1. Who are we?
DroneKlar is a training platform for the A2 drone exam in Norway. We are the data controller for your personal information and comply with the EU's General Data Protection Regulation (GDPR) and Norwegian Personal Data Act.
Contact information: Email: support@droneklar.no Website: droneklar.no
2. What personal data do we collect?
We collect the following personal information when you use DroneKlar:
2.1 Information you provide
Email address - used for logging in and account management
Password - stored encrypted for secure login
2.2 Information we collect automatically
Practice progress - which questions you have practiced and your answers
Exam results - results from completed mock exams
Statistics - categories you have practiced and time spent
Last used - when you last used the app
2.3 Payment information
When purchasing access, payment is handled by Stripe, our payment provider. We do NOT store credit card information. Stripe collects:
Name on card
Email address
Transaction history
Payment method (type of card)
3. Why do we process your personal data?
We process personal data based on the following legal grounds:
3.1 Fulfillment of contract (GDPR art. 6.1.b)
Provide you access to the training platform
Display practice questions and exam simulators
Save your progress and results
Manage your user account
Handle payments and access control
3.2 Legal obligation (GDPR art. 6.1.c)
Retain accounting information in accordance with the Accounting Act (5 years)
Store payment transactions for tax purposes
3.3 Legitimate interest (GDPR art. 6.1.f)
Improve the service based on usage patterns
Analyze which categories are the most popular
Prevent abuse of the service
4. Who do we share information with?
We do NOT share your personal data with third parties for marketing purposes.
We share information with the following service providers who process data on our behalf:
4.1 Supabase (Database and authentication)
Purpose: Secure storage of user data and login system
Location: EU (Ireland) - GDPR compliant
Data shared: Email, practice progress, exam results
4.2 Stripe (Payment processor)
Purpose: Process payments securely
Location: EU and USA (with standard data transfer agreements)
Data shared: Email, name, payment information
Privacy policy: stripe.com/no/privacy
4.3 Vercel (Hosting)
Purpose: Hosting of the application
Location: EU (Frankfurt, Germany)
Data shared: Technical logs (IP addresses, usage patterns)
5. How long do we retain personal data?
Data type | Retention period |
User account (email, password) | Until you delete your account |
Practice progress and exam results | Until you delete your account |
Payment transactions (via Stripe) | 7 years (legally required for accounting and tax purposes) |
Anonymized statistics | Indefinitely (cannot be traced back to you) |
⚠️ Important about payment data:
Even if you delete your account, Stripe is legally required to retain payment transactions for 7 years after the last transaction. This is due to anti-money laundering (AML) laws and the Accounting Act. This information cannot be deleted until the legally required time has elapsed.
6. Your rights under GDPR
You have the following rights regarding your personal data:
✓ Right of access (art. 15) You can request a copy of all personal data we hold about you.
✓ Right to rectification (art. 16) You can ask us to correct errors in your personal data.
✓ Right to erasure (art. 17) You can delete your account at any time from the settings page. Note: Payment data must be retained for 7 years (see point 5).
✓ Right to restriction (art. 18) You can ask us to temporarily restrict the processing of your data.
✓ Right to data portability (art. 20) You can request your data in a structured, machine-readable format.
✓ Right to object (art. 21) You can object to processing based on legitimate interest.
📧 How to exercise your rights:
Email: support@droneklar.no
We respond to requests within 30 days. For complex requests, the deadline can be extended by 60 days, and we will inform you of this.
7. Data security
We take data security seriously and have implemented the following measures:
Encryption: All data is transmitted with HTTPS/TLS encryption
Secure passwords: Passwords are stored encrypted (bcrypt)
EU hosting: Data is stored on servers in the EU (GDPR compliant)
Access control: Only authorized personnel have access to systems
Regular backups: To prevent data loss
Monitoring: Continuous monitoring of security incidents
8. Cookies
DroneKlar uses necessary cookies to:
Keep you logged in between sessions
Remember your preferences (e.g., dark mode)
Ensure that the app functions correctly
We do NOT use tracking or marketing cookies. All cookies we use are essential for the service to function.
9. Changes to the privacy policy
We may update this privacy policy from time to time to reflect changes in the service or legislation. In case of significant changes, we will inform you via email or upon login.
Last updated: October 6, 2025
10. Right to complain to the Data Protection Authority
If you believe we process your personal data in violation of data protection legislation, you have the right to complain to the Data Protection Authority:
Data Protection Authority P.O. Box 458 Sentrum 0105 Oslo www.datatilsynet.no
We recommend that you contact us first via support@droneklar.no, so that we can try to resolve the matter directly with you.
11. Contact us
Do you have questions about how we process your personal data?
Email: support@droneklar.no Website: droneklar.no