Privacy Policy

Broentech Sentinel AS (org.nr 835 459 322), located in Horten, Norway, is the data controller for personal data processed through this website.

Privacy contact: stian@broentech.no. We aim to respond to data-subject requests within 30 days.

Account information: When you create an account, we collect your display name, email address, authentication credentials, and (optionally) a profile image. If you sign in with Google or Microsoft, we receive your name and email from that provider.

Messages and chat threads: When you send messages to us through the help panel or /messages, we store the message content, your user ID, sender name, and timestamps.

Meeting bookings: When you book a meeting, we store your name, email, company name, organization number, meeting title, description, and requested time slots.

Contact form submissions: When you use the contact form, we collect your name, email, subject, and message. Your IP address is checked transiently for rate-limiting but never persisted.

Support Hub feedback: When you submit feedback from the ASMI editor, we store the feedback type, title, message, and optional diagnostic snapshot (URL, browser user-agent) in our PostgreSQL Support Hub. Your Firebase user ID and email are linked to the submission.

ASMI avatar chat sessions: When you build or converse with an ASMI avatar, we store the conversation history (user messages + model responses), avatar state, and session metadata. Anonymous visitors who chat with the public Stian avatar on broen.tech have their sessions stored under that avatar for service operation.

Blog comments: Any comment you post on the blog (content, author name, parent thread) is stored and displayed publicly on the blog.

Moderation flags: If our AI moderation system flags content you've posted for review, the flag record (content reference, AI reason, severity) is stored until an admin has reviewed it and for 365 days after decision as an audit trail.

We process your data based on the following legal grounds under GDPR Article 6:

Consent (Art. 6(1)(a)): You consent to account creation, marketing communications (opt-in), and analytics cookies. Consent can be withdrawn at any time.

Contract performance (Art. 6(1)(b)): Processing is necessary to provide the services you have requested — messaging, meeting bookings, avatar generation, feedback intake.

Legitimate interest (Art. 6(1)(f)): We have a legitimate interest in preventing abuse, maintaining platform security, and running AI-assisted content moderation to protect our users. A balancing test has been performed; you may object to this processing (see Your Rights below).

Legal obligation (Art. 6(1)(c)): We may process or retain certain data where required to comply with Norwegian or EU law (e.g. tax records, regulatory inquiries).

We use AI (Google Gemini via Vertex AI) to assist in several operations. In all cases, significant decisions are subject to human review — we do not make solely automated decisions with legal or similarly significant effects on you within the meaning of GDPR Article 22.

Content moderation: Our AI scans content you post (display name, chat messages, blog comments, profile image, meeting request descriptions) and flags potentially policy-violating items for admin review. A human admin decides every ban, warning, or dismissal; the AI does not act on its own.

Meeting request screening: Incoming meeting requests are given an initial AI assessment to suggest approval, rejection, or alternative slots. A human (Stian) reviews the suggestion before it becomes a decision.

ASMI avatar chat: Avatars are powered by AI — what they say is generated by a large language model, not a human. Visitors are informed of this when they begin a conversation.

Avatar image generation: Portraits in the avatar gallery are AI-generated from text prompts and labeled as such. If you upload a reference photo, its appearance traits (hair, skin tone, eye shape, accessories) are extracted by an AI model; the reference photo itself is not stored after extraction.

You have the right to request an explanation of any AI-involved decision that affects you, and to contest the outcome. Contact us at stian@broentech.no.

Account data: retained for as long as your account is active. Deleted within 30 days after you delete your account, except where retention is legally required.

Messages and chat threads: retained while your account exists; deleted with your account.

Meeting bookings: retained for up to 365 days after the meeting is completed, cancelled, or rejected.

Contact form submissions: retained for up to 90 days.

Support Hub feedback and diagnostic snapshots: diagnostic snapshots are retained for up to 365 days; feedback records are retained while your account exists so your submission history remains visible to you.

