Legal

GDPR Compliance

Pikto is built in Norway and designed with European data protection standards at its core. Here's how we comply with the General Data Protection Regulation.

Our GDPR Principles

Lawful Basis

We process data based on consent, contract performance, or legitimate interest — always clearly documented.

Data Minimisation

We only collect what we need to deliver the service. Nothing more.

Purpose Limitation

Your data is used solely for providing Pikto. We never sell data or use it for advertising.

Storage Limitation

We retain data only as long as your account is active, then delete within 30 days.

Integrity & Confidentiality

All data is encrypted in transit and at rest. Access is restricted to authorised personnel.

Accountability

We maintain records of processing activities and conduct regular data protection assessments.

Your Rights Under GDPR

As a data subject, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct any inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — limit how we process your data in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw Consent — revoke consent at any time without affecting prior processing

Data Processing Agreements

All third-party providers who process data on our behalf have signed Data Processing Agreements (DPAs) that meet GDPR requirements. Our sub-processors are located within the EU/EEA, or transfer data under Standard Contractual Clauses.

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, in accordance with GDPR Articles 33 and 34.

Supervisory Authority

Our lead supervisory authority is the Norwegian Data Protection Authority (Datatilsynet). You have the right to lodge a complaint with Datatilsynet or your local EU/EEA data protection authority.

Contact Our DPO

For GDPR-related enquiries or to exercise your rights, contact our Data Protection Officer at dpo@pikto.dev.

For our full data handling practices, see our Privacy Policy.