Privacy Policy

Vette is an AI-powered software solution designed to help businesses analyze the security compliance of their vendors and products against specific security requirements and industry standards.

Here you can read Vette's privacy statement and learn about how we process your personal information.

This Privacy Policy explains how we collect, use, and protect your personal data when you use our services.

Personal data refers to any information that can be used to identify an individual, directly or indirectly.

Gråbein Studio AS is the data controller for the personal data processed in connection with your use of our services.

What personal data do we process

We collect and process personal data only when necessary and relevant for delivering our services. We primarily process information about you in the following cases:

  • Account information: When you sign up for Vette, we collect your name and email address. You may optionally provide your company name and business registration number.
  • Usage information: Data about how you use the Service may be logged for support, analytics, and improvement purposes.
  • Analysis data: The documentation and requirements uploaded by users is attached to a user account. The results of the analysis are stored and attached to users. These reports should not contain personal data. It is the user's responsibility to ensure that uploaded content does not include personal information unless explicitly required and permitted.
  • Review data: Users may add comments and reviews to their analysis. This is stored, and currently only available for the user. It is the user's responsibility to ensure the comments and review does not include personal information.

Processing of personal data

We process personal data for the following purposes:

  • To manage and maintain your account.
  • To provide and operate our Service.
  • To communicate with you regarding updates, support, or changes to the Service.
  • To analyze usage patterns and improve the user experience.
  • To comply with legal obligations.

The legal basis for processing your personal data is either:

  • Your consent (e.g., newsletter or communication),
  • Performance of a contract (providing the Service you signed up for),
  • Compliance with legal obligations, or
  • Legitimate interest (e.g., ensuring service reliability and security).

Use of subprocessors and third parties

To provide our services, we rely on carefully selected third-party providers, including hosting, infrastructure, authentication, payment processing, and AI services.

These providers may process limited personal data on our behalf and are contractually obligated to comply with data protection regulations.

We reserve the right to make changes to our subprocessors. A current list is available at /legal/subprocessors.

Cookies

We use a minimal set of cookies to operate the Service:

  • vette-locale (1 year): Stores your language preference (en or no) when you click the language toggle. Contains no personal data and is set only in response to your explicit choice.
  • Authentication cookies: Set by our authentication provider when you sign in, to keep you signed in. Required for the Service to function.

We do not use cookies for advertising, analytics, or third-party tracking.

Data retention

We retain personal data only for as long as it is necessary for the purposes described above or as required by law.

Users can request deletion of their account and associated personal data at any time.

Your rights

You have the right to:

  • Receive information about how we process your personal information.
  • Demand insight into the personal information we have about you, information about the processing of the information, and the purpose of the processing.
  • Demand correction of personal information if it is incorrect or incomplete.
  • Demand the deletion of parts of your personal information.
  • Demand limitations on our processing of privacy information.
  • Data transfer of the personal information you have provided us in a structured and machine-readable format.
  • Withdraw your consent.
  • Lodge a complaint with the Data Protection Authority.
  • In certain cases, object to our processing of your privacy information.

You can complain about our processing of personal information.

If you have reason to believe we are not complying with the rules of the Personal Data Act, we urge you to contact us at hi@vette.tech. You can also file a complaint to the Data Protection Authority here: https://www.datatilsynet.no

Data sharing and confidentiality

We do not share or sell your personal data to third parties for marketing or commercial purposes.

We only disclose personal data:

  • To our subprocessors (see above), strictly for operating our services.
  • When legally required to do so (e.g., by law enforcement or regulatory authorities).

Changes to the privacy policy

We may update this privacy policy from time to time. All changes will be published on this page with an updated effective date. If we make significant changes, you will be notified through the Service.

Our contact details

Last updated: 09.06.2026