valuesync.ai Logo
Request a Demo

Privacy Policy

Last updated: August 11, 2025

Privacy Policy

Valuesync AS (reg.no. 933 375 854)

Last updated: August 11, 2025

This Privacy Policy explains how Valuesync AS ("Valuesync," "we," "us," or "our") collects, uses, discloses, and protects personal data in connection with our website (the Website) and our hosted software platform for M&A analysis (the Platform). It also describes your choices and rights. If anything in this Policy conflicts with an agreement between Valuesync and your organization (e.g., our Data Processing Addendum (DPA) or Terms of Service (ToS)), that agreement controls.

1. Who we are (Controller)

Controller: Valuesync AS, Gaustadalléen 21, 0349 Oslo, Norway.
Contact: contact@valuesync.ai
Website: https://www.valuesync.ai

For personal data that we process on behalf of business customers within the Platform, we act as a processor (your organization is the controller). Our DPA governs that processing.

2. Scope

This Policy applies to:

  • Visitors to our Website (including contact forms, newsletters, and cookies);
  • Users of our Platform (account, usage, and support data);
  • Business contacts and prospects (sales, marketing, events).

When your organization uploads files or information to the Platform (Customer Data), your organization is the controller of that data and our DPA applies.

3. What we collect

We collect the following categories of personal data, depending on your interactions with us:

  • Account & Profile Data – name, business email, job title, company, authentication identifiers, role/permissions, billing contact details.
  • Customer Data (Platform content) – documents and other data your organization submits to the Platform. Your organization controls this data; we process it under the DPA.
  • Usage & Device Data – log data, IP address, device/OS/browser information, timestamps, feature usage, performance metrics, diagnostic event data.
  • Support & Communications – messages you send us (support tickets, chats, emails), meeting notes, feedback.
  • Cookies & Similar Technologies – see Section 7.
  • Third-Party Sources – we may receive business contact data from providers (e.g., CRM enrichment) and integration metadata from services you connect to the Platform.

4. Why we process personal data (Purposes & Legal Bases)

We process personal data for the purposes below and under these legal bases (GDPR):

  • Provide and secure the Platform (create accounts, authenticate users, operate features, monitor uptime, secure and troubleshoot).
    Legal bases: Contract (Art. 6(1)(b)), Legitimate interests in security/operations (Art. 6(1)(f)).

  • Customer support and communications (respond to requests, manage incidents, provide updates).
    Legal bases: Contract, Legitimate interests.

  • Product improvement and analytics (diagnostics, quality, usage analytics, Aggregated Data).
    Legal bases: Legitimate interests (to improve and secure the Platform); Consent where ePrivacy requires for non-essential cookies/analytics.

  • Marketing to business contacts (newsletters, event invites, product updates to corporate emails).
    Legal bases: Legitimate interests (B2B marketing) or Consent where required; you can opt out anytime.

  • Compliance and enforcement (recordkeeping, fraud prevention, enforcing ToS, legal obligations).
    Legal bases: Legal obligation, Legitimate interests.

5. AI, Customer Data, and Outputs

  • No model training on your data: We do not use Customer Data or Outputs to train foundation models or third-party AI models unless you explicitly opt in in writing.
  • Aggregated Data: We may use deidentified, Aggregated Data (that does not identify you or any individual) for security, operations, analytics, and improving the Platform.
  • Outputs: As set out in the ToS, your organization owns the Outputs generated from its Customer Data and prompts, subject to applicable law.

6. Sharing and disclosures

We share personal data only as needed to run our business:

  • Subprocessors / Service Providers (hosting, storage, analytics, email, support). Contractually bound to confidentiality and data protection obligations. A current list is available on request and may change over time.
  • Professional advisers (legal, accounting, insurers) under confidentiality.
  • Corporate transactions (merger, acquisition, financing) with appropriate safeguards.
  • Legal compliance (court orders, law enforcement) where required by law.

We do not sell personal data.

7. Cookies and similar technologies

We use essential cookies to operate the Website and Platform. We may use analytics cookies to understand performance and improve features. Where required, we will obtain your consent for non-essential cookies. You can manage cookies in your browser settings and, where provided, through our cookie banner or preferences center.

8. International transfers

If we transfer personal data outside the EEA/UK, we will use appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful mechanisms. Details are described in our DPA and subprocessor documentation.

9. Data retention

We keep personal data for as long as necessary for the purposes described above or as required by law. Customer Data is retained according to your organization’s instructions and our DPA. After your subscription ends, you may export Customer Data during the subscription and for 30 days thereafter, after which we delete it from active systems and later from backups according to normal cycles (unless law requires retention).

10. Security

We implement commercially reasonable technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Examples include encryption in transit and at rest, access controls, logging/monitoring, vulnerability management, and employee confidentiality obligations. For more details, see the DPA and our security overview (available on request).

11. Your rights (GDPR/EEA/UK)

Depending on your location, you may have rights to access, rectify, erase, restrict, object, and port your personal data, and to withdraw consent where processing is based on consent. To exercise rights, contact contact@valuesync.ai. You also have the right to lodge a complaint with your local authority, such as the Norwegian Data Protection Authority (Datatilsynet).

12. Children’s data

Our services are for professional/business use and are not directed to children. We do not knowingly collect personal data from children under 18. If you believe a child has provided us data, contact us to delete it.

13. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you via the Website and/or Platform or by email to your admin contact prior to the effective date. Your continued use after the effective date means you accept the updated Policy.

14. Contact

Valuesync AS
Gaustadalléen 21, 0349 Oslo, Norway
Website: https://www.valuesync.ai
Email: contact@valuesync.ai