Trust & Compliance
How Shopsy AS handles GDPR, security and transparency for Onebase. Every key document is gathered here.
Last updated: 2026-05-01
Subprocessors
Which providers process your data, where they're located, and how we notify you of changes.
/trust/subprocessors→
Security
Encryption, hosting, backups, authentication, and how we protect your data.
/trust/security→
Data Processing Agreement
Standard data processing agreement under GDPR Article 28. Available as PDF and signable in-app.
/trust/dpa→
Privacy Policy
What personal data we process, purposes, retention, and your rights.
/privacy→
Cookies
Strictly necessary, functional, analytics and marketing cookies. Consent under ekomloven.
/cookies→
Terms of Service
The service terms that govern use of Onebase.
/terms→
Vulnerability Disclosure
How to report a security vulnerability. Standard security.txt and coordinated disclosure.
/security→
Questions about privacy or security?
Email [email protected]. We reply within a reasonable time and at most 30 days for GDPR rights requests.
Need strict EEA-only processing?
Hosting is already in the EEA, but some subprocessors are in the US (DPF/SCC). If sector rules or procurement requirements demand that all personal data stay within the EEA, email [email protected] — we can offer an EEA-only configuration.