SymbiSymbi

Privacy Policy

Last updated: February 24, 2026

At Symbi, we are committed to protecting your privacy and handling your personal data responsibly. This privacy policy explains how we collect, use, store, and protect your personal data when you use our platform. We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Norwegian data protection legislation.

1. Who We Are

Symbi AS is the data controller for the personal data processed through this platform. If you have questions about our data practices, you can reach us at contact@symbi.no.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Account information: name, email address, and company affiliation
  • Authentication data: OAuth tokens from Google or Microsoft sign-in
  • Company data: company name, billing information, and subscription details
  • Usage data: activity logs, feature usage, and platform interactions
  • AI interaction history: prompts, responses, and review decisions related to your digital employees
  • Integration credentials: encrypted tokens for connected third-party services (e.g., FreshDesk, Slack)

3. Why We Process Your Data

We process your personal data based on the following legal grounds:

  • Contract performance: To provide and maintain your account, process subscriptions, and deliver the services you have requested.
  • Consent: For marketing communications and optional data processing where you have given explicit consent. You may withdraw consent at any time.
  • Legitimate interest: For platform security, fraud prevention, service improvement, and analytics, where our interests do not override your rights.

4. How We Store and Protect Your Data

Your data is stored in secure, encrypted databases hosted within the EEA. We use industry-standard security measures including encryption at rest and in transit, access controls, and regular security audits. Integration credentials are encrypted using AES-256 before storage. We follow the principle of data minimization and only store what is necessary to provide our services.

5. Third-Party Services

We share data with the following third-party processors to deliver our services:

  • Stripe: Payment processing and subscription management
  • Google: OAuth authentication and workspace integrations
  • Microsoft: OAuth authentication and workspace integrations
  • Slack: Workspace notifications and interactive review workflows
  • Supabase: Application logging and analytics

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. When you close your account, we will delete or anonymize your personal data within 90 days, unless we are required by law to retain it longer (e.g., for accounting or tax purposes). AI interaction logs are retained for 12 months to support service quality and dispute resolution, after which they are anonymized.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to restriction: Request that we limit the processing of your data.
  • Right to object: Object to processing based on legitimate interest or for direct marketing purposes.

8. How to Exercise Your Rights

To exercise any of your rights, please contact us at contact@symbi.no. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

9. Cookies

We use essential cookies required for authentication and session management. These cookies are necessary for the platform to function and cannot be disabled. We do not use tracking or advertising cookies.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice on our platform or sending you an email. We encourage you to review this page periodically.

11. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at contact@symbi.no. Our data protection officer can also be reached at the same address.