<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=9151474&amp;fmt=gif">
Skip to content

Privacy Policy

Odins.ai AS
Org.nr: 831 930 772
Universitetsgata 2, 0164 Oslo, Norway

Last updated: July 2026


What this policy covers

This policy explains how Odins.ai AS ("Odins", "we", "us") collects and uses personal data when you visit our website (odins.ai) or interact with us. We process personal data in accordance with the Norwegian Personal Data Act and the EU General Data Protection Regulation (GDPR).

Who is responsible

Odins.ai AS is the data controller. For questions about your data, contact us at hello@odins.ai.

Odins.ai AS is the data controller for personal data we collect about website visitors and platform users. For marketing data imported from your company's connected advertising platforms (described below), we act as a data processor on behalf of your company, under the data processing agreement (DPA) between Odins and your company. We process the name and email address of the person who authorizes a platform connection as a data controller, to administer and secure the connection and show your team who linked it (legitimate interest, Article 6(1)(f) GDPR).

What we collect and why

When you visit our website

We use cookies and analytics tools to understand how visitors use our site. This may include:

  • IP address (anonymized where possible)
  • Browser type and device information
  • Pages visited and time spent
  • Referring website

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) for anonymous analytics. Consent for non-essential cookies.

When you fill out a form

If you request a demo, contact us, or subscribe to updates, we collect:

  • Name
  • Email address
  • Company name
  • Any other information you choose to provide

Legal basis: Your consent (Article 6(1)(a) GDPR) and our legitimate interest in responding to your inquiry.

When you are a customer

If your company uses the Odins platform, we process data as described in your service agreement. Marketing data processed through the platform is covered by a separate data processing agreement (DPA) between Odins and your company.

Google user data

When you connect a Google Ads account or a Google Analytics property to the Odins platform, you grant us access to data from that account through Google's APIs. This section explains how we handle that data.

What we access

With your authorization (via Google OAuth), we access your Google Ads data, including:

  • Account and customer identifiers
  • Campaign, ad group, and ad metadata
  • Spend, impressions, clicks, conversions, and related performance metrics

The Google Ads API offers a single scope (https://www.googleapis.com/auth/adwords), which is therefore the minimum we can request. Although this scope technically permits changes to an account, Odins only reads data: we never create, modify, or delete anything in your Google Ads account.

We also receive basic profile information for the Google Account that authorized the connection (name, email address, and profile picture) so your team can see which account is linked. We store only the name and email address.

If you connect a Google Analytics 4 property, we also access its reports (sessions, conversions, revenue, and related metrics) and your account and property list, on a read-only basis, via the https://www.googleapis.com/auth/analytics.readonly scope.

How we use it

We use your Google Ads data only to provide the Odins platform's features: importing your marketing spend and performance into your workspace for reporting, analytics, and statistical marketing-mix modeling that measures the contribution of your company's own marketing channels. We import data on a regular schedule for as long as the connection is active.

We do not use Google user data for advertising or retargeting, we do not build profiles of individuals, we do not sell it, and we do not use it to train generalized artificial intelligence or machine learning models. Data imported for your company is kept separate from other customers' data and is never used for another customer's benefit.

How we store and protect it

Google user data is stored within the Odins platform's EU-based infrastructure and is covered by the data processing agreement (DPA) between Odins and your company. Data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256), and access is limited to authorized personnel and systems that need it to operate the service.

How long we keep it

We retain Google user data for as long as your Google Ads connection is active. After you disconnect, we keep already-imported data by default so your reporting history is preserved. You can request export or deletion of a disconnected connection's data at any time by emailing hello@odins.ai (we respond within 30 days); see "Access or delete your data" below. You can disconnect at any time from your platform settings or revoke access in your Google Account at myaccount.google.com/connections. On contract termination we delete or return your data within 30 days, unless we have a legal obligation to retain it.

How we share it

We do not sell Google user data and do not share, distribute, or transfer it to third parties except the sub-processors that operate the Odins platform on our behalf, who are bound by data processing agreements (non-EEA sub-processors under EU standard contractual clauses; storage stays in the EU, and a copy of these safeguards is available on request at hello@odins.ai). We do not transfer this data to others for advertising, credit decisions, or AI/ML model training.

Limited Use

Odins' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data from other connected advertising platforms

Besides Google, your company can connect other advertising accounts to the Odins platform: Meta (Facebook), Microsoft Advertising (Bing), LinkedIn, and TikTok. When someone on your team authorizes a connection through the platform's own login and consent screen, we access data from that account through the platform's official API. This section explains how we handle that data.

What we access

We only read data from your accounts; we never create or change anything in them. Where a platform offers no narrower read-only permission, we enforce read-only use in our systems. With your authorization we import:

  • Ad account identifiers and account metadata
  • Campaign, ad group, and ad metadata
  • Spend, impressions, clicks, conversions, and related performance metrics
  • The name and email address of the team member who authorized the connection (from their Odins account, and from the platform where the platform provides it), so your team can see who connected it

Per platform:

  • Meta (Facebook): your ad account list and advertising performance data via Meta's Marketing API (public_profile and email for the authorizing user's name and email; ads_read for advertising data; business_management to list your businesses and ad accounts; business_management includes API-level write access, so read-only use is enforced by Odins).
  • Microsoft Advertising: advertising performance data via the Microsoft Advertising API (msads.manage scope; Microsoft offers no narrower read-only scope, so read-only use is enforced by Odins).
  • LinkedIn: your ad accounts and advertising analytics via LinkedIn's Advertising API (r_ads and r_ads_reporting).
  • TikTok: your advertiser accounts and advertising reporting via the TikTok for Business Marketing API (read-only ad account and reporting scopes).

