1. Introduction

We, Kantega SSO AS, business registration no. 921 336 195, Bassengbakken 4, 7042 Trondheim, Norway (“Kantega”), strive for full transparency of the way we process personal data when you use our products and services.

In this privacy policy, we explain, among other things, what information we collect, why we collect it, and how we use the information that we process when you use our Kantega Single-Sign-On or Figma Connect applications (“app” or collectively “apps”), visit our website or contact us for support.

We are the controller of the personal data that we process unless otherwise stated in this privacy policy. Atlassian is not responsible for the privacy, security, and integrity of any personal data that we or our apps process. 

If you have any questions about the privacy policy or any other questions regarding our privacy practices, please contact us at contact@kantega-sso.com.

2. What kind of data do we collect and why?

2.1 When you visit our website

When you visit our website, we collect the following information from your device:

  • IP address,

  • date and time of the access,

  • name and URL of the accessed file,

  • browser type and version, and

  • further information sent by the browser (such as your computer’s operating system, the name of your access provider, geographical origin, etc.).

We only process these data to ensure trouble-free connection to the website, comfortable use of our website, for evaluating system security and stability, and for administrative purposes, unless otherwise stated in section 2.6 (cookies) and 3.4 (YouTube). The processing is necessary for the performance of a contract with you (General Data Protection Regulation (GDPR) art. (1) b).

Please note that we are not responsible nor can control how third parties’ websites that we link to from our website process personal data.

2.2 Evaluation and use of our apps

When you install our apps, we process:

  • names,

  • email address,

  • customer location,

  • company name, and

  • name of the purchaser.

The processing is necessary for the performance of a contract to which the legal entity that you represent is a party.

The legal basis for the processing is the performance of our contract with you (GDPR art. 6 (1) b).

2.3 When you use our Single Sign-On app

When you use our Single Sign-on app, we do not collect personal data as the app is hosted by the Customer.

2.4 When you use our Figma Connect app

When you use our Figma Connect app, we integrate and process your Figma content and sketches. In order to do so we also process the following personal data:

  • user ID in Confluence and Figma,

  • user details that you have registered in Atlassian like email address, position, telephone number, etc.,

  • name of the person who made or amended the content, and

  • name, comment information, and metadata related to the Figma content

We process the personal data to authorize the user and make the Figma content and comments available in Confluence. The legal basis for this processing is the performance of our contract with you (GDPR art. 6 (1) b).

2.5 Support

We offer support through three different channels based on your choice:

a)      Inquiries by e-mail to support@kantega-sso.com

b)      Kantega service portal

c)       Online meeting with support team

To provide you with support, we will collect:

  • your name,

  • email address,

  • IP address,

  • country of residence,

  • relevant product information, and

  • other personal data you choose to share with us,

in order to answer your question or respond to your request, comment, or complaint.
The processing is necessary for the performance of a contract with you (GDPR art. (1) b).

2.6 Cookies

A “cookie” is a piece of data sent from a website that is visited and stored locally on your browser. The purpose of cookies is to maintain data related to user preferences, account settings, and evaluate and compile statistics about user activity. Please find our list of cookies we use on our website and other services here.

You can choose whether to accept cookies by editing your browser settings. However, if cookies are refused, some features on our website may not work as intended.  Information about the procedure to follow in order to enable or disable cookies can be found at:

For more information about other commonly used browsers, please refer to http://www.allaboutcookies.org/manage-cookies/.

3. Where we process your data/Third parties

3.1 Service providers

We use third-party services for analytics, marketing, and hosting.

We will only process your personal data with third parties as described in this privacy policy and do not sell any personal data. The third parties will be responsible for any processing of personal data for their own purposes. Please find links to their privacy policy under the description of each third party below. If a third party uses cookies and similar technologies to collect information about activity on our website, you can find more information in our list of cookies in sec. 2.6.

3.1.1 Facebook and LinkedIn

We have an account on Facebook and LinkedIn to present our products and Kantega.

Facebook and LinkedIn allow us to see posts, likes, followers, comments, messages, as well as aggregated statistics to help us understand the visitor’s actions on our pages. Facebook and LinkedIn process personal data in the USA and other countries listed in their privacy policy. The European standard contractual clauses are the legal basis for the transfer. 

