Myta AS (“Myta”, “we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights. It applies to visitors to our website, users of our Service, and representatives of our business customers.
Myta AS is the data controller for personal data processed in connection with the use of the Service and our website. To contact us about privacy matters:
For questions about this policy or to exercise your data rights, contact our Data Protection contact at hi@myta.io.
This policy applies to personal data Myta processes as a data controller, including operating our website, managing accounts, communicating with users, ensuring security, and maintaining and improving the Service.
When customer organisations use the Myta Service and submit personal data about their own employees or end users. Myta acts as a data processor on behalf of the customer. In such cases, the processing of such data is governed by the applicable agreement between Myta and the customer, including the Data Processing Agreement rather than this policy.
| Category | Examples |
|---|---|
| Account data | Name, email address, job title, organisation name, password (hashed) |
| Billing data | Billig name, address, VAT number. Payment card details are handled by our payment processor and not stored by Myta |
| Profile data | Profile picture, preferences, notification settings |
| Communications | Messages you send to our support team, survey responses, feedback |
| Category | Examples |
|---|---|
| Usage data | Features accessed, frequency of use, AI feature interactions, session duration, in-app actions |
| Device and access data | IP address, browser type, operating system, device type, language settings |
| Log data | Server logs, error reports, performance metrics |
| Cookie data | See Section 10 for details |
We may receive data about you from:
| Purpose | Details |
|---|---|
| Providing the Service | Creating and managing your account, delivering features, authentication, and sending service-related notifications. |
| AI Features | Using account and usage data to personalise AI-generated suggestions, goal-setting assistance, and strategic insights within the Service. |
| Billing and payments | Processing subscriptions, issuing invoices, managing renewals, and handling payment queries. |
| Customer support | Responding to support tickets, diagnosing technical issues, and improving support quality. |
| Product improvement | Analysing how users interact with the Service to prioritise feature development and improve the AI models (using anonymised or aggregated data where possible). |
| Security and compliance | Detecting fraud, preventing unauthorised access, complying with legal obligations, and enforcing our Terms. |
| Marketing | Sending product updates, newsletters, and promotional information to existing users and prospects (with consent or opt-out, as applicable). |
| Partner program | Sharing relevant account information with authorised reseller or implementation partners involved in your subscription. |
Myta does not independently disclose personal data to third-party AI service providers. Any inclusion of personal data in inputs to such AI Features is determined entirely by the customer and its users. Personal data will only be processed by third-party AI providers where the customer or its users choose to include such data in inputs to AI features. In those cases, the data is processed by third-party AI providers acting on Myta’s behalf and solely for the purpose of providing the requested functionality.
Myta does not use personal data processed in connection with the Service to train or fine-tune general-purpose AI models made available to other customers.
We process personal data under the following legal bases (as applicable under the GDPR or similar legislation):
| Legal basis | When we rely on it |
|---|---|
| Contract | To provide the Service and fulfil our obligations under the Terms and Conditions. |
| Legitimate interests | Product improvement, security monitoring, direct marketing to existing customers, fraud prevention. |
| Legal obligation | Compliance with tax law, regulatory requirements, and responding to lawful requests from authorities. |
| Consent | Marketing communications to prospects; certain non-essential cookies. You may withdraw consent at any time. |
We share data with trusted third-party service providers who help us operate the Service, including:
All service providers are subject to data processing agreements and may only process data on our instructions.
If your subscription was arranged through a Myta authorised partner, we may share relevant account and usage data with that partner to the extent necessary for them to fulfil their obligations to you.
In the event of a merger, acquisition, or sale of all or substantially all of Myta’s assets, personal data may be transferred to the acquiring entity, subject to equivalent privacy protections.
We may disclose personal data if required to do so by applicable law, court order, or governmental authority, or where we believe disclosure is necessary to protect Myta’s rights or the safety of any person.
Myta does not sell, rent, or trade personal data to third parties for their own marketing purposes.
Myta's primary infrastructure is located within the European Economic Area (EEA).
Where we transfer personal data to service providers or partners outside the EEA, we ensure that appropriate safeguards are in place, such as:
This may include AI infrastructure or model providers used to deliver the AI Features, acting on Myta's behalf. You may request a copy of the relevant transfer safeguards by contacting hi@myta.io.
| Data type | Retention period |
|---|---|
| Account data | Duration of the subscription + 12 months, then deleted or anonymised. |
| Customer-submitted data (Service content) | 30 days after termination, unless a data export is requested. See Terms Section 8.4. |
| Billing and financial records | 5 years from the end of the tax year, as required by Norwegian accounting law. |
| Support communications | 3 years from the date of the interaction. |
| Usage and analytics data | Up to 24 months (aggregated/anonymised data may be retained indefinitely). |
| Marketing contacts | Until opt-out or 2 years of inactivity. |
| Logs and AI | Logs and AI interaction data may be retained for a limited period for security, debugging, and service improvement purposes. |
Retention periods may be extended where required by law, regulation, or for the establishment, exercise, or defence of legal claims.
Subject to applicable law, you have the following rights regarding your personal data:
| Right | What it means |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Rectification | Ask us to correct inaccurate or incomplete data. |
| Erasure | Request deletion of your data in certain circumstances. |
| Restriction | Ask us to limit the processing of your data in certain cases. |
| Portability | Receive your data in a structured, machine-readable format. |
| Objection | Object to processing based on legitimate interests or for direct marketing. |
| Withdraw consent | Withdraw consent at any time where processing is consent-based. |
| Lodge a complaint | Complain to the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no. |
To exercise any of these rights, contact us at hi@myta.io. We will respond within 30 days. We may need to verify your identity before processing your request.
| Type | Purpose | Consent required? |
|---|---|---|
| Strictly necessary | Authentication, security, session management. Required for the Service to function. | No |
| Functional | Remembering user preferences, language settings, and personalisation choices. | No |
| Analytics | Understanding how users navigate the website and Service to improve performance. Data is aggregated and anonymised where possible. | Yes |
| Marketing | Tracking visitors across websites to deliver relevant advertising and measure campaign effectiveness. | Yes |
You can manage your cookie preferences through our cookie consent banner, displayed on first visit to our website. You can also control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.
Myta implements appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
If you believe your account or personal data has been compromised, please contact us immediately at hi@myta.io.
The Service is intended for use by business professionals and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. We will notify you of material changes by email or by prominently displaying a notice within the Service, at least 30 days before the change takes effect.
Continued use of the Service after the effective date constitutes acceptance of the updated policy.