We import data on a regular schedule for as long as the connection is active.

How we use it

We use this data only to provide the Odins platform's features to your company: importing your marketing spend and performance into your workspace for reporting, analytics, and statistical marketing-mix modeling that measures the contribution of your company's own marketing channels. Advertising data is used only on an aggregated and anonymized basis, to assess the effectiveness and performance of your company's own campaigns on the platform they ran on. We do not combine account or user information from one platform with information from another platform or service; cross-channel reporting and modeling use only aggregated, campaign-level spend and performance figures.

Advertising data we receive from Meta (Facebook) is used only on an aggregate and anonymous basis and only to assess the performance and effectiveness of your company's own campaigns; we do not mix Meta advertising data with advertising campaigns on different platforms.

We do not use this data for advertising or retargeting, we do not build profiles or segments of any individual, device, household, or browser, we do not sell it, and we do not use it to train generalized artificial intelligence or machine learning models. Data imported for your company is kept separate from other customers' data and is never used for another customer's benefit.

How we store and protect it

This data is stored within the Odins platform's EU-based infrastructure and is covered by the data processing agreement (DPA) between Odins and your company. Data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256), and access is limited to authorized personnel and systems that need it to operate the service.

How long we keep it

By default, we retain imported advertising data for as long as the connection is active. After you disconnect a connection, we keep already-imported data by default so your reporting history is preserved, except where a platform requires otherwise:

  • Meta (Facebook): we delete Meta data when you or your company request it, when Meta requires deletion, or when it is no longer needed to provide the service.
  • LinkedIn: we store LinkedIn advertising reporting data for up to 12 months and delete it after that, as LinkedIn's Marketing API Program terms require. If your company stops using Odins or asks us to, we delete stored LinkedIn data within 10 days. LinkedIn authorizations also expire after 12 months at the latest, so someone on your team must re-authorize the connection at least once a year for imports to continue.
  • TikTok: TikTok requires us to delete imported TikTok data when your authorization ends, unless expressly agreed otherwise with your company. Where your service agreement with us provides for it, we keep already-imported TikTok data to preserve your reporting history; otherwise we delete it when the authorization ends. We delete TikTok data on request at any time.

For all platforms, you can request deletion at any time (see "Access or delete your data" below). On contract termination we delete or return your data within 30 days, unless we have a legal obligation to retain it.

How we share it

We do not sell this data and do not share, distribute, or transfer it to third parties except the sub-processors that operate the Odins platform on our behalf, who are bound by data processing agreements (non-EEA sub-processors under EU standard contractual clauses; storage stays in the EU, and a copy of these safeguards is available on request at hello@odins.ai). We do not transfer it to others for advertising, credit decisions, or AI/ML model training.

Access or delete your data

You can ask us what personal data we hold about you and request a copy of it at any time by emailing hello@odins.ai. We respond within 30 days.

Two kinds of data are involved in deletion, with different paths:

  • Your personal data as the authorizing user (your name, email address, and access tokens): email hello@odins.ai and we will delete it. Anyone who has authorized a connection can make this request; we may ask for information to verify your identity. We respond within 30 days. This includes all data we have received about you from Meta (Facebook), Google, or any other connected platform. For data received from LinkedIn, we complete deletion within 10 days of your request.
  • Your company's imported advertising data: because this data belongs to your company, deletion requests are handled at company level under your service agreement: email hello@odins.ai or contact your Odins representative. Disconnecting a platform stops new imports immediately; on request we also delete the already-imported data (for LinkedIn the platform-specific timeline above applies automatically; for TikTok and Meta we delete as described above).

Managing or revoking access

You can disconnect any platform at any time from your Odins settings. When you disconnect a platform or revoke our access, we delete the stored access credentials (OAuth tokens) for that connection. You can also revoke Odins' access directly at the platform:

  • Google: myaccount.google.com/connections (Google Account → Security → "Your connections to third-party apps & services")
  • Meta (Facebook): Settings & privacy → Settings → Business integrations (business apps such as Odins appear here, not under Apps and websites). If the connection was granted through your Meta Business Manager, remove it at business.facebook.com under Business settings → Connected apps.
  • Microsoft: account.live.com/consent/Manage (personal accounts) or myapps.microsoft.com (work or school accounts; permissions granted by your organization's administrator must be removed by the administrator)
  • LinkedIn: Settings & Privacy → Data privacy → Other applications → Permitted services
  • TikTok: TikTok for Business Account Center → Authorizations (ads.tiktok.com/ac/page/authorizations); click Remove next to Odins

Tools and services we use

Our website is hosted on HubSpot. We use the following third-party services that may process visitor data:

  • HubSpot – website hosting, forms, and CRM (EU data processing)
  • Google Analytics – website analytics

These providers act as data processors on our behalf and are bound by data processing agreements.

How long we keep data

  • Website analytics data: Up to 26 months
  • Contact form submissions: Until you ask us to delete them, or until we no longer have a reason to keep them
  • Customer data: As defined in the service agreement
  • Connected advertising platform data: see "Google user data" and "Data from other connected advertising platforms" above

Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data (where there is no legal obligation to retain it)
  • Object to processing based on legitimate interest
  • Withdraw consent at any time
  • Data portability – receive your data in a machine-readable format
  • Complain to the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no

To exercise any of these rights, email us at hello@odins.ai. We will respond within 30 days.

Cookies

We use essential cookies to make the website function. We also use analytics cookies to understand site usage. You can manage your cookie preferences through your browser settings or our cookie banner.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

Contact

Odins.ai AS
Universitetsgata 2, 0164 Oslo
hello@odins.ai