Privacy Policy

We collect and process the following categories of personal data. Providing this information is voluntary, but we may be unable to give you access to the service if you choose not to.

• Personal information — name, address, telephone number, email address, date of birth and organisation number (for business customers)
• Authentication — password (stored as a hash), biometric keys (Face ID / Touch ID are stored locally on your device and never with us), Vipps identity when logging in via OAuth
• Agreement and use — information about agreements, orders, purchases, payment status, invoices, service requests and messages to support
• Consumption data — measurement of electricity consumption and data from charging stations (kWh, time, duration, price)
• Device data — push token for notifications, user ID, associated RFID tags and associated chargers
• Diagnostics — crash reports and performance data from the app, anonymised

• To make contact and offer our services
• To provide access to our services
• To send relevant information and notifications
• To provide customer service and support
• To detect, prevent and address technical issues
• To fulfil legal obligations (accounting, tax)

We do not sell personal data. We only share information with third parties where it is necessary to deliver the service:

• Vipps — for optional login with Vipps (OAuth identity)
• Apple Push Notification Service and Google Firebase Cloud Messaging — for delivery of push notifications
• Google Cloud (Vertex AI, EU/Frankfurt) — for AI-assisted customer service; our support may use an AI assistant to look up your charging sessions to help you. Data is processed in the EU and is not used to train models.
• Accounting and invoicing services — as needed for financial follow-up
• Public authorities — where we are legally required to do so

All communication between the app/website and our servers is encrypted (HTTPS/TLS). Passwords are stored as a one-way hash and cannot be reconstructed. Sensitive data is encrypted at rest. Biometric authentication is handled by the operating system on your device and never leaves the device.

Personal data is stored for as long as you are a customer of ours, and for at least three years after the services and customer relationship have ended. Personal data relating to invoices and payment is retained for at least five years, as required under Norwegian accounting legislation (bokføringsloven). Outside of a customer relationship, personal data is deleted once the data processing has ended.

Under Norwegian law and the EU General Data Protection Regulation (GDPR), you have the right to:

• Access to the personal data we hold about you
• Rectification of inaccurate information
• Erasure (see the separate section below)
• Restriction of processing
• Data portability
• To object to processing based on our legitimate interest

Where processing is based on consent, you may withdraw your consent at any time.

If you believe that we have not complied with your rights, you may file a complaint with Datatilsynet (the Norwegian Data Protection Authority).

You may at any time request that your account and associated personal data be deleted.

How to delete your account:

• In the app — the fastest way: PlugPay Charge → Profile → Delete account. The account and your personal data are deleted immediately.
• By email — send a request from the email address associated with the account to post@plugpay.no with the subject «Delete account». We process the request within 7 business days and complete the deletion within 30 days.

What is deleted:

• Name, address, telephone number, email address, date of birth
• Login data (password hash, passkeys, biometric references)
• Associated RFID tags and chargers
• Push token and notification preferences
• Profile settings and app configuration

What is retained (to fulfil legal requirements):

• Invoice data and payment history — retained for at least 5 years, anonymised where possible, in accordance with the Norwegian Accounting Act (bokføringsloven)
• Charging session data without personal identifier — retained in aggregated form for operational purposes

If you have questions about deletion, contact post@plugpay.no.

post@plugpay.no

PlugPay AS, Brobekkveien 114, 0582 Oslo

The website does not use identifiable information via cookies to measure traffic on the website and to improve the user experience. If you do not accept the use of cookies, you can turn off «cookies» in your browser.

We may update this policy in the event of material changes to the service or to legislation. Updates are published on this page.