Privacy Policy

Last updated: 2026-04-24

Home

Who we are

Custom Hours is operated by Custom Projects AS, a Norwegian aksjeselskap. Organisation number: 934561112. Country: Norway. This Privacy Policy explains how personal data is processed when Custom Hours is used.

What data we process

  • Account data: name, email, role, company membership, and access status.
  • Company data: company name, settings, employee access, and subscription metadata.
  • Work data: projects, work dates, start/end times, breaks, comments, statuses, and approval decisions.
  • Absence data: absence type, dates, status, and related administrative notes.
  • Audit logs: records of important actions, including who changed what and when.
  • Technical and security data: session identifiers, timestamps, and security-related request data.
  • Payment metadata: subscription and billing metadata handled through Stripe. Custom Hours does not store full card details.

Why we process data

  • To provide authentication, company access, hour registration, project tracking, absences, approvals, and reporting.
  • To keep an audit-friendly history for accountability and troubleshooting.
  • To operate subscriptions and billing status through Stripe.
  • To keep the Service secure and investigate abuse or errors.
  • To maintain and improve reliability of the Service.

Legal basis and roles

For business customers, the customer is usually the data controller for employee data, and Custom Projects AS acts as a processor. Some processing may also be necessary to operate the Service, protect security, comply with law, or manage customer subscriptions.

Payment processing

Payments and subscription management are handled by Stripe. Stripe may process payment and billing information according to its own terms and privacy documentation.

Data sharing

We do not sell personal data. Data is shared only with service providers needed to run Custom Hours, such as hosting, database, email, authentication, monitoring, and payment providers, and only to the extent required to provide and secure the Service.

Data retention

We retain personal data as long as needed to provide the Service and meet legitimate operational needs such as auditability, billing, security, and legal requirements. Customers may request export or deletion where applicable.

Security

We use reasonable technical and organizational measures to protect data, including tenant isolation, server-side sessions, role-based access control, and audit logging for key actions.

Your rights

If you are an employee using Custom Hours through your employer, contact your employer first. Customer administrators may contact Custom Projects AS to request access, correction, export, or deletion where applicable.

Contact

For privacy requests, contact Custom Projects AS through the contact details provided during account setup or customer communication.

Terms of Service