ASMI avatar chat sessions: sessions where you are the avatar owner are retained while your account exists. Sessions with public avatars (e.g. the Stian avatar on broen.tech) where the visitor is anonymous are retained for up to 90 days.

Moderation flag records: retained for 365 days after the flag has been reviewed, for audit purposes.

Analytics: Google Analytics data is retained for 14 months on Google's infrastructure.

Server logs: Cloud Run operational logs are retained for 30 days and are access-controlled.

You may request deletion of your data at any time through your profile page or by contacting us.

Google Cloud Platform (Firebase Auth, Firestore, Firebase Storage, Cloud Run, Cloud Logging, Vertex AI, Google Calendar): Google processes data under a Data Processing Addendum that covers all these services. Data is stored in EU/EEA data centres where supported by the product.

Vertex AI (Google Cloud): Our AI features — avatar chat, content moderation, meeting-request AI review, image generation — run on Vertex AI in the europe-west4 region. Your prompts and responses are not used to train Google's foundation models.

SendGrid (Twilio): Transactional emails (meeting confirmations, chat notifications, ASMI access decisions, billing, reactivation nudges if you signed up but haven't returned in about two weeks, and opt-in newsletter broadcasts when a news post ships) are delivered via SendGrid. SendGrid only sees recipient email addresses and the email body. Reactivation and newsletter emails carry unsubscribe links; reactivation emails additionally include the RFC 8058 List-Unsubscribe header so mail clients can opt you out directly. See the Email Communications section below for more detail.

PostgreSQL host (Support Hub database): feedback, diagnostic snapshots, and avatar session data are stored in a managed PostgreSQL instance. Hosting region is documented in our Records of Processing Activities and available on request.

Google Analytics 4: Anonymous usage statistics, only when you have consented via the cookie banner. IP anonymization is enabled; data retention is 14 months.

Google reCAPTCHA v3: Bot prevention on the contact form. Processes a behaviour-analysis token but does not store the form content.

We do not sell your personal data to third parties, and we do not share it for cross-context behavioural advertising.

Some of our processors (Google Cloud, SendGrid) are US-headquartered. Where data is transferred to the United States, the transfer is protected by Standard Contractual Clauses (SCCs, Implementing Decision (EU) 2021/914) and, for Google, certification under the EU-US Data Privacy Framework.

Where possible, we select EU region data residency (e.g. Vertex AI europe-west4, Firestore multi-region European deployments). A Transfer Impact Assessment is performed for each non-EU processor.

This website uses Google Analytics (GA4) to understand how visitors use the site. Analytics cookies are only set after you explicitly consent via the cookie banner. If you decline, no analytics cookies are placed and no tracking occurs.

When you consent to analytics, Google Analytics sets the following cookies: _ga (used to distinguish users, expires after 2 years) and _ga_* (used to maintain session state, expires after 2 years). These cookies collect anonymous usage data such as pages visited, time on site, and country-level location. IP addresses are anonymized before processing.

In addition to standard page views, consented sessions send a small set of product-usage events so we can understand where the ASMI onboarding funnel drops off. Events cover acquisition (CTA clicks, signup), the avatar wizard (step progression), expression generation, narrative recording, deployment, and gallery sharing. No email, raw user ID, or free-text content is included; where a cohort-level distinction matters we send a one-way SHA-256 hash of your user ID instead.

We honour the Global Privacy Control (Sec-GPC: 1) browser signal as an automatic opt-out from analytics and from any data 'selling' or 'sharing' as those terms are defined under California law.

Essential browser storage (IndexedDB and localStorage) is used to maintain your authentication session and to remember your consent preference. These cannot be disabled while using authenticated features of the site.

You can change your analytics preference at any time by clearing your browser's local storage for this site, which will cause the cookie banner to reappear.

We send three categories of email. Transactional emails (meeting confirmations, billing receipts, account-security notices) are tied to an action you took and do not carry an opt-out — they are the only way to fulfil what you asked us to do. Opt-in newsletter emails only arrive if you ticked the newsletter box at signup or in your profile, and can be toggled off at any time.

