Back to home

Privacy Policy

Last updated: April 2026

1. Data Controller

Plaggi is the data controller for personal data collected via the service. The service is operated in Norway and is subject to Norwegian privacy law and the EU General Data Protection Regulation (GDPR).

Contact: hei@plaggi.app

2. What data do we collect?

We collect the following personal data:

  • Name and email address (upon registration)
  • Children's names and birth dates (for wardrobe management)
  • Information about clothing items and sizes
  • Messages sent via the platform
  • Payment information is handled by Stripe — we do not store card data
  • Technical data such as IP address and browser info (via Vercel)

3. Purpose of processing

We use the data to:

  • Deliver and improve the service
  • Send notifications about clothing sizes and growth alerts
  • Handle marketplace transactions
  • Respond to user inquiries
  • Fulfil legal obligations

4. Legal basis

Processing is based on your consent (GDPR Art. 6(1)(a)) and performance of a contract (GDPR Art. 6(1)(b)). You may withdraw consent at any time by deleting your account.

5. Children's privacy

The service is intended for parents and guardians. We collect children's names and birth dates solely to help parents manage wardrobes. This data is not shared with third parties beyond what is required to deliver the service. Deleting an account removes all associated children's data.

6. Third-party sharing

We share data with:

  • Vercel — hosting and infrastructure (USA, EU–US Data Privacy Framework)
  • Stripe — payment processing (USA, GDPR-certified)
  • Resend — email delivery (USA, GDPR-certified)
  • Firebase (Google) — push notifications (USA, GDPR-certified)
  • Sentry GmbH (Germany) — error tracking and performance monitoring. Data stored in the EU. No personally identifiable information is sent (email, name, and messages are scrubbed in beforeSend).

We never sell personal data to third parties.

7. Retention and deletion

Data is retained while your account is active. Upon account deletion, all personal data is removed within 30 days. Some data may be retained longer where required by law (e.g. accounting records for 5 years).

8. Your rights

You have the right to:

  • Access the data we hold about you
  • Correct inaccurate data
  • Request erasure of your data
  • Object to processing
  • Data portability — receive your data in machine-readable format
  • Lodge a complaint with Datatilsynet (datatilsynet.no)

Send requests to hei@plaggi.app. We respond within 30 days.

9. Cookies

We only use essential cookies for authentication (login). We do not use tracking or marketing cookies.

10. Changes to this policy

We may update this policy. Material changes will be notified by email. Continued use of the service after notification constitutes acceptance.