Last updated November 16th, 2023

Privacy

1. Our policy

Welcome to the web site (“Site”) of Wrepit AS (“Company”, “Wrepit”, “we”, “us” and/or “our), a Norwegian company with registration number 821 430 232.

Wrepit provides a cloud platform for on-demand publishing of written documents, with related hosting, sharing services, analytics tools and an add-ins for Microsoft Word named "Wrepit Highlights" and "Wrepit Excel2Word" (“Services”).

In order to provide our Site and Services, we collect personal data from our customers (“Customers”). We also may collect and host the personal data of our Customers’ end users (“End Users”) when our Customers use the Services. This Policy outlines the information that Wrepit gathers, how the information is used, and your options to access, correct, or delete such information.

By using our Services, you are consenting to the collection and use of your information in accordance with this Privacy Policy. Please do not access or use our Services if you do not consent to the collection and use of your information as outlined in this Privacy Policy.

1.1 Our promise

You own your data - we help you get the most of it. We want to be transparent when it comes to privacy, and we believe in keeping personal information private and secure. We will never sell, rent, or otherwise share your personal information to anyone except as required to provide our service or as otherwise outlined in this Policy without notifying you and providing an opportunity to consent.

1.2 Data Controller and Data Processor

Wrepit’s Data Protection Officer can be contacted on privacy@wrepit.net.

In this Privacy Policy is outlined how Wrepit processes personal data collected from individuals or entities in relation to their use of our Services. Legally, Wrepit is the Data Controller of such personal data, as Wrepit determines the means and/or purposes of the processing.

In addition – when Customers transmit personal data while using the Services, Wrepit processes that data. Legally, Wrepit is the Data Processor of such personal data, and the Customers are the Data Controllers. The processing of personal data on behalf of the Customer is based on a data processor agreement between Wrepit and the Customer.

2. Who does this Policy apply to

Customers: Any person that registers individually or on behalf of an organization or legal entity in order to use Wrepit Services.

Website Visitors: Visitors to our websites, and others that may opt in to receive communications from Wrepit.

End users: Wrepit may process End User data on behalf of customers on the publishing platform. Subsequently, this Policy also applies to any End User that visits a Customer publication and whose information we process in order to provide Services to our Customers.

Add-in users: Users of the "Wrepit Highlights" and "Wrepit Excel2Word" add-ins for Microsoft Word, available from the Microsoft Store.

Minors: Wrepit does not knowingly collect information from children under the age of 16. If you have reason to believe anyone under the age of 16 has provided personal data to the Services, please contact privacy@wrepit.net.

3. What information do we collect

We collect and receive information from you in the following manner:

  • When you fill a registration form or otherwise submit your personal information to us.
  • When you interact with our Services.

If you have any questions concerning the legal basis on which we collect and use your personal information, please contact us at privacy@wrepit.net.

Customer Account Information: We work with our preferred identity partner, Auth0 (https://auth0.com), to handle all authentication. When you register for a Wrepit account we request and store your email address, and optionally – according to your preferred sign-up selection – password and other account information provided by your identity provider (IDP). Account Information is required to permit access to your account(s). By providing us your Account Information, you represent that you are the owner of such personal data, or otherwise have the consent to provide it to us.

Customer Payment Information: You are not required to enter any payment information unless and until you decide to continue with a paid subscription for our Services. When signing up for a paid service, you must provide billing information.

Website visitors: We may ask for and collect personal information from you when you submit opt-in forms on our Websites, on our ads on social media or on Google Ads.

Website Cookies and Tracking: We utilize operational and analytical “cookies” in our services. Our cookies help provide additional functionality to the Services and help us more accurately analyze the Services. Cookies that are required for the website to operate properly are allowed to be set without your permission. All other cookies need to be approved before they can be set in the browser. We have divided our cookies into four different categories, and you can see the full list of active cookies in our cookie banner.

  • Strictly necessary cookies. Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies.
  • Performance cookies. Performance cookies are used to see how visitors use the website, e.g. analytics cookies. Those cookies cannot be used to directly identify a certain visitor.
  • Targeting cookies. Targeting cookies are used to identify visitors between different websites, e.g. content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites.
  • Functionality cookies. Functionality cookies are used to remember visitor information on the website, e.g. language, timezone, enhanced content.

