Privacy Policy

Last updated: March 11, 2026

Einar (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the Einar platform (“Service”). We process data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Norwegian data protection law.

1. Data Controller

The data controller is Hafsaas Foundry (ENK), operating the Einar platform. For inquiries about data processing, contact us at privacy@einar.ai.

2. Data We Collect

2.1 Account Data

When you create an account, we collect your first name, last name, email address, and (if using OAuth) your profile picture URL. This data is necessary to provide the Service.

2.2 Usage Data

We collect information about how you interact with the Service, including pages visited, features used, timestamps, and device/browser information. We use this to improve the Service and diagnose issues.

2.3 Content You Create

Conversations with the AI agent, tasks, contacts, companies, documents, OKRs, and other workspace content you create within the Service. This data is stored to provide and improve the features you use.

2.4 Third-Party Integrations

If you connect third-party services (e.g., Google Workspace, Slack), we access and store OAuth tokens and data necessary to provide the integration. We only request the minimum scopes required. You can disconnect integrations at any time via Settings.

3. Legal Basis for Processing

We process your personal data based on:

• Contractual necessity (Art. 6(1)(b) GDPR) — to provide the Service you signed up for.
• Legitimate interest (Art. 6(1)(f) GDPR) — for security, fraud prevention, analytics, and improving the Service.
• Consent (Art. 6(1)(a) GDPR) — for optional processing such as marketing communications. You may withdraw consent at any time.

4. How We Use Your Data

• To provide, maintain, and improve the Service.
• To authenticate your identity and manage your account.
• To send transactional emails (account verification, password reset, team invitations).
• To provide AI-powered features using your workspace data as context.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with legal obligations.

5. AI Data Processing

Einar uses large language models to provide AI agent features. Your workspace data (conversations, tasks, documents) may be sent to AI model providers as context for generating responses. We do not use your data to train AI models. AI providers are bound by data processing agreements that prohibit them from using your data for their own purposes.

6. Data Sharing & Sub-processors

We do not sell your personal data. We share data only with:

• Infrastructure providers — Vercel (hosting), Supabase (database), for the operation of the Service.
• AI model providers — for processing AI agent interactions.
• Email providers — for transactional and (with consent) marketing communications.
• Legal obligations — when required by law or to protect our rights.

7. International Transfers

Some sub-processors are located outside the EEA. Where this occurs, transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards in compliance with Chapter V of the GDPR.

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, we permanently erase all personal data and workspace content within 30 days, except where retention is required by law (e.g., for tax or accounting purposes).

9. Your Rights

Under the GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate personal data.
• Erasure — request deletion of your personal data (“right to be forgotten”). You can delete your account at any time from Settings > Account.
• Data portability — receive your data in a structured, machine-readable format.
• Restriction — request that we limit processing of your data.
• Object — object to processing based on legitimate interest.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@einar.ai. We will respond within 30 days.

10. Account Deletion

You may delete your account at any time from Settings > Account. Deletion permanently removes:

• Your profile and authentication credentials.
• All workspaces you own and all data within them (contacts, companies, conversations, tasks, documents, agent data).
• All connected third-party OAuth tokens.

If you are the sole owner of a workspace, deleting your account will delete the entire workspace and affect all members. This action is irreversible.

11. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, row-level security in our database, and regular security reviews.

12. Cookies

We use essential cookies required for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

13. Age Requirement

The Service is intended for users aged 18 and older. We do not knowingly collect data from individuals under 18. If you believe a minor has created an account, contact us and we will promptly delete it.

14. Supervisory Authority

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact

For any questions about this Privacy Policy or your personal data, contact us at: privacy@einar.ai