Avaris AS

 

Privacy Policy for Abbie

Effective Date: March 9, 2026
Last Updated: March 9, 2026

Data Controller:
Avaris AS
Hakavikveien 830, 3322 Fiskum, Norway
Organization Number: 922190267

1. Introduction

This Privacy Policy explains how Avaris AS ("we", "us", "our") collects, uses, stores, and protects personal data when you use Abbie ("the Service"), a Slack-integrated AI assistant. We are committed to complying with the General Data Protection Regulation (GDPR) and applicable Norwegian data protection laws.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. What Data We Collect

We collect and process the following categories of personal data:

2.1 Slack Workspace Data

  • Slack user IDs, display names, and workspace identifiers

  • Messages and content shared with Abbie within Slack channels and direct messages

  • Channel IDs and metadata necessary for the Service to function

2.2 Trello Data

  • Trello board, list, card, and member data accessed through the Trello API

  • Actions performed on Trello (creating, updating, moving, archiving cards, etc.)

  • Trello member IDs and usernames

2.3 LinkedIn Data

  • LinkedIn profile information (name, headline, profile URL) obtained through OAuth authorization

  • LinkedIn Page/Organization IDs and names for pages you administer

  • Content you create and publish through the Service to LinkedIn

  • OAuth access tokens and refresh tokens for maintaining your LinkedIn connection

2.4 Stripe Data

  • Stripe customer IDs and subscription data

  • Billing information processed by Stripe (we do not store full credit card numbers; these are handled entirely by Stripe)

  • Payment history, plan details, and subscription status

2.5 Workspace Memory

  • Information explicitly saved to workspace memory by users (notes, decisions, preferences, key facts)

  • Tags and metadata associated with saved memories

2.6 Automation & Rules Data

  • Automation rules and scheduled tasks configured by users

  • Execution logs and trigger/event data related to automation rules

2.7 Technical Data

  • IP addresses, request timestamps, and API interaction logs

  • Error logs and performance metrics for service reliability

 

3. How We Use Your Data

We process personal data for the following purposes:

| Purpose | Legal Basis (GDPR) |

  • Providing and operating the Service | Art. 6(1)(b) – Performance of a contract

  • Connecting and interacting with Trello on your behalf | Art. 6(1)(b) – Performance of a contract

  • Connecting and posting to LinkedIn (personal & Pages) | Art. 6(1)(a) – Consent (via OAuth authorization)

  • Processing payments via Stripe | Art. 6(1)(b) – Performance of a contract
    Storing workspace memories you create | Art. 6(1)(b) – Performance of a contract

  • Running automation rules and scheduled tasks | Art. 6(1)(b) – Performance of a contract

  • Improving and maintaining the Service | Art. 6(1)(f) – Legitimate interest .

  • Complying with legal obligations | Art. 6(1)(c) – Legal obligation

4. Third-Party Services & Data Sharing

We integrate with and share data with the following third-party services as necessary to provide the Service:

4.1 Slack (Salesforce, Inc.)

4.2 Trello (Atlassian Pty Ltd)

4.3 LinkedIn (LinkedIn Corporation / Microsoft)

4.4 Stripe (Stripe, Inc.)

  • Payment processing

  • Privacy Policy: Privacy Policy

  • Stripe processes payment data as an independent data controller. We do not have access to your full payment card details.

4.5 Anthropic (Anthropic, PBC)

  • AI language model provider (Claude) powering the Service's intelligence

  • Privacy Policy: Privacy Policy

We do not sell your personal data to any third party.

5. International Data Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA), including in the United States. When personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses (SCCs)

  • Adequacy decisions by the European Commission

  • The service provider's participation in recognized frameworks (e.g., EU-U.S. Data Privacy Framework)

 

  • 9. Cookies & Tracking

    Abbie operates within Slack and does not use cookies directly. However, when you interact with linked services (Trello, LinkedIn, Stripe), those services may use their own cookies according to their respective privacy policies.

    10. Children's Privacy

    The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

    11. Future Integrations & Service Expansion

    We may introduce additional third-party integrations and features in the future (e.g., additional social media platforms, CRM systems, analytics tools, or other productivity services). When new integrations are added:

    • This Privacy Policy will be updated to reflect the new data processing activities

    • Users will be notified of material changes via Slack or email

    • Any new integrations requiring additional data access will require explicit user authorization (e.g., OAuth consent)

    • New integrations will be held to the same data protection standards described in this policy

    We encourage you to review this Privacy Policy periodically for updates.

    12. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time. Material changes will be communicated through the Service (via Slack notification) or by updating the "Last Updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

    13. Supervisory Authority

    If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Norwegian Data Protection Authority:

    Datatilsynet
    Postboks 458 Sentrum, 0105 Oslo, Norway
    Website: Datatilsynet - personvern og informasjonssikkerhet
    Email: postkasse@datatilsynet.no

    14. Contact Us

    For any questions about this Privacy Policy or our data practices:

    Avaris AS
    Hakavikveien 830, 3322 Fiskum, Norway
    Email: [Insert contact email]

    This Privacy Policy is effective as of March 9, 2026.

    6. Data Retention

    We retain personal data only for as long as necessary to fulfill the purposes described in this policy:

    | Data Type | Retention Period |
    |---|---|
    | Slack messages processed by Abbie | Processed in real-time; not stored long-term unless saved to memory |
    | Workspace memories | Until deleted by a workspace user or workspace is deactivated |
    | Trello interaction data | Duration of active service use |
    | LinkedIn OAuth tokens | Until disconnected by the user or token expiry |
    | Stripe billing data | As required by Norwegian accounting law (5 years) |
    | Automation rules & logs | Duration of active service use; logs retained up to 90 days |
    | Technical/error logs | Up to 90 days |

    Upon termination of your subscription or workspace, we will delete or anonymize your data within 30 days, except where retention is required by law.

    7. Your Rights Under GDPR

    As a data subject, you have the following rights:

    • Right of Access (Art. 15) – Request a copy of your personal data

    • Right to Rectification (Art. 16) – Correct inaccurate or incomplete data

    • Right to Erasure (Art. 17) – Request deletion of your data ("right to be forgotten")

    • Right to Restrict Processing (Art. 18) – Limit how we process your data

    • Right to Data Portability (Art. 20) – Receive your data in a structured, machine-readable format

    • Right to Object (Art. 21) – Object to processing based on legitimate interests

    • Right to Withdraw Consent (Art. 7(3)) – Withdraw consent at any time (e.g., disconnect LinkedIn)

    To exercise any of these rights, contact us at: [Insert contact email]

    We will respond within 30 days.

    8. Data Security

    We implement appropriate technical and organizational measures to protect your personal data, including:

    • Encryption of data in transit (TLS/SSL) and at rest

    • OAuth 2.0 for all third-party integrations (no passwords stored)

    • Access controls and principle of least privilege

    • Regular security reviews and monitoring

    • Secure cloud infrastructure with reputable providers