Privacy Policy

This privacy policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).

Merk! Dette innholdet er enda ikke oversatt til norsk, og finnes kun på engelsk.

Data Controller

The data controller responsible for your personal data is:

Domi.no AS
Juviknipa 10
5918 Frekhaug
NORWAY

For any data protection inquiries, please contact us at support@maxto.net.

Data We Collect

We collect and process the following categories of personal data:

  • Account information: Email address and password (encrypted) when you create an account
  • Purchase information: Name, email, billing address, country, and phone number when you make a purchase
  • Payment information: Payment details are processed securely by our payment providers (Stripe and PayPal) and are not stored on our servers
  • Support correspondence: Communications when you contact our support team
  • Usage data: Anonymous page view statistics collected through privacy-focused analytics

How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your user account
  • To process your orders and deliver software licenses
  • To send transactional emails (order confirmations, license keys, password resets)
  • To provide customer support
  • To improve our website and services
  • To comply with legal obligations

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: Processing necessary to fulfill our contract with you (account management, order processing, license delivery)
  • Legitimate interest: Processing necessary for our legitimate business interests (analytics, service improvement, security)
  • Legal obligation: Processing required to comply with applicable laws (financial records, tax compliance)

Third-Party Services

We share your data with the following third-party service providers who process data on our behalf:

  • Stripe: Payment processing (processes payment card data)
  • PayPal: Payment processing (processes payment account data)
  • Customer.io: Email delivery and product event tracking
  • Groove: Customer support ticket management

We also use Umami Analytics, a privacy-focused analytics solution hosted on our own servers. Umami does not use cookies, does not collect personal data, and does not track individual users.

International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA), primarily in the United States. When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with our service providers

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy:

  • Account data: Retained until you request deletion of your account
  • Order and transaction records: Retained for 5 years to comply with accounting and tax regulations
  • Support tickets: Retained for 2 years after resolution
  • Analytics data: Aggregated and anonymized, no personal data retained

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to restriction: Request that we limit how we process your data
  • Right to object: Object to processing based on legitimate interests

To exercise any of these rights, please contact us at support@maxto.net. We will respond to your request within one month.

You also have the right to lodge a complaint with a supervisory authority. For Norway, this is Datatilsynet.

Cookies

We use only essential cookies that are strictly necessary for the operation of our website:

  • Authentication cookie: Maintains your logged-in session
  • Anti-forgery token: Protects against cross-site request forgery attacks

We do not use any marketing, advertising, or tracking cookies. Our analytics solution (Umami) is cookie-free.

Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password hashing
  • Regular security updates and monitoring
  • Access controls limiting who can access personal data

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on this page with a new "Last updated" date.

Last updated: December 2025