Vmeste

Privacy policy

This policy may be updated as the service evolves. Current version: 2026-05-01.

1. Data controller

The Vmeste operator is the data controller in the meaning of GDPR. Exact legal name and address will be published before public launch.

2. Lawful basis (GDPR Art. 6)

  • Primary basis — consent given upon profile creation.
  • Secondary basis — legitimate interest for moderating reports and preventing abuse.

3. Data we collect

  • Profile fields: name, bio, category, fylke/kommune, postal code, languages, photos, contacts.
  • Reviews: rating, text, timestamps.
  • Favorites: user–profile pairs.
  • Reports: reason and submitter IP.
  • IP address for abuse prevention (Turnstile, rate-limit).
  • Cloudflare Turnstile cdata for bot protection.

4. Retention

  • Profile: while active + 30 days soft-delete window for restoration.
  • Reviews: until deleted by author or until associated profile is deleted.
  • Favorites: until removed by user.
  • Reports: 12 months.
  • Photos in R2: until profile is deleted; soft-delete prefix is auto-cleaned after 30 days.

5. Data sharing

Mailgun (EU region) is our subprocessor for magic-link emails. Other sharing happens only by order of Norwegian authorities.

6. Your rights

You can download all your data (GDPR Art. 20) or delete your account (GDPR Art. 17) at any time:

Export my dataDelete account

7. Defamation protection (skadeerstatningsloven §3-6)

General information — not legal advice.

Under §3-6 of the Norwegian Damages Act (skadeerstatningsloven), a person who considers their honour or private life violated by content on Vmeste may claim non-pecuniary damages (oppreisning) from the author of the content. As platform operator, Vmeste is not automatically liable for user-generated content, but we follow a notice-and-takedown process: (1) send a written complaint to legal@vmeste.no with the URL of the profile or review, a description of the allegedly unlawful content, your full name and contact information, and a substantiated argument why the content is unlawful; (2) we review complaints within 7 business days; (3) if the content is likely unlawful (manifestly false claims, hate speech, doxing), we hide or remove it immediately; (4) you may also complain directly to Datatilsynet or report the matter to Norwegian police. False or abusive complaints may expose the complainant to liability under §3-6.

8. Safe harbour (e-handelsloven §16)

General information — not legal advice.

Section 16 of the Norwegian e-Commerce Act (ehandelsloven) grants providers hosting user-generated content limited liability (a “safe harbour”), provided that the provider has no actual knowledge of unlawful information and acts expeditiously to remove or disable access once it learns of the unlawfulness. Vmeste pre-moderates profiles (but not reviews or reports), which gives us actual knowledge of profile content at publication — so our responsibility for profile content is higher than for non-moderated services: we review every submission, reject obvious violations, and accept joint liability for intentional or grossly negligent moderation errors. For reviews and reports, moderation is reactive: only upon a report or our own discovery of a violation. If you believe content is unlawful, use the “Report” button on the profile or email legal@vmeste.no — we review reports within 7 business days.

9. Datatilsynet

Datatilsynet (Norwegian Data Protection Authority)

Postboks 458 Sentrum, NO-0105 Oslo

https://www.datatilsynet.no/kontakt-oss/

10. Cookies

  • Supabase session cookies (httpOnly, required for sign-in).
  • Cloudflare Turnstile cookies for bot protection.
  • Selected locale cookie (NEXT_LOCALE).
  • No analytics or tracking — no cookie banner needed.

11. Data attribution

Postnummer-koordinater: Erik Bolstad, lisensiert under CC BY 3.0 Unported. Kilde: www.erikbolstad.no/postnummer/

Privacy contact

privacy@vmeste.no