Stormberry AS respects your privacy. This page explains, in plain language, what information we hold about you, why we hold it, and what your rights are. We do not use cookies. We do not run analytics. We do not sell, share, or monetise your data. Ever.

1. Who we are

Stormberry AS is a Norwegian limited company (aksjeselskap) registered in Askøy, Norway. Organisation number: NO 937 751 249. We are the data controller for any personal data processed through this website. You can reach us at .

2. What information we collect

The only personal information we receive from you is what you choose to send us through the contact form on this site:

• Your name
• Your email address
• The service area you are interested in
• The message you write to us
• Whether you ask us to send a copy of your enquiry to your own email

We do not run web analytics on this site. We do not track your browsing behaviour. We do not place advertising or marketing pixels. We do not fingerprint your device.

3. Why we use it, and on what legal basis

We use the information you submit through the contact form for one purpose only: to respond to your enquiry and, where appropriate, to follow up about working together. The legal basis under the EU General Data Protection Regulation (GDPR) is your consent at the point of submission, together with our legitimate interest in conducting pre-contractual communication with prospective clients (Article 6(1)(a) and (f)).

We do not use your information for marketing. We do not add you to a mailing list. We do not share, sell, rent, or otherwise transfer your information to third parties for their own use.

4. Who processes your data on our behalf

We use a small number of carefully chosen sub-processors strictly for the technical operation of this site and the contact form. Each is bound by a Data Processing Agreement and processes your data only for the purpose described:

• Cloudflare, Inc. hosts the site and provides security and spam protection (via Cloudflare Turnstile, a privacy-respecting CAPTCHA that does not use cookies and does not track users across sites).
• Resend, Inc. delivers the contact-form email to us and the optional copy to you.
• Proton AG (Switzerland) hosts our company email inbox where your message is received and stored.

Resend and Cloudflare are based in the United States. Where personal data is transferred outside the European Economic Area, the transfer is covered by the European Commission's Standard Contractual Clauses and any additional safeguards required under Schrems II.

5. How long we keep it

Contact-form messages are kept in our company inbox for as long as is reasonably necessary to handle the enquiry and any resulting engagement, after which they are archived or deleted. If a message does not lead to an engagement, we typically delete it within twelve months. Where Norwegian bookkeeping law (bokføringsloven § 13) requires us to retain documentation related to commercial relationships, we keep those records for the legally required five years.

6. Cookies and similar technologies

We do not set cookies on this site. We do not use local storage to track you. We do not use device fingerprinting. Cloudflare Turnstile, used to protect the contact form from automated abuse, does not use cookies.

7. Your rights

Under the GDPR and the Norwegian Personal Data Act (personopplysningsloven), you have the right to:

• access the personal data we hold about you;
• ask us to correct inaccurate data;
• ask us to delete your data;
• ask us to restrict how we process your data;
• receive a portable copy of the data you have given us;
• object to processing carried out on the basis of legitimate interest;
• withdraw any consent you have given.

To exercise any of these rights, write to us at . We will respond within thirty days. If you believe your rights have been infringed, you also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet, datatilsynet.no).

8. Automated decision-making

We do not subject you to any automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you (GDPR Article 22).

9. Minors

Stormberry AS is a business-to-business service. We have no commercial reason to collect personal data from anyone below the Norwegian age of majority (18). We do not knowingly do so. If you believe a minor has submitted information to us, please contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects the most recent change. Material changes will be highlighted on the site for a reasonable period after they take effect.

---

Human dignity, ethics, and our commitments

Stormberry AS holds, with the founders of free societies, that every human being is created in the image and likeness of God, and is therefore endowed with an inherent and inviolable dignity that no government, employer, or marketplace may rightfully remove.

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.

From this foundation, our commercial conduct follows. In our own operations and across our supply chain, we will not tolerate:

• child labour, in any form;
• forced labour, debt bondage, or any form of modern slavery;
• human trafficking, or any work undertaken without informed and freely given consent;
• discrimination on the basis of ethnicity, religion, sex, age, sexual orientation, disability, nationality, or political opinion;
• retaliation against anyone who raises a concern in good faith about any of the above.

We choose suppliers and partners on the same basis. Where we identify a credible concern about practices in our supply chain, we will investigate, raise it directly, and where necessary end the commercial relationship. Concerns may be raised confidentially by writing to .

Stormberry AS is below the size thresholds at which the Norwegian Transparency Act (Åpenhetsloven) imposes formal due-diligence obligations. As Stormberry grows and crosses those thresholds, we will publish a formal due-diligence assessment (aktsomhetsvurdering) in line with section 5 of the Act.