Privacy Policy

Norsk versjon →

Last updated: 15 April 2026

Knytto never sells data.

We do not sell your personal information, your customers' personal information, or any data we process on your behalf — to anyone, ever. We also do not use the data for marketing, advertising, or profiling.

1. About us

Knytto is a service that automatically synchronises data between Shopify stores and Norwegian accounting systems (Fiken and Tripletex). This privacy policy describes how we process personal data when you use Knytto.

Data controller: Mordor Media
Contact: post@knytto.no

2. What data we collect

2.1 Information about you as a Knytto customer

  • Email address (used as login)
  • Name, phone number, and address (optional)
  • Password (stored only as a cryptographic hash)
  • Payment details are handled by Stripe — we do not store card information ourselves
  • API connections to your Shopify store and your accounting system (OAuth tokens)

2.2 Data from your Shopify store

To perform the sync, we retrieve the following data from the Shopify API with your authorisation:

  • Orders (including amounts, dates, and line items)
  • Products (name, price, SKU, stock level)
  • Customers (name, email, phone number, and address)

This data belongs to your customers, not to Knytto. We act as a data processor for this type of data on your behalf — you are the data controller.

2.3 Logs and statistics

We keep sync logs (how many orders/products/customers were transferred, when, and any error messages) for up to 6 months. These are used for troubleshooting and to show you statistics in your dashboard.

3. Why we collect this data

  • Contract performance: Deliver the service you subscribe to (syncing between Shopify and Fiken/Tripletex)
  • Account management: Create and maintain your user account
  • Billing: Charge your subscription via Stripe
  • Support and troubleshooting: Help you when something goes wrong
  • Security: Protect your account and the service from abuse

4. Legal basis

Processing is based on GDPR Article 6(1)(b) — necessary for performing the contract you have entered into with Knytto. For customer data retrieved from Shopify and sent to Fiken/Tripletex, we act as a data processor under your instructions as data controller.

5. Who we share data with

We use the following sub-processors to deliver the service:

  • Shopify — source of data, not a recipient
  • Fiken (or Tripletex) — the accounting system you have chosen. Customer and order data is transferred here at your direction.
  • Stripe — payment processor for your subscription
  • Resend — transactional email (password resets, confirmations)
  • Coolify / Linode — server infrastructure (within the EU)

We do not sell personal data to third parties and do not use it for marketing or profiling.

6. How long we keep data

  • Account information: as long as you have an active Knytto account
  • Sync logs and statistics: up to 6 months
  • Customer data from Shopify: processed temporarily in memory during sync and not stored permanently by Knytto — persistent storage happens in Fiken/Tripletex under your own retention rules
  • API tokens: stored as long as the connection is active, deleted when you disconnect
  • Payment information: handled by Stripe — we do not store card numbers ourselves

When you delete your account, all information about you is deleted within 30 days, with the exception of what we are legally required to retain (e.g. accounting records under Norwegian law).

7. Your rights

Under GDPR, you have the right to:

  • Access the information we have about you
  • Have incorrect information corrected
  • Have your data deleted ("the right to be forgotten")
  • Restrict processing
  • Receive your data in a structured format (data portability)
  • Object to processing
  • Withdraw consent at any time
  • File a complaint with the Norwegian Data Protection Authority (datatilsynet.no)

Send requests to post@knytto.no. We will respond within 30 days.

8. Security

  • All traffic is encrypted over HTTPS with TLS
  • Passwords are stored as a cryptographic hash (never in plain text)
  • API keys are stored in a secure database with access control
  • The database is hosted within the EU
  • Regular security updates and backups

9. Cookies

Knytto only uses strictly necessary cookies to keep you logged in and to protect against CSRF attacks. We do not use tracking cookies, analytics cookies, or marketing cookies.

10. Changes to this privacy policy

If we make significant changes, we will notify you by email and with a notice on the dashboard. Minor changes are updated here only, with a new date at the top.

11. Contact

Have questions about privacy at Knytto? Email us at post@knytto.no.

← Back to home