Last updated: 21. december 2025
1. Data Controller
The data controller responsible for your personal data is:
Friktionskompasset
CVR: [YOUR CVR NUMBER]
Email:
[email protected]
Address: [YOUR ADDRESS]
2. What Data We Collect
Account Information
- Name and email address
- Password (encrypted)
- Organization affiliation
- Role (admin, manager, user)
Survey Responses
- Answers to friction assessment questions
- Free-text comments (anonymous)
- Response timestamp
- Organizational unit (for aggregated analysis)
Technical Data
- IP address (for security)
- Browser type and version
- Login timestamps
- Cookies (see section 9)
3. How We Use Your Data
We use your personal data for the following purposes:
| Purpose |
Data Used |
| Account management |
Name, email, password |
| Survey delivery |
Email address, organization |
| Results analysis |
Responses (anonymized) |
| System security |
IP address, login logs |
| Communication |
Email address |
4. Legal Basis
We process your personal data based on:
- Contract: To provide the friction assessment service
- Consent: For email notifications (can be withdrawn)
- Legitimate interest: To improve our service and ensure security
- Legal obligation: To comply with accounting and tax laws
5. Data Sharing
We do not sell your personal data. We only share data with:
- Your organization: Aggregated results (minimum 5 responses for anonymity)
- Sub-processors: Service providers who help us deliver the service (see below)
- Legal authorities: If required by law
Anonymity guarantee: Individual survey responses are never shown unless there are at least 5 respondents in a unit. Free-text comments are always anonymous.
6. Sub-Processors
We use the following sub-processors:
| Service |
Provider |
Purpose |
Location |
| Hosting |
Render (render.com) |
Application hosting |
EU (Frankfurt) |
| Email delivery |
Mailjet |
Sending invitations |
EU |
| DNS & CDN |
Cloudflare |
Domain management |
Global |
| Analytics |
Google Analytics |
Usage statistics |
EU (anonymized IP) |
All sub-processors are GDPR compliant and have Data Processing Agreements in place.
7. Data Retention
We retain your data for the following periods:
- Account data: Until account deletion + 30 days grace period
- Survey responses: As long as the organization maintains an active account
- Audit logs: 12 months
- Email logs: 90 days
8. Your Rights (GDPR)
Under GDPR, you have the following rights:
Right to Access: Download all your data via "Export My Data" in your account settings.
Right to Rectification: Update your profile information in your account settings.
Right to Erasure: Delete your account via "Delete My Account" (30-day grace period).
Right to Data Portability: Your data export is in JSON format for portability.
Right to Object: Unsubscribe from emails via the unsubscribe link in any email.
Right to Lodge a Complaint: Contact the Danish Data Protection Agency (Datatilsynet) if you believe your rights have been violated.
9. Cookies
We use the following cookies:
| Cookie |
Purpose |
Duration |
| session |
Keep you logged in (essential) |
Session |
| language |
Remember your language preference |
1 year |
| _ga |
Analytics (Google Analytics) |
2 years |
You can disable cookies in your browser settings, but this may affect functionality.
10. Security
We protect your data with:
- TLS/SSL encryption for all data in transit
- Encrypted password storage (bcrypt)
- Regular security updates
- Access controls and audit logging
- Automatic backups
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes via email.