← Back to home

Privacy Policy

Last updated: February 25, 2026

1. Introduction

Outlier AS ("Outlier", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our websites, APIs, platforms, and related services.

2. Data Controller

Outlier AS, a company registered in Norway, is the data controller for the personal data processed under this policy. You can reach us at hello@outliertech.io.

3. Data We Collect

We may collect the following categories of personal data:

  • -Account information: name, email address, username, and password when you create an account. If you sign in via Google OAuth, we may also receive your display name and avatar.
  • -Billing information: payment details processed through our third-party payment provider (Stripe, PCI-DSS Level 1 compliant). We do not store full payment card details on our servers.
  • -Usage data: API call logs, feature usage, and interaction data to improve our services.
  • -Technical data: IP address, browser type, device information, visited pages, and timestamps collected for performance optimization.
  • -Communications: messages you send to us via email, contact forms, or in-app support widgets.

4. How We Use Your Data

We process your personal data for the following purposes:

  • -To provide, maintain, and improve our services.
  • -To authenticate users and personalize the platform experience.
  • -To process transactions and manage your subscription.
  • -To communicate with you about service updates, support, and inquiries.
  • -To monitor and analyze usage to improve performance and user experience.
  • -To detect and prevent fraud or abuse of our services.
  • -To comply with legal obligations.

5. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your data based on: contractual necessity (to deliver our services), your consent (where applicable), legitimate interests (to improve our services and prevent fraud), and legal obligations.

6. Data Sharing and Third-Party Services

We do not sell, trade, or rent your personal information to third parties. We may share data with trusted third-party service providers who process data on our behalf under strict data processing agreements:

  • -Stripe: payment processing (PCI-DSS Level 1 compliant).
  • -Plausible Analytics: privacy-focused website analytics. Plausible does not use cookies, does not collect personal data, and does not track users across websites. EU-based.
  • -Vercel Analytics: performance monitoring for our web applications.
  • -Featurebase: customer support and feedback messaging.

We may also disclose data when required by law or to protect our legal rights.

7. Data Storage and Security

Your data is stored on secure servers within the European Economic Area (EEA). We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Data is encrypted both in transit and at rest.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Specific retention periods:

  • -Account data: retained for 90 days after account closure, then securely deleted.
  • -Billing records: retained for 7 years for tax compliance purposes.
  • -API and usage logs: retained for 90 days.
  • -Support communications: retained for 2 years.

9. Cookies

We use minimal cookies and similar technologies. Essential cookies are used for session maintenance and the proper functioning of our services. For analytics, we use Plausible Analytics, which does not use cookies or collect personal data. You can manage your cookie preferences through your browser settings.

10. Your Rights

Under the GDPR, you have the right to:

  • -Access the personal data we hold about you.
  • -Request correction of inaccurate data.
  • -Request deletion of your data.
  • -Object to or restrict processing of your data.
  • -Request data portability.
  • -Withdraw consent at any time (where processing is based on consent).

California residents may have additional rights under the CCPA, including the right to know what personal information is collected and the right to request its deletion.

To exercise any of these rights, contact us at hello@outliertech.io. We will respond to your request within 30 days.

11. Age Restriction

Our services are intended for users aged 18 and older. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, please contact us at hello@outliertech.io and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website with a revised effective date. Your continued use of our services after changes take effect constitutes acceptance of the revised policy.

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at hello@outliertech.io.

Outlier AS
Norway