Privacy Policy
Effective: 21 April 2026 · Version 1.0
This Privacy Policy describes how Gulsten AS (the "Data Controller") processes personal data in connection with DashEditor and the website dasheditor.speedfreaks.no. It is written to comply with the EU General Data Protection Regulation (GDPR) and Norwegian privacy law.
1. Who we are
Gulsten AS · Krokemoveien 103, 3244 Sandefjord · Organization number 919 753 706.
Email: support@speedfreaks.no.
We are the data controller for the personal data described here. You can reach us at any time using the email above.
2. What we collect and why
| Data | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| Email, name, billing country (from Stripe checkout) | Generate license file, send activation link, send renewal invoices, handle refunds and support | Contract performance (6(1)(b)) |
| Machine identifier (12-character hexadecimal, derived by the app from your MAC + hostname) | Bind the license to one computer so it cannot be shared | Contract performance (6(1)(b)) |
| Payment card details | Processed directly by Stripe. We never see or store card numbers. | Contract performance (6(1)(b)) |
| Server access logs (IP, URL, timestamp, user agent) | Operational monitoring, abuse prevention, security. Retained max 90 days. | Legitimate interest (6(1)(f)) |
| Config files you upload to the free "Check your config" tool | Parse once, return the report, discard immediately (not persisted). Uploaded contents are held in memory only. | Legitimate interest (6(1)(f)) |
| Support emails you send us | Reply to your question, maintain support history | Legitimate interest (6(1)(f)) |
3. What we don't do
- We do not set advertising or tracking cookies.
- We do not use Google Analytics, Facebook Pixel, or any third-party tracker on the website.
- We do not sell or rent your data to anyone, ever.
- We do not collect telemetry from the installed DashEditor application — it runs fully offline and does not phone home.
4. Who we share data with
We use a small number of external service providers ("data processors") strictly to deliver the service:
| Processor | Role | Data |
|---|---|---|
| Stripe Payments Europe Ltd. (Ireland) | Payment processing, subscription management, invoicing | Email, name, billing address, card data |
| Google Ireland Ltd. (Google Workspace) | Email delivery for activation, license, renewal, and support messages | Email, name |
| Let's Encrypt / ISRG (USA) | TLS certificate for the website | Domain name only |
Some processors transfer data to the United States. Such transfers are protected by EU Standard Contractual Clauses and the EU–US Data Privacy Framework where applicable.
5. How long we keep your data
- Active subscription: the data described above for as long as your subscription is active.
- After subscription ends: we keep your purchase record for up to 5 years to comply with Norwegian bookkeeping law (Bokføringsloven § 13).
- Support emails: up to 3 years after the last message in the thread.
- Server access logs: maximum 90 days.
- Uploaded config files (via the "Check" tool): not stored at all — discarded immediately after the parse.
6. Your rights under GDPR
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion (the "right to be forgotten") — subject to legal retention duties in §5
- Request portability — we will send you an export in a machine-readable format
- Object to processing based on legitimate interest
- Withdraw consent where processing is based on consent (we don't currently rely on consent as the legal basis)
To exercise any of these rights, email support@speedfreaks.no. We respond within 30 days.
7. Complaints
If you believe we have handled your data improperly, you have the right to complain to the Norwegian Data Protection Authority: Datatilsynet, Oslo. EU/EEA residents may instead complain to their home country's supervisory authority.
8. Security
We protect personal data through:
- TLS encryption for all website traffic (HTTPS enforced via HSTS in future revisions)
- Hashed and access-restricted private signing key for license generation
- Principle of least privilege for server access; passwordless SSH with dedicated admin user; scoped sudo
- No storage of card numbers — Stripe handles PCI-DSS compliance
No system is perfectly secure. If we discover a breach affecting your data, we will notify you and Datatilsynet within 72 hours as required by GDPR Art. 33–34.
9. Children
DashEditor is not intended for use by children under 16. We do not knowingly collect data from minors.
10. Changes to this policy
We may update this policy to reflect changes in the service or in applicable law. Material changes will be announced by email to active subscribers at least 30 days before taking effect. The "Effective" date at the top of this page always reflects the most recent update.