Privacy Policy

This Privacy Policy describes how Nikla Technologies AS (“Fency,” “we,” “us,” or “our”) collects, uses, and shares your personal information when you use our website at fency.ai and any related products and services (collectively, the “Services”).

Nikla Technologies AS is a Norwegian company (org. nr. 928 715 493) with its registered address at Hans Nordahls Gate 38, 0481 Oslo, Norway. We act as the data controller for personal information processed through our Services.

If you have any questions about this Privacy Policy or our privacy practices, please contact us at privacy@fency.ai.

Information you provide

• Account information: When you create an account, we collect your name, email address, and authentication credentials.
• Payment information: If you make a purchase, payment data is collected and processed by our payment processor, Stripe. We do not store your full payment card details on our servers.
• Communications: When you contact us for support or other inquiries, we collect the content of your messages along with your name and email address.

Information collected automatically

• Usage data: We collect information about how you interact with our Services, such as pages visited, features used, and actions taken.
• Device and connection data: We collect your IP address, browser type and version, operating system, device type, and language preferences.
• Cookies and similar technologies: We use cookies and similar tracking technologies to collect information about your browsing activity. See the Cookies and Tracking section below.

We use your personal information for the following purposes:

• Service delivery: To provide, operate, and maintain our Services, including processing transactions and managing your account.
• Support: To respond to your inquiries, provide technical support, and resolve issues.
• Communications: To send you service-related notices, updates, and administrative messages. With your consent, we may also send marketing communications.
• Analytics and improvement: To understand how our Services are used, identify trends, and improve functionality and user experience.
• Security: To detect, prevent, and respond to fraud, abuse, and security incidents.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases to process your personal information:

• Contract performance: Processing necessary to provide you with the Services you have requested or to take steps at your request before entering into a contract.
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving our Services, preventing fraud, and ensuring security, provided these interests do not override your rights and freedoms.
• Consent: Where you have given us explicit consent to process your personal information for a specific purpose, such as receiving marketing communications. You may withdraw your consent at any time.
• Legal obligation: Processing necessary to comply with a legal obligation to which we are subject.

We do not sell your personal information. We may share it in the following circumstances:

• Subprocessors: We use third-party service providers to help operate our Services. These subprocessors process personal information on our behalf and under our instructions. We maintain Data Processing Agreements with each subprocessor. A full list is available on our Subprocessors page.
• Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
• Business transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction.

All of our subprocessors are configured to use the European Union as the primary data processing region. This means that, under normal operations, your personal data is stored and processed within the EU/EEA.

However, some of our subprocessors are headquartered outside the EEA (primarily in the United States). As a result, we cannot guarantee that your personal data will never leave the EU — for example, in connection with ancillary operations such as support access, infrastructure maintenance, or legal obligations under foreign law.

Where transfers of personal data outside the EEA occur, we ensure appropriate safeguards are in place, including the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures in accordance with applicable data protection law.

We use cookies and similar technologies to operate and improve our Services, analyze usage patterns, and personalize your experience. Some cookies are essential for the Services to function, while others help us understand how you use our Services.

You can control cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our Services.

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law (for example, for tax, accounting, or other legal requirements).

When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not immediately possible (for example, because the data has been stored in backup archives), we will securely store it and isolate it from further processing until deletion is possible.

Under the GDPR and applicable Norwegian data protection law, you have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Rectification: Request correction of inaccurate or incomplete information.
• Erasure: Request deletion of your personal information, subject to certain legal exceptions.
• Restriction: Request that we restrict the processing of your personal information in certain circumstances.
• Data portability: Request a copy of your data in a structured, commonly used, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@fency.ai. We will respond to your request within the timeframes required by applicable law.

If you believe that our processing of your personal information violates applicable data protection law, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no, or with another supervisory authority in your EEA member state of residence.

Our Services are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at privacy@fency.ai.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where required, by providing additional notice (such as via email). We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us: