All legal documents

Privacy Policy

How SeaIT processes personal data, and the rights you have.

Last updated July 8, 2026

1. Controller and roles

SeaIT is provided by SeaIT AS (org. no. 930 847 763), Bergliveien 3, 3427 Gullaug, Norway. For data about the harbour's customer relationship, contact persons and use of the service, SeaIT is the controller.

For personal data about a harbour's members, boats, berths, guests and similar, the individual harbour (marina, boat association or similar) is the controller, and SeaIT acts as a processor on the harbour's behalf. Such processing is governed by the written data processing agreement between the harbour and SeaIT.

Privacy questions can be directed to casper@seait.no.

2. Personal data we process

Depending on your role and the modules the harbour has enabled, we may process the following categories:

  • Identification and contact: name, member number, email address, phone number and address.
  • Boat and berth data: boat name, registration number, dimensions, and berth/storage assignment.
  • Finance: orders, invoice references, subscriptions and payment references (not full card numbers).
  • Use of the service: login data, roles, language preference and activity logs.
  • Communication: logs of email and SMS, and messages in the meeting chat.
  • Meetings and voting: participation and votes (secret ballots are stored so individual votes cannot be traced).
  • Optional modules: access control (key fob/card), power metering and boat images.

3. Purposes and legal basis

We process personal data to deliver, operate and improve the service, administer the customer relationship, send notifications and invoices, ensure security and comply with legal obligations.

The legal basis is generally performance of a contract (GDPR Art. 6(1)(b)), our legitimate interest in operating and securing the service (Art. 6(1)(f)), legal obligations such as accounting duties (Art. 6(1)(c)), and, for certain additional services, consent (Art. 6(1)(a)). We do not process special categories of personal data.

4. Sub-processors and sharing

We use selected sub-processors to deliver the service. Core operations (database, authentication, file storage and server functions) are located in the EEA through Supabase and Vercel. We do not sell personal data.

Sub-processorPurposeLocationTransfer basis
SupabaseDatabase, authentication and file storageEEA (EU region)Within the EEA
VercelHosting and server functionsEEA (EU region)Within the EEA
ResendEmail deliveryEEA (EU region)Within the EEA
Sinch / GatewayAPISMS deliveryEEAWithin the EEA
LiveKitReal-time video for board meetingsEEA (EU region)Within the EEA
Stripe / VippsGuest-harbour payments[EEA/Norway – to be confirmed]Separate controller for payment data
Tripletex / Fatture in CloudAccounting and invoicing integrationEEA (Norway/Italy)Separate controller

5. Storage, location and retention

Personal data is stored in the EEA. Some sub-processors may process data outside the EEA; such transfers rely on a valid transfer mechanism, such as the EU Standard Contractual Clauses (SCC), as shown in the table above.

We retain data for as long as necessary for the purpose and the customer relationship, and thereafter for as long as required by law (for example bookkeeping rules for accounting data). Data is deleted or anonymised when no longer needed.

6. Your rights

You have the right to access, rectification and erasure of your personal data, as well as the right to restriction, data portability and to object to processing. Where processing is based on consent, you may withdraw it at any time.

Where the request concerns data for which the harbour is the controller, address it to the harbour; SeaIT assists the harbour in fulfilling these rights. Otherwise you may contact us at casper@seait.no.

7. Information security

We use technical and organisational measures to protect the data, including encryption in transit (TLS) and at rest, role-based access control enforced at the database level, secure authentication, backups and logging. In the event of a personal data breach, we notify in accordance with the applicable rules.

8. Cookies

The service uses only strictly necessary cookies and local storage for login and settings. See the separate cookies page for details.

9. Complaints to the Data Protection Authority

If you believe our processing of personal data breaches the rules, you may lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet), P.O. Box 458 Sentrum, 0105 Oslo (www.datatilsynet.no). We appreciate the chance to resolve any issue if you contact us first.

10. Changes

We may update this privacy policy. The current version is always available here, and material changes are communicated appropriately.

This document is a template and may be updated. Please confirm company details, sub-processors and transfer bases before relying on it.