Kantega will be the controller of the personal data we process for our own purposes of advertising and communication through Facebook and LinkedIn. However, the social platforms will be the controller of the personal data they process for their own purposes.

Please read more about what information Facebook and LinkedIn process in their privacy policies.

3.1.2 Twitter

We use Twitter to present our products and Kantega. The only personal data we can see is your interactions with our tweets.

Kantega will be the controller of the personal data we process for our own purposes of advertisement and communication through Twitter. However, Twitter will be the controller of the personal data it processes for its own purposes.

Twitter processes personal data in the USA and other countries listed in their privacy policy. The legal basis for the processing is the European standard contract clauses. Kantega will be the controller of the personal data we process for our own purposes through YouTube. However, Google will be the controller of the personal data it processes for its own purposes.

3.1.3 YouTube

We use YouTube (Google app) to show videos on our website for providing our users with instructions, advertising, and analytical purposes.  

We can see the usernames of our followers and anyone who comments on our videos. Any comments will automatically be deleted after 60 days. YouTube does not share personal data with us but provides us with analytics of the users who watches our videos.

YouTube processes personal data in the USA and other countries listed in their privacy policy. The legal basis for the processing is the European standard contract clauses.

Read more:  https://policies.google.com/privacy?hl=en

3.1.4 SendInBlue

We use SendInBlue to send out marketing emails and newsletters with information regarding product updates to our customers. You have the opportunity to opt out of the marketing email. We share your name and email for processing by SendInBlue, imported from our Atlassian Marketplace listing of your transaction. We have entered a data processor agreement with SendInBlue, see ANNEX 1 – Agreement on the processing of personal data in their terms of use.

Kantega will be the controller of the personal data we process for our own purposes of advertisement and communication through Marketing emails in SendInBlue. SendInBlue stores its data in europe in accordance with GDPR and guarantees that it ensures the protection of the data subject’s rights.

Read more:https://www.sendinblue.com/legal/privacypolicy/

3.1.5 Amazon Web Services

We use Amazon Web Services (AWS) for hosting the app and storing necessary data about integrations and clients. The data is stored in a European region behind standard security measures provided by the platform.

Read more: https://aws.amazon.com/privacy/

3.2 Business transactions

Relevant personal data may also be provided to third parties such as lawyers, advisers, buyers, and prospects in connection with a business transaction, including a prospective or completed merger, acquisition, or stock sale (including transfers made as part of insolvency or bankruptcy proceedings). Non-disclosure agreements will securely protect any change of corporate control or disclosure for the purpose of determining whether to proceed or continue with such a transaction or business relationship.

4. Safety measures

The protection of your personal data is a high priority for us. Our security measures include physical, technical, and administrative measures. Everyone at Kantega who handles personal data has received training and guidance on how to handle personal data safely. We adopt industry-standard software and guidelines to protect your personal data and other confidential information. Our organization follows industry best practices for ensuring the confidentiality, integrity, and availability of your data.

5. Your rights as a data subject

Subject to applicable law, you may have certain rights with respect to our processing of your personal data.

We will provide you with the right to have access to a copy of, rectify, correct, and update the personal data that we have about you in accordance with GDPR chapter 3. You may also have the right to restrict processing or have your data deleted. If our processing is based on your consent, you may also withdraw any consents you have given at any time. Please contact us at contact@kantega-sso.com.

Please let us know if you consider that our processing of your personal data infringes applicable law.

If you believe that we process your data in violation of your rights, you have the right to complain to the Norwegian Data Inspectorate (“Datatilsynet”). You should always contact us before sending a complaint to Datatilsynet so that we can try to resolve or clarify the issue.

6. For how long do we store personal data

We will retain and use personal information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Upon effective termination of our apps, we will delete any personal data related to your account within three months.  

7.Changes in the privacy policy

We may update our privacy policy based on changing business practices, technology, and legal requirements. Any such changes will be posted on this page. If we make a significant change in the way we use or share your personal information, you will be notified via email and/or through other prominent notice within at least 30 days prior to the changes taking effect.