Our Privacy Policy

This Privacy Policy explains how Frissa processes personal data in connection with the use of the service.

Our Privacy Policy

This Privacy Policy explains how Frissa processes personal data in connection with the use of the service.

Icon

Last Updated on April, 15, 2026

1. Introduction

1. Introduction

Frissa processes personal data both as a service provider to professionals and, in limited cases, as a controller for account and business-related information.

2. Roles

2. Roles

When professionals use Frissa to manage their clients’ information, the professional is the Data Controller and Frissa acts as the Data Processor. For account registration, billing, and service operations, Frissa may act as the Data Controller for that specific data.

3. Types of Data Processed

3. Types of Data Processed

We may process:

  • account information, such as name, email address, and salon details

  • customer information entered by users, such as names, notes, appointment details, and images

  • technical and usage data required to operate and secure the service

4. Purpose of Processing

4. Purpose of Processing

We process personal data to:

  • provide and maintain the Frissa service

  • enable client management and appointment documentation

  • send summaries and follow-up communication

  • secure, improve, and support the service

  • comply with legal obligations

5. Legal Basis

5. Legal Basis

Where Frissa acts as Data Controller, processing is based on contract, legitimate interests, legal obligations, or consent where required. Where Frissa acts as Data Processor, processing is carried out on the instructions of the professional using the service.

6. Data Storage and Security

6. Data Storage and Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure.

7. Data Retention

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

8. Subprocessors and International Transfers

8. Subprocessors and International Transfers

Frissa may use trusted subprocessors to provide hosting, infrastructure, analytics, authentication, and communication services. Where personal data is transferred outside the EEA, appropriate safeguards will be used where required.

9. Data Subject Rights

Where applicable, individuals may have the right to access, correct, delete, restrict, or object to the processing of their personal data, and the right to data portability.

10. Data Breach Notification

10. Data Breach Notification

If we become aware of a personal data breach affecting data we process as a controller, we will act in accordance with applicable law. Where we act as a processor, we will notify the relevant controller without undue delay.

11. Contact

11. Contact

If you have questions about this Privacy Policy or personal data processing, contact us at: legal@frissa.no