Last updated: March 2026
NoPayn AS (“Nopayn”, “we”, “us”, or “our”) is committed to protecting the privacy and personal data of our users. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our web application and services, which provide payment infrastructure and telemetry to operators of unattended points of sale.
This policy is written in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Norwegian data protection law (Personopplysningsloven).
The data controller responsible for your personal data is:
NoPayn AS
Kirkevegen 309
2100 Skarnes, Norway
We collect the following categories of personal data:
3.1 Account and contact information
- Full Name
- Email Address
3.2 Usage and analytics data
- IP address (anonymised where possible)
- Browser type and version
- Device type and operating system
- Pages visited and time spent on pages
- Referring URLs and exit pages
- Session duration and interaction patterns
We process your personal data on the following legal grounds under Article 6 GDPR:
- Contract performance (Art.6(1)(b)): Processing your name and email is necessary to provide and manage your account and deliver our services.
- Legitimate interest (Art.6(1)(f)): We use analytics data to improve the performance, usability, and security of our platform. Our legitimate interest in operating and developing our service is balanced against your right to privacy.
- Consent (Art.6(1)(a)): Where we use non-essential cookies (e.g. Google Analytics cookies), we will ask for your consent before placing them on your device.
- Legal obligation (Art.6(1)(c)): We may process certain data where required to comply with applicable laws and regulations.
We use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies to help us understand how visitors use our platform. The information generated by the cookie about your use of the service (including your anonymised IP address) will be transmitted to and stored by Google on servers in the United States.
Google will use this information on our behalf to evaluate your use of our service, compile reports on activity and provide other related services. Google may transfer this information to third parties where required by law or where such third parties process the information on Google’s behalf.
Data retention in Google Analytics is subject to Google’s own retention settings. We have configured Google Analytics to retain data for the minimum period available in our account settings. For more information on how Google processes your data, please see:
- Google Privacy Policy: https://policies.google.com/privacy
- Google Analytics data retention: https://support.google.com/analytics/answer/7667196
You can prevent Google Analytics from collecting your data by installing the Google Analytics Opt-out Browser Add-on available at: https://tools.google.com/dlpage/gaoptout.
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically in connection with our use of Google Analytics (United States). Such transfers are subject to appropriate safeguards in accordance with GDPR Chapter V, including the Standard Contractual Clauses adopted by the European Commission.
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:
- Account data: Retained for the duration of your active account, and deleted within 90 days following account closure unless we are required to retain it for longer by law.
Analytics data (Google Analytics): Governed by Google Analytics’ own data retention settings. We recommend you review Google’s current retention policies at https://support.google.com/analytics/answer/7667196.
Our services are intended for business operators and are not directed at children under the age of 16. We do not knowingly collect personal data from individuals under 16 years of age. If you become aware that a minor has provided us with personal data without appropriate parental or guardian consent, please contact us at support@nopayn.com and we will take steps to delete such data promptly.
As a data subject under the GDPR, you have the following rights:
- Right of access (Art. 15): You have the right to request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): You have the right to request correction of inaccurate or incomplete personal data.
- Right to erase (Art. 17): You may request deletion of your personal data where there is no compelling reason for us to continue processing it.
- Right to restriction of processing (Art. 18): You may request that we restrict the processing of your personal data in certain circumstances.
- Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): You have the right to object to processing of your personal data based on our legitimate interests.
- Right to withdraw consent (Art. 7): Where we process data based on your consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at support@nopayn.com. We will respond to your request within 30 days in accordance with GDPR article 12.
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates the GDPR. In Norway, the competent supervisory authority is:
Datatilsynet (The Norwegian Data Protection Authority)
Website: https://www.datatilsynet.no
Email: postkasse@datatilsynet.no
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include access controls and regular security reviews. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours in accordance with article 33 GDPR, and affected individuals where required under article 34 GDPR.
We may update this Privacy Policy from time to time to reflect the changes in our practices, technology, or legal obligations. Where changes are material, we will notify you by email or through a prominent notice on our platform before the changes take effect. The data of the most recent revision is shown at the top of this document.
If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data, please contact us:
NoPayn AS
Kirkevegen 309, 2100 Skarnes, Norway
Email: support@nopayn.com