Privacy Policy

Effective Date: July 14, 2025

1. Introduction

Almost Good Enough ApS ("AGE", "we", "us", "our") respects your privacy and is committed to protecting your personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the Danish Data Protection Act and other applicable legislation, including sector-specific rules such as the ePrivacy Directive 2002/58/EC (and its national implementations) and, where relevant, the EU Data Act (Regulation (EU) 2023/2854). This Privacy Policy explains how we collect, use, disclose, store and protect your personal data when you interact with our websites, applications, APIs and other online services (collectively, the "Services").

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please refrain from using the Services.

2. Data Controller

Company: Almost Good Enough ApS
Company registration (CVR) no.: 36061227
E-mail: privacy@almostgoodenough.com

For certain processing operations, we may act as joint controllers with integrated partners (e.g. payment providers) or as a processor on behalf of enterprise customers. In such cases, the respective agreement and disclosure will prevail.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

Category	Examples	Source
Identification data	name, username, account ID, company affiliation	directly from you
Contact data	e-mail address, postal address, phone number, preferred language	directly from you
Technical data	IP address, device IDs, browser type, operating system, referral URLs, error logs	automatically via cookies and similar technologies
Usage data	feature interactions, pages viewed, session timestamps, clickstream, in-app events	automatically
Payment data	partial card details, payment tokens, billing address, VAT number	payment provider
Support data	conversation transcripts, screenshots, troubleshooting information	directly from you
Marketing data	newsletter preferences, survey responses, competition entries	directly from you
Generated content	prompts, uploaded files, annotations or feedback you submit to the Services	directly from you

Special Categories of Data: We do not intentionally collect special categories of data (e.g. health data, biometric data) unless you choose to provide them in user-generated content. Please avoid sharing such information unless strictly necessary.

4. How We Collect Personal Data

Direct interactions – you provide data when you create an account, fill out forms, purchase a subscription, request support or communicate with us.
Automated technologies – we collect certain data automatically via cookies, server logs, tracking pixels and similar technologies when you interact with the Services.
Third-party sources – payment processors, analytics providers, social sign-in services and publicly-available sources, consistent with your privacy settings.

5. Purposes & Legal Bases for Processing

We only process personal data where we have a valid legal basis under Article 6 GDPR:

Purpose	Legal basis
Provide, operate and maintain the Services	Art. 6(1)(b) GDPR – performance of a contract
Process payments and prevent fraud	Art. 6(1)(b) & (f) – contract; legitimate interest
Secure and debug the Services	Art. 6(1)(f) – legitimate interest (security and service integrity)
Personalise content and remember preferences	Art. 6(1)(a) or (f) – consent for non-essential cookies; legitimate interest for essential cookies
Send transactional messages (e.g. resets, alerts)	Art. 6(1)(b) – contract
Send marketing communications	Art. 6(1)(a) – consent (opt-in)
Analyse usage to improve features	Art. 6(1)(f) – legitimate interest (product development)
Comply with legal obligations (tax, accounting, law-enforcement requests)	Art. 6(1)(c) – legal obligation

Where we rely on consent, you may withdraw it at any time (Section 11). Where we rely on legitimate interests, we have balanced those interests against your fundamental rights and freedoms.

6. Cookies & Similar Technologies

We use cookies, local storage and pixels to:

Authenticate users and maintain sessions
Remember user preferences (e.g. language)
Analyse site traffic and performance
Deliver personalised marketing (with consent)

You can manage or disable non-essential cookies at any time via our cookie banner or your browser settings. For details, see our separate Cookie Notice.

7. Data Sharing & Recipients

We do not sell or rent your personal data. We share it only with:

Service providers (e.g. hosting, analytics, email, payment) under written data-processing agreements (Art. 28 GDPR);
Professional advisers (lawyers, auditors, insurers) bound by confidentiality;
Authorities or courts where required by law or to protect our rights;
Successors in business transfers (e.g. merger, acquisition) with appropriate safeguards.

8. International Transfers

Our primary servers are located in the European Economic Area (EEA). If we transfer personal data outside the EEA (e.g. to a US-based provider), we ensure appropriate safeguards such as:

Adequacy decisions by the European Commission;
Standard Contractual Clauses (SCCs) approved by the Commission, supplemented by Transfer Impact Assessments where necessary;
Binding Corporate Rules; or
Derogations under Art. 49 GDPR (e.g. your explicit consent).

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including to satisfy legal, accounting or reporting requirements. Typical retention periods are:

Account data: until you delete your account + 6 months for dispute handling;
Support tickets: 3 years after closure;
Financial records: 5 years (mandatory under Danish Bookkeeping Act);
Marketing opt-out logs: indefinitely to respect your opt-out.

When retention periods expire, we will anonymise or securely delete the data.

10. Security

We implement appropriate technical and organisational measures in line with Art. 32 GDPR, including:

HTTPS/TLS encryption in transit;
Encryption at rest for sensitive fields;
Access controls and multi-factor authentication for staff;
Regular penetration testing and vulnerability scans;
Sub-processor due-diligence and contractual security obligations.

However, no internet transmission is ever completely secure; you use the Services at your own risk.

11. Your Rights

Under the GDPR (Articles 15–22) you have the right to:

Access – obtain a copy of your personal data;
Rectification – correct inaccurate or incomplete data;
Erasure (“right to be forgotten”);
Restriction of processing;
Data portability (in a machine-readable format);
Object to processing based on legitimate interests or direct marketing;
Withdraw consent at any time (without affecting prior processing);
Not be subject to automated decision-making producing legal or similarly significant effects.

To exercise any of these rights, contact us at privacy@almostgoodenough.com. We may require identity verification. We will respond within one month (extensions possible for complex requests, Art. 12(3) GDPR).

If you believe we have infringed your data-protection rights, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) or your local supervisory authority.

12. Children’s Privacy

The Services are not directed to children under 16. We do not knowingly collect their data. If you believe we have inadvertently processed a child’s data, please contact us so we can delete it.

13. Automated Decision-Making

We do not use personal data to carry out decisions producing legal or similarly significant effects solely by automated means (Art. 22 GDPR). If this changes, we will inform you and provide the required safeguards.

14. Changes to This Privacy Policy

We may update this Policy from time to time. We will post the new version and, if changes are material, provide notice (e.g. email or in-Service banner) at least 14 days before they take effect. The "Effective Date" at the top indicates the latest revision.

15. Contact

For any questions about this Privacy Policy or our privacy practices, please contact:

E-mail: privacy@almostgoodenough.com