Newsletter emails: when a news post goes up on broen.tech/news, an admin may manually trigger a broadcast to every user who opted in to the newsletter. Frequency is 'when there's something worth saying' — typically less than monthly. Every email includes an unsubscribe link pointing to your profile page; opting out is immediate and permanent unless you re-subscribe. Data we hold for this purpose is limited to the email address, display name, and the `newsletterSubscribed` / `newsletterOptedOutAt` flags on your user profile, retained until you unsubscribe or delete your account. Legal basis: consent (GDPR Art. 6(1)(a)).

Reactivation emails are a narrow third category: if you signed up for ASMI but haven't logged in for about two weeks, we may send you one short email asking whether the wizard tripped you up, whether your draft is waiting, or whether you'd like to share a deployed avatar. Each reactivation email carries a one-click unsubscribe link (and the RFC 8058 List-Unsubscribe header, so Gmail, Apple Mail and Outlook can render a native unsubscribe control). Clicking unsubscribe records `reengagementEmailsOptOut: true` on your account immediately — you will not receive reactivation emails again unless you re-subscribe.

Legal basis for reactivation emails is legitimate interest (GDPR Art. 6(1)(f)): recovering users who started and stalled. We balance this interest against your right to not be bothered by capping the practice to one email per dormant window, honouring your opt-out promptly, and never sharing your address with anyone else for any reactivation purpose.

Under the EU General Data Protection Regulation and the UK GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15): you can download all your data from your profile page in a machine-readable JSON format.

Right to rectification (Art. 16): you can update your profile information; for anything you cannot edit yourself, contact us.

Right to erasure (Art. 17): you can delete your account and associated data from your profile page. Some data may be retained where required by law.

Right to restriction (Art. 18): you can ask us to stop processing your data in specified ways while a dispute is resolved.

Right to portability (Art. 20): the data export is provided as JSON, suitable for transfer to another service.

Right to object (Art. 21): you can object to processing based on our legitimate interest; we will stop unless we can demonstrate compelling overriding interests.

Rights related to automated decision-making (Art. 22): see the Automated Decision-Making section above.

Right to lodge a complaint: you can complain to the Norwegian Data Protection Authority — Datatilsynet (datatilsynet.no) — or to the supervisory authority of the EU/EEA country where you live. UK residents can complain to the Information Commissioner's Office (ico.org.uk).

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) grants you additional rights:

Right to know: you may request the categories and specific pieces of personal information we have collected about you. Use the export on your profile page or contact us.

Right to delete: you may request deletion of your personal information, subject to legal exceptions.

Right to correct: you may request correction of inaccurate personal information.

Right to opt out of sale or sharing: we do not sell or share personal information as those terms are defined by the CCPA. If this ever changes, we will provide a clear 'Do Not Sell or Share My Personal Information' link and will honour Global Privacy Control signals automatically.

Right to limit use of sensitive personal information: we do not use or disclose sensitive personal information beyond what is necessary to provide the services.

Right to non-discrimination: we will not discriminate against you for exercising any of these rights.

To exercise any California right, contact us at stian@broentech.no. We verify requests using the email on your account.

This service is not directed at children. You must be at least 16 years old to create an account. We do not knowingly collect personal data from individuals under 16.

If we become aware that we have collected data from a person under 16 without parental or guardian consent, we will delete the account and associated data promptly. If you believe we hold data about someone under 16, please contact us.

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify Datatilsynet within 72 hours in accordance with GDPR Article 33. If the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay.

We implement appropriate technical and organisational measures to protect your personal data, including TLS-encrypted data transmission, server-side authentication verification, role-based access controls, and regular review of server logs for anomalies. Passwords are hashed by Firebase Auth; we never see plaintext passwords.

We may update this privacy policy from time to time. The last updated date at the top of this page indicates when the policy was last revised. Material changes will be announced on the site and, where appropriate, by email. Continued use of the service after changes constitutes acceptance of the updated policy.