Home Blog
Get started

Privacy Policy

Last updated:

This Privacy Policy describes how Teksta (“we”, “us”) collects, uses, and shares personal data when you use the Teksta service at teksta.no.

1. Who we are

  • Controller: VFA Solutions
  • Org. no.: 919 358 599
  • Address: Tuterudveien 30, 2007 Kjeller, Norway
  • Contact: privacy@teksta.no

2. What data we collect

  • Account data — email, name, locale, and authentication credentials.
  • Content you upload — audio, video, and the transcripts, subtitles, and other outputs we generate from them.
  • Payment data — billing metadata (email, country, last four digits, customer ID). Card numbers are handled by our payment providers; we never see them.
  • Usage data — product events, IP address, and basic device information.
  • Support communications — anything you send to us when you contact support.

3. Why we use it

  • To deliver the service you have requested.
  • To bill you and meet our bookkeeping obligations.
  • To send you transactional and service-related emails.
  • To improve the product and detect abuse.
  • With your consent, for marketing communications and non-essential analytics.

The legal bases under GDPR are performance of a contract (Art. 6(1)(b)), our legitimate interests (Art. 6(1)(f)), compliance with legal obligations (Art. 6(1)(c)), and your consent (Art. 6(1)(a)).

4. Content you upload

When you upload audio or video, we send it to specialised speech-to-text and language-model providers to generate the output you requested. The providers we use are listed on the Subprocessors page.

You are responsible for ensuring you have a legal basis to upload content that includes other people’s voices or personal information. Take particular care with special-category data such as health or political views.

We delete your content when you delete it from your account, on the schedule in section 7. Backup copies may persist for a short period after deletion.

5. Who we share it with

We share data only with subprocessors that help us run the service — covering hosting and storage, speech and AI processing, payments, email, and analytics. The current list, with the role and processing location of each provider, is published at /blog/INT/en/legal/subprocessors/.

We do not sell personal data.

6. International transfers

Some subprocessors are based in the United States. For those transfers we rely on the EU-US Data Privacy Framework where the recipient is certified, and otherwise on the European Commission’s Standard Contractual Clauses. Transfer Impact Assessments are available to customers on request.

7. How long we keep your data

  • Account profile — kept while your account is active. Free-tier accounts inactive for 24 months are warned by email and their uploaded content is deleted 30 days later if you don’t log in.
  • Uploaded content (audio, transcripts, subtitles) — kept while the subscription is active. Cancelled paid subscriptions get a 90-day grace period before deletion, with a reminder email beforehand.
  • Billing records — kept for at least 5 years to comply with Norwegian bookkeeping law (bokføringsloven).
  • Backups — database backups age out within 14 days; object storage has no versioning, so deletion is immediate at the object layer.
  • Logs and analytics — kept for short operational windows.

You can ask us to delete your account at any time by emailing privacy@teksta.no. We complete deletion within the one-month period required by GDPR Art. 12(3). A self-service deletion option is on our roadmap.

8. Your rights

Under GDPR you have the right to access, correct, erase, restrict, or object to processing of your personal data, to receive it in a portable format, and to withdraw any consent you’ve given.

To exercise any of these, email privacy@teksta.no. You may also lodge a complaint with the Norwegian Data Protection Authority, Datatilsynet (datatilsynet.no).

9. Cookies

We use cookies and similar technologies. Essential cookies — for authentication, session management, security challenges, and language preference — are set without consent because they are necessary to deliver the service.

Non-essential cookies and trackers — used for product analytics, session replay, and marketing measurement — are blocked by default and only activate after you click “Accept all” on the cookie banner. Marketing tags load in a no-tracking state until you give explicit consent.

If you are signed in, you can change or withdraw your consent at any time in your account settings. A “Manage cookies” link in the footer for visitors who are not signed in is on our roadmap.

10. Security

We protect your data with the technical and organisational measures described in our security overview.

11. Changes

We will update this policy when our practices change. Material changes will be announced in-product or by email. The “Last updated” date at the top of this page shows the current revision.

12. Contact

Questions about this policy or your data: privacy@teksta.no.