Privacy Policy
Last updated: 18 April 2026
Stronki is operated by Sandnes Productions (organization number 930 939 439), a sole proprietorship registered in Norway (“we”, “us”, “our”). This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and services (the “Service”). We act as a data controller under the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven).
1. Who to contact
If you have questions about this policy or want to exercise your rights, email us at support@sandnesproductions.com.
2. Data we collect
- Account data: name, email address, and password hash (via Supabase Auth) when you sign up.
- Questionnaire inputs: the answers you provide to generate a program (e.g. current weight, goal weight, running pace, vertical jump, dietary restrictions, injuries). Some of this is health-related data, which is a special category under GDPR Art. 9. You give us explicit consent to process it by submitting the questionnaire.
- Generated programs: the AI-generated plans we produce for you and any metadata linking them to your account.
- Payment data: we do not store full card numbers. Payments are processed by Stripe; we only retain the Stripe customer ID, payment status, and the product purchased.
- Technical data: IP address, browser type, device information, and pages visited, collected for security and performance.
3. How we use your data and legal bases
- To provide the Service (generating and delivering your program) — legal basis: performance of a contract (GDPR Art. 6(1)(b)) and explicit consent for health data (Art. 9(2)(a)).
- To process payments — legal basis: performance of a contract.
- To maintain security and prevent fraud — legal basis: legitimate interest (Art. 6(1)(f)).
- To comply with Norwegian law (e.g. bookkeeping) — legal basis: legal obligation (Art. 6(1)(c)).
- To send transactional email (receipts, password resets, security notices) — legal basis: performance of a contract.
We do not sell your data and we do not use it for advertising profiling.
4. Who we share data with
We use a small number of trusted processors, each bound by a data processing agreement:
- Supabase (authentication + database) — EU-hosted where available.
- OpenAI(program generation) — your questionnaire inputs are sent to OpenAI's API to generate your plan. OpenAI states that API data is not used to train their models by default.
- Stripe (payment processing).
- Vercel (hosting).
- Resend (transactional email).
Some of these providers are based outside the EEA (notably OpenAI and Stripe in the United States). Transfers rely on the EU Commission's Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.
5. How long we keep your data
- Account and program data: until you delete your account, then removed within 30 days (except where we must retain it by law).
- Payment and invoice records: retained for five years as required by the Norwegian Bookkeeping Act (bokføringsloven).
- Server logs: up to 90 days.
6. Your rights under GDPR
You have the right to: access your data, have it corrected, have it deleted, restrict or object to its processing, withdraw consent at any time, and receive your data in a portable format. Email support@sandnesproductions.com to exercise any of these rights. We respond within 30 days.
You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no.
7. Security
We use industry-standard measures: TLS encryption in transit, encrypted database storage at rest, hashed passwords, and access controls. No system is 100% secure, but we take this seriously.
8. Children
Stronki is not directed at children under 16. We do not knowingly collect data from children under 16. If you become aware that a child has provided us with data, contact us and we will delete it.
9. Changes to this policy
We may update this policy from time to time. Material changes will be announced by email or in-app notice at least 30 days before taking effect.