1), encrypted in transit (TLS 1.2+) and at rest (AES-256). Tokens are deleted immediately on revocation. Posts/comments/messages are kept up to 24 months, then aggregated/anonymized.

Revocation and deletion

LinkedIn integration

What we fetch via the LinkedIn API

  • Profile information (name, profile picture, LinkedIn member ID).
  • Email address (from r_emailaddress).
  • LinkedIn Company Page metadata for Pages you administer (name, logo, follower count).
  • Posts and comments on connected Company Pages.
  • Member-initiated posts published on the user's behalf via w_member_social.
  • Engagement metrics on Company Page posts (impressions, clicks, reactions) for analytics.

LinkedIn permissions (scopes) we request

r_liteprofile r_emailaddress w_member_social r_organization_social w_organization_social rw_organization_admin

Where data is stored

All LinkedIn-related data is stored in the same Supabase Postgres database in the EU (Stockholm, AWS eu-north-1) as our Meta data. Tokens are encrypted at rest and rotated according to LinkedIn's token lifetime policy. Page posts/comments are retained up to 24 months for analytics, then aggregated.

Revocation and deletion