Privacy & Cookie Policy
Last updated: March 2026
1. INTRODUCTION
Gorglar AS ("Shortcutsurf", "we", "us") is committed to protecting your privacy and personal data.
This Privacy & Cookie Policy ("Policy") explains how we collect, use, disclose, and protect personal data when you use:
- the Shortcutsurf website (the "Site"),
- applications and websites built on Shortcutsurf,
- the Shortcutsurf platform and related services
(collectively, the "Services").
By using the Services, you acknowledge that you have read and understood this Policy. This Policy should be read together with our Terms & Conditions and, where applicable, our Data Processing Addendum (DPA).
2. DEFINITIONS
- "Direct User" means an individual or entity with an Account who uses the Platform to build and manage applications or websites.
- "End User" means an individual who visits or uses an application or website built on Shortcutsurf without creating an Account.
- "Personal Data" has the meaning given in the GDPR.
- "Processing" has the meaning given in the GDPR.
Capitalised terms not defined here have the meaning set out in the Terms & Conditions.
Unless stated otherwise, this Policy applies to both Direct Users and End Users.
3. IMPORTANT INFORMATION
Data Controller
For the purposes of the GDPR and applicable data protection laws, the data controller is:
Gorglar AS
Norway
Email: [email protected]
Registered address: Bruket 31, N-1622 Gressvik, Norway
Scope
This Policy does not cover how Direct Users process End User data within their own applications. Direct Users are responsible for their own privacy notices and legal compliance toward End Users.
Updates
We may update this Policy from time to time. Material changes will be communicated via the Site or the Platform where required by law.
4. LEGAL BASES FOR PROCESSING
We process personal data only where permitted under GDPR Article 6, including:
- Contract – to provide the Services or take steps prior to entering into a contract
- Legal obligation – to comply with applicable laws
- Legitimate interests – to operate, improve, and secure our Services, provided such interests are not overridden by your rights
- Consent – where explicitly requested (e.g. marketing, optional cookies)
- Vital interests – where necessary to protect life or safety (rare)
You may withdraw consent at any time where processing is based on consent.
5. HOW WE COLLECT PERSONAL DATA
5.1 Information You Provide
Direct Users
We collect personal data when you:
- create or manage an Account (name, email, credentials),
- configure billing or subscriptions (via third-party payment providers),
- communicate with us (support, chat, feedback),
- participate in forums or community areas,
- apply for a job.
Optional profile information (e.g. photo, role) may also be provided.
End Users
We do not directly control what End User data is collected by applications built on Shortcutsurf. The Direct User operating the application determines this processing and acts as data controller.
If End Users contact us directly, we process only the information provided.
5.2 Information Collected Automatically
When you use the Services, we may collect:
- IP address
- browser type and version
- operating system
- device identifiers
- date/time stamps
- referring URLs
- usage logs and diagnostic data
This data is used for security, performance, analytics, and service improvement.
We do not currently respond to browser "Do Not Track" signals.
5.3 Analytics & Third-Party Technologies
We use analytics and performance tools (e.g. website analytics) to understand how our Services are used and to improve functionality. Data is typically aggregated or pseudonymised.
Where third-party analytics providers are used, their processing is governed by their own privacy policies and our contractual safeguards.
5.4 Social Login
If you choose to log in using third-party services (e.g. Google), we receive limited profile data as permitted by your settings with that provider. We do not control third-party platforms and recommend reviewing their privacy policies.
6. COOKIES AND SIMILAR TECHNOLOGIES
6.1 What Are Cookies?
Cookies are small text files placed on your device to enable core functionality, enhance user experience, and analyse usage.
We use first-party cookies and third-party cookies.
6.2 Types of Cookies We Use
- Essential cookies — Required for login, security, and basic functionality.
- Functional cookies — Remember preferences such as language and settings.
- Analytics & performance cookies — Collect aggregated usage statistics to improve the Services.
- Chat & support cookies — Enable customer support tools (e.g. chat functionality).
- Marketing cookies (where applicable) — Used only where permitted by law and subject to consent.
6.3 Managing Cookies
You can manage or disable cookies via your browser settings. Note that disabling essential cookies may limit functionality.
7. HOW WE USE PERSONAL DATA
We use personal data to:
- provide, operate, and maintain the Services
- create and secure Accounts
- process subscriptions and payments
- provide customer support
- communicate service-related messages
- send marketing communications (where permitted)
- improve security, performance, and features
- comply with legal obligations
- protect rights, property, and safety
Anonymised Data
We may create anonymised or aggregated datasets for analytics and improvement purposes. Such data cannot be used to identify individuals.
Automated Decision-Making
We do not use personal data for automated decision-making with legal or significant effects.
8. HOW WE SHARE PERSONAL DATA
We may share personal data with:
- Sub-processors (as defined in our DPA) who help deliver the Services
- Payment providers for subscription processing
- Service providers (hosting, support, analytics)
- Public authorities where required by law
- Professional advisers (legal, accounting)
- Corporate transactions (e.g. merger, acquisition), subject to safeguards
- With your consent, where applicable
A current list of sub-processors is available upon request or via our documentation.
9. AI TECHNOLOGIES
We may use AI-based features to improve the Services and develop new functionality.
When AI features process personal data:
- processing is conducted in accordance with this Policy and the DPA (where applicable),
- appropriate technical and organisational safeguards are applied,
- you remain responsible for ensuring lawful input of personal data.
10. INTERNATIONAL DATA TRANSFERS
Personal data is primarily processed within the EU/EEA.
Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as:
- EU Standard Contractual Clauses (SCCs), or
- other lawful transfer mechanisms under GDPR Chapter V.
Details are set out in our DPA where applicable.
11. SECURITY
We implement appropriate technical and organisational security measures to protect personal data.
No system is completely secure. If you believe your interaction with us is no longer secure, please contact us immediately.
12. DATA RETENTION
We retain personal data only as long as necessary to:
- provide the Services,
- meet legal or regulatory requirements,
- resolve disputes,
- enforce agreements.
Retention periods vary depending on the type of data and purpose.
13. JOB APPLICANTS
When you apply for a role at Shortcutsurf, we process application data for recruitment purposes, including evaluating qualifications and managing hiring processes.
14. CHILDREN
The Services are not directed to children under 13 years of age. We do not knowingly collect personal data from children under 13. If such data is identified, it will be deleted promptly.
15. SENSITIVE PERSONAL DATA
Please do not submit sensitive personal data (e.g. health data, biometric data, political opinions) unless explicitly required and lawful. If submitted, it will be processed in accordance with this Policy and applicable law.
16. YOUR PRIVACY RIGHTS (GDPR)
You may have the right to:
- access your personal data
- rectify inaccurate data
- erase data ("right to be forgotten")
- restrict processing
- object to processing
- data portability
- withdraw consent
- lodge a complaint with a supervisory authority
To exercise your rights, contact us at [email protected]. We may request identity verification.
17. COMPLAINTS
If you have concerns about our data processing, please contact us first. You also have the right to lodge a complaint with your local Data Protection Authority, including the Norwegian Data Protection Authority (Datatilsynet).
18. CHANGES TO THIS POLICY
We will post updates to this Policy on the Site. Material changes will be communicated where required by law.
19. CONTACT
For privacy-related questions or requests:
Email: [email protected]
Gorglar AS, Bruket 31, N-1622 Gressvik, Norway