Last updated: March 2026
Sipio AS operates a venue booking management platform for Nordic hospitality businesses. This Privacy Policy explains what personal data we collect, why we collect it, and your rights under the GDPR and Norwegian personal data legislation (personopplysningsloven).
Sipio AS is the data controller for personal data processed through the Sipio platform. We are incorporated in Norway and our registered address is available upon request by contacting us at contact.sipio@gmail.com. If you have questions about how we handle your personal data, please reach out to us directly.
We collect personal data you provide when creating an account or making a booking: name, email address, and phone number. We also collect booking details such as date, time, party size, and any special requests associated with a reservation. Technical data including IP address, browser type, and session identifiers are collected automatically to operate the service securely.
We use your data to create and manage your account, process and confirm venue bookings, send transactional notifications (booking confirmations, reminders, and cancellations), and handle billing and subscription management. We do not use your personal data for advertising profiling or sell it to third parties.
We process your personal data on the following legal bases: performance of a contract (Art. 6(1)(b)) when processing bookings and managing your account; compliance with a legal obligation (Art. 6(1)(c)) for financial record-keeping; and legitimate interests (Art. 6(1)(f)) for service security and fraud prevention. Where we send optional marketing communications, we rely on your consent (Art. 6(1)(a)), which you may withdraw at any time.
We share your data with trusted third-party processors under data processing agreements: Stripe, Inc. for payment processing and subscription billing; Clerk, Inc. for secure user authentication and session management; and Resend, Inc. for transactional email delivery. Each processor is contractually bound to handle your data only on our instructions and in compliance with GDPR. Some processors may transfer data outside the EEA using Standard Contractual Clauses or adequacy decisions.
Account and booking data is retained for the duration of your account plus 3 years to fulfil contractual and statutory obligations, including Norwegian accounting law requirements (regnskapsloven) which mandate a 5-year retention of financial records. Inactive accounts with no associated active subscriptions will be deleted after 3 years of inactivity. You may request earlier deletion subject to our legal retention obligations.
Under GDPR, you have the right to: access a copy of your personal data; rectify inaccurate data; request erasure ('right to be forgotten') where no legal basis for retention applies; restrict or object to processing; and receive your data in a portable, machine-readable format. To exercise any of these rights, contact us at contact.sipio@gmail.com and we will respond within 30 days. You also have the right to lodge a complaint with Datatilsynet (the Norwegian Data Protection Authority) at www.datatilsynet.no.
We use only essential cookies necessary to operate the platform, including session and authentication cookies. We do not use tracking, advertising, or analytics cookies that require consent. You can control cookie behaviour through your browser settings, but disabling essential cookies may prevent the service from functioning correctly.
For any privacy-related enquiries, data subject requests, or to report a concern, please contact us at contact.sipio@gmail.com. We aim to respond to all requests within 30 days in accordance with GDPR requirements.
Questions? Contact · contact.sipio@gmail.com