Privacy Policy
Last updated: 30 October 2025
About Innsikt
Innsikt.AI, with organization number 931 507 354, and business address at Finkefaret 10, 1388 Borgen, hereinafter referred to as “we,” “us,” or “Innsikt,” works with training professionals to improve child interview skills with digital avatars.
Innsikt is the data controller for personal data processed through the use of the website Innsikt.AI, and for fulfilling agreements with customers or other partners. We process your personal data as explained in this statement. This declaration has been prepared in accordance with the Norwegian Personal Data Act of 2018, which implements the EU General Data Protection Regulation (GDPR, Regulation 2016/679/EU) into Norwegian law.
When are we the data controller?
When you contact us or use our services (such as our website innsikt.ai), we may process personal data about you. Below you’ll find information about what personal data is collected, why it is collected, and your rights related to our processing of personal data.
General processing of personal data
We process and use personal data for various purposes depending on who you are and how we interact with you.
We process some personal data on a contractual basis. For example, we may process contact information about company representatives in order to offer you or your organization a contract. Innsikt only collects contact information for such representatives to administer agreements, including contract offers.
When providing our services to customers, including training programs that use digital avatars, Innsikt may process personal data relating to name of the participant and simulation details that are part of the training exercises.
As a supplier and employer in Norway, we are legally obliged to comply with Norwegian laws and regulations, and therefore must process certain personal data about our contacts, such as to meet obligations under accounting, labor, tax, and anti-money laundering laws.
For certain types of processing, we rely on consent. Examples include sending you newsletters via email or using cookies that are not strictly necessary for the functioning of our website. You may withdraw your consent at any time, as easily as it was given.
In some cases, we process data based on legitimate interest. After conducting a balancing test, we have concluded that our legitimate interests are lawful and outweigh the privacy impact on the data subjects. You may object to such processing at any time by contacting us. If the processing is not essential (for example, marketing), we offer you an opt-out option.
Purpose of processing personal data
Customer management and user support
We process personal data to enter into and fulfill agreements with customers and partners. For instance, when you use our customer support (by phone or email), you may provide personal information necessary for us to assist you.
We use email and telephone as part of our daily work. Relevant information from communications related to customer service is recorded and processed in our CRM system. Employees also use email in general correspondence with internal and external contacts.
Security
For security reasons, we perform server logging, detection, investigation, and follow-up of security incidents. Our processing basis is legitimate interest. We consider this necessary to safeguard information security and prevent unauthorized access or disclosure of personal data.
Marketing, newsletters, and information
We process your name and email address to send newsletters based on your consent. You can withdraw your consent at any time by contacting us or using the unsubscribe link in the newsletter.
We may also send other marketing communications via phone or SMS based on our legitimate marketing interest, in line with the Norwegian Marketing Control Act. You may opt out at any time by following the opt-out instructions provided or by contacting us.
Legal obligation
We also process personal data when required by law, for instance, to fulfill rights under data protection laws (e.g., access or correction requests) or for accounting and financial compliance (e.g., invoicing, bookkeeping, or anti-money laundering obligations).
Retention period
We store your personal data only as long as necessary for the purpose for which it was collected.
Personal data processed based on consent will be deleted if you withdraw your consent. In some cases, we must continue to process certain data due to legal obligations (for example, accounting laws). Data processed for legal purposes will be deleted in accordance with the retention periods defined by law.
How your data is stored
Your data is securely stored using third-party services, as described below.
Our subcontractors (data processors) handle your data on our behalf and may not use it for any other purpose. We take special precautions to ensure all processors comply with this policy and data protection legislation.
We only use third-party services listed in this privacy policy, and we choose providers that meet GDPR requirements. These providers act as data processors under data processing agreements with us.
Third-party services
| Recipient Category | Countries | Purpose of the transfer | Data Types Transferred |
|---|---|---|---|
| Amazon Web Services (AWS) | United States, European Union (Stockholm, Sweden) | Cloud infrastructure, application hosting, database hosting, and secure data storage | User-provided data (e.g., names, account details, user history, stored content) and system-generated data (e.g., server logs, access records, performance metrics) |
| OpenAI | United States | Natural language processing and response generation | Text input, generated responses, conversation context |
| ElevenLabs | United States | Text-to-speech generation and audio processing | Text-to-speech recordings, transcribed text |
Cookies
We use cookies on our website Innsikt.ai. When you visit our website, you may consent to receive cookies for the purposes specified in our cookie tool.
Cookies that are not strictly necessary will only be activated if you consent to them — for example, for “Functional,” “Statistical,” or “Marketing” purposes.
If you previously accepted cookies, you can withdraw your consent by adjusting your browser’s privacy settings.
Your privacy rights
Innsikt wants to make you aware of your rights under data protection laws. We will not share your personal data with others unless there is a lawful basis for doing so.
As a data subject identifiable as a natural person, you have the following rights:
- Right of access – You have the right to request a copy of all personal data we hold about you.
- Right to rectification – You may ask us to correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”) – You may request deletion of your personal data, except where we are legally required to retain it.
- Right to restriction of processing– You can ask us to limit processing where possible. Our systems are built with “privacy by design and by default.”
- Right to object – You may object to certain processing, unless it is legally required or necessary for minimum security. Exercising this right may prevent us from offering you some services.
- Right to data portability – Under certain conditions, you may request that we transfer your personal data to another organization or to yourself.
- Right to withdraw consent – You may withdraw any consent you have given us at any time. Please specify which consent you are withdrawing if it is not otherwise clear.
Contacting us
If you wish to file a complaint regarding our processing of your personal data, you may contact the Norwegian Data Protection Authority (Datatilsynet) by following the instructions at datatilsynet.no under “Klage til Datatilsynet.”
We encourage you to contact us first if you have any questions or complaints about this privacy policy.
Contact us by email at privacy@innsikt.ai or by phone at +47 975 04 311.