Privacy Policy
Effective April 1, 2026
1. Introduction and Data Controller
Frostbyte Holding AS is the data controller for all personal data processed through the Vokt AI service. This policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven).
2. GDPR Compliance
Frostbyte Holding AS complies with the GDPR as implemented in Norwegian law. Our supervisory authority is Datatilsynet, the Norwegian Data Protection Authority. We are committed to processing personal data lawfully, fairly, and transparently.
3. Data We Collect
We collect the minimum data necessary to provide the service:
- Account information: email address and name, provided during registration.
- Usage data: processing job IDs, timestamps, and file sizes for service operation and billing.
4. Data We Do Not Collect
We do not collect or store the contents of your documents. Uploaded files are processed in memory and immediately deleted upon completion of the OCR task. No copies are retained, cached, or used for any purpose beyond the immediate processing request.
5. Purpose of Processing
We process personal data for the following purposes:
- Providing and maintaining the Vokt AI document processing service.
- Managing billing and subscriptions through our payment partner.
- Responding to support requests and communications.
- Ensuring service security and preventing abuse.
6. Legal Basis
We process your personal data based on the following legal grounds under GDPR Article 6(1):
- Contract performance (Art. 6(1)(b)): processing necessary to deliver the service you subscribe to.
- Legitimate interest (Art. 6(1)(f)): service security, fraud prevention, and service improvement.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of your account |
| Processing metadata | 90 days |
| Document contents | Not retained — immediately deleted |
8. Data Sharing
We share personal data only with Paddle, our payment processing partner, for the sole purpose of managing billing and subscriptions. We do not sell, rent, or share your personal data with any other third parties.
9. Data Location
All data processing and storage takes place within Norway and the European Economic Area (EEA). We do not transfer personal data outside the EEA. Our infrastructure is hosted on servers physically located in Norway.
10. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Rectification: request correction of inaccurate personal data.
- Erasure: request deletion of your personal data.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interest.
To exercise any of these rights, contact us at privacy@vokt.ai. We will respond within 30 days.
11. Cookies
Vokt AI uses essential cookies only. These are strictly necessary for the service to function, such as session authentication cookies. We do not use tracking cookies, analytics cookies, or any third-party cookies.
12. Security Measures
- TLS 1.3 encryption for all data in transit.
- Encryption at rest for all stored data.
- Strict access controls limiting data access to authorized personnel.
- Regular security assessments and infrastructure monitoring.
13. Changes to This Policy
We may update this privacy policy from time to time. We will provide at least 30 days notice of any material changes by email or through the service. The date at the top of this page indicates when the policy was last revised.
14. Contact
For privacy-related inquiries, contact our data protection team at privacy@vokt.ai.
15. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with Datatilsynet, the Norwegian Data Protection Authority.
Datatilsynet
Postboks 458 Sentrum
0105 Oslo, Norway
www.datatilsynet.no