End Users: Our Customers and their users are responsible for the content they publish using our Services (e.g. media, images, written content, graphics, etc.). We collect End Users’ information when they use our Customers’ publications and APIs.

3.1 European Economic Area (EEA)

Our legal basis for collecting and using personal information for individuals from the EEA depends on the personal information, and why we collect it. Normally, we will collect personal information from you only where: (a) we have your consent to do so, (b) we need your personal information to perform a contract with you, or (c) where the processing is in our legitimate interests. In most cases this means that if you do not provide the requested information, we will not be able to provide the requested Services to you.

4. How do we use the information we collect

Wrepit only processes personal information in a way that is compatible and relevant for the purpose for which it was collected and authorized. In general, all data we collect may be used to:

  • Provide, operate, improve and promote the Services.
  • Enable your access to the Services.
  • Process, complete and send you transaction information and invoices.
  • Provide customer service and support, and send you technical notices, updates, security alerts, and administrative messages.
  • Send commercial communications in line with your communication preferences.
  • Monitor and analyze activity in connection to the Services.
  • Comply with legal obligations

5. When we share information

We use some third-party providers that help us run our business (“Service Providers”). These Service Providers may only process personal information according to our instructions and in compliance with this Privacy Policy and other applicable measures and regulations of confidentiality and security.

In addition to sharing with Service Providers as described above, we may also share your personal information with others in the following circumstances:

  • With our resellers and other sales partners who help us distribute the Services to Customers.
  • In the event of a merger, consolidation or other corporate reorganization in which Wrepit participates.

See section 7 for a list of service providers.

6. International Transfers

Wrepit is a Norwegian corporation. All personal data is stored in accordance with the General Data Protection Regulation. We primarily store all personal data in the European Economic Area (“EEA”).

The Standard Contractual Clauses apply to all data transferred outside the EEA or the United Kingdom, either directly or via onward transfer, to any country not recognized by the European Commission as providing an adequate level of protection for personal data. Wrepit has Data Processor Agreements in place with all service providers where transfer outside the EEA is applicable.

See section 7 for a comprehensive list of service providers, including international transfers.

7. Service Providers

Wrepit uses the below Service Providers that may process personal data.

7.1 Administrative providers

  • Microsoft Office 365
  • Sanity.io – Headless CMS
  • GitLab – Support and bug reporting
  • Fiken – Customer data
  • Hubspot – Customer Relationship Manager and CMS
  • LinkedIn – Lead submissions
  • Meta – Lead submissions
  • Google – Lead submissions

7.2 Product related providers

The list also states locality, GDPR legal basis for transfer outside the EEA, and data category.

  • Amazon Web Services (EEA) – Data storage, file storage
  • Microsoft Azure Active Directory (EEA and US, SCCs) - Identity Storage
  • Auth0 (EEA) – Identification provider
  • Plausible.io (EEA) – Privacy-friendly analytics
  • Sentry (US, SCCs) – Bug tracking
  • Vercel (EEA) – Serverless hosting
  • Postmark (US, SCCs) – Transactional emails

Abbreviations used:

  • SCCs: Standard Contractual Clauses
  • EEA: European Economic Area
  • US: United States of America

8. Data subject rights

Data subjects have the right to request access to data, rectification of data, and erasure of data.

9. Security

Wrepit has implemented appropriate technical and organizational measures to safeguard the personal data which we process against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and other unlawful forms of processing. In case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customers personal data, Wrepit will inform the Customer of the breach without undue delay, including a summary description of the potential impact and a recommendation on measures to mitigate the possible adverse effects of the breach.

10. Changes to the Privacy Policy

This Privacy Policy will be modified from time to time to reflect changes in applicable laws or regulations, or changes in our practices or procedures.

11. Contact us

For any queries or concerns you have related to the processing of your information, you may contact our Privacy Officer Andreas Orsten at privacy@wrepit.net.

Curious?

Even if you are not completely convinced, contact us for a 20-minute informal demo.
20 minutes that in the long run could save you hundreds of hours and thousands in budget.
Book a demo and we will customise it to be relevant and valuable for you. You won't regret it.