Privacy Policy

Your privacy is important to us. At Alos, we follow a few fundamental principles:

  • We only ask for and process personal information when we have a clear reason to do so.
  • We keep personal information only for as long as we have a legitimate purpose and legal basis.
  • We aim to make your choices simple and transparent, including how analytics and cookies are used.
  • We do not sell your personal information.
  • We work to protect your information against unauthorized access and overbroad disclosure requests.
  • We strive for clear explanations of how and why we collect, use, and share personal information.

Below is our Privacy Policy, which puts these principles into practice.

Who We Are and What This Policy Covers

We are Alos, a Norway-based company that provides drone-based imaging, mapping, inspection, and related visualization services.

This Privacy Policy applies when you:

  • Visit our websites under the alos.no domain, including subdomains such as cdn.alos.no.
  • Use our contact form or communicate with us by email or phone.

We do not operate consumer mobile apps and we do not offer public user accounts on our company site. This Privacy Policy does not apply to third-party websites or services that we link to; those have their own privacy statements.

For our legal identity and how to contact us, see Controllers and Contact Details below.

Creative Commons ShareAlike License

We make this Privacy Policy available under the Creative Commons Attribution-ShareAlike 4.0 International license. You are welcome to copy, adapt, and repurpose it for your own use. Please ensure your version accurately reflects your practices and laws applicable to you, and include proper attribution.

Attribution: Portions of this document are adapted from Automattic’s Privacy Policy, available under CC BY-SA 4.0.
License: https://creativecommons.org/licenses/by-sa/4.0/
Automattic: https://automattic.com/privacy/

Information We Collect

We only collect information about you when we have a reason to do so — for example, to operate our website, respond to your inquiries, secure our services, or improve how visitors use our pages.

We collect information from three sources: (1) information you provide to us, (2) information collected automatically when you visit our site, and (3) limited information from third parties or public sources. The details are below.

Information You Provide to Us

  • Contact form and direct communications. When you write to us (for example via our contact form or by email or phone), we process the information you provide, which typically includes your name, email address, phone number (optional), and the content of your message. If you attach files, we process those to handle your request. We keep these communications as needed to respond and for our legitimate business records.

  • Business correspondence. If you ask for a quote, enter into a statement of work, or otherwise discuss a project with us, we process the contact details and any project information you choose to share so we can prepare and deliver our services.

  • Client portal access (if enabled). If we provide you with access to a private portal under our domain, we will process the credentials and role information required to grant access and log activity needed for security and auditing.

We do not operate public user accounts or an online store on our company site, and we do not collect payment card information on alos.no.

Information We Collect Automatically

When you visit our website, certain information is collected automatically for security, basic operation, and analytics:

  • Server and security logs (Cloudflare and origin). Our hosting and content delivery providers (including Cloudflare) automatically process technical information that browsers and devices typically send, such as IP address, HTTP headers, request and response metadata, referrer, and timestamps. This helps us operate the site, defend against abuse, and investigate reliability issues. Cloudflare may set strictly necessary security cookies (for example to remember a bot-challenge result).

  • Anti-bot verification (Cloudflare Turnstile). To protect our contact form from automated abuse, Turnstile processes technical signals from your browser or device to determine whether a request is from a human. Turnstile may place a necessary cookie to store the challenge state.

  • Analytics and usage measurements.

    • Google Analytics 4 (GA4). We use GA4 to measure aggregated traffic and usage patterns. GA4 uses first-party cookies and similar identifiers to understand how visitors use our pages, such as page views, navigation events, approximate geolocation (derived from general network information), and device/browser characteristics. We configure GA4 with privacy-preserving settings and data retention appropriate for our purposes.
    • Microsoft Clarity. We use Clarity to understand usability through aggregated heatmaps and session replays. Clarity uses first-party cookies and records interaction data such as clicks, scrolls, and page navigation. We configure Clarity to mask text inputs and to avoid capturing fields that may contain personal or sensitive content.

  • Cookies and similar technologies. Aside from the security and analytics technologies described above, we do not set our own marketing cookies. You can control analytics cookies through the consent controls presented on our site. For details, see the Cookies section of this policy.

  • Device and browser settings. We may receive information such as the type and version of your browser, operating system, language preference, and screen size to ensure our content renders correctly.

We do not use automated decision-making that produces legal or similarly significant effects about you.

Information We Collect from Other Sources

  • Service providers. We may receive limited personal information from our service providers where needed to operate our website or support communications (for example, delivery status for emails).

  • Public and business sources. For B2B outreach or to verify contact details for an ongoing project, we may use publicly available business contact information (for example, on a company website or professional directory).

We do not buy lists and we do not collect payment data from third parties for use on our marketing site.

How and Why We Use Information

Purposes for Using Information

We use information about you only where we have a clear purpose:

  • Operate and deliver the website. Run alos.no, serve media via our CDN, render pages, and provide the contact form. This includes routing, caching, TLS termination, and DDoS/bot mitigation provided by our infrastructure partner(s).

  • Respond to inquiries and perform pre-contract steps. Read and reply to messages you send through our contact form or by email, prepare proposals, and keep necessary records of our communications.

  • Security and abuse prevention. Detect and prevent spam, malware, scraping, and other misuse using server logs, Cloudflare security features, and Cloudflare Turnstile. We may analyze log events to investigate reliability or security incidents.

  • Analytics and site improvement. Measure aggregate traffic and usage patterns with Google Analytics 4 and Microsoft Clarity so we can understand what content is useful, debug issues, and improve navigation and performance. Where required by law, we rely on your consent before enabling analytics.

  • Basic preferences. Remember choices such as your language preference, and the state of anti-bot challenges that are necessary to submit the contact form.

  • Legal compliance and business records. Maintain records needed for accounting, tax, and statutory retention, and to respond to lawful requests.

  • Recruitment (if you apply). Review applications, verify information, and communicate with applicants.

We do not run an online store on alos.no, do not operate public user accounts, and do not serve behavioral advertising.

If you are in the EEA/UK/Switzerland (including Norway), our processing rests on:

  • Contract or steps prior to entering into a contract (GDPR Art. 6(1)(b)): handling your inquiry, preparing a proposal, or providing a private client portal if enabled.

  • Legitimate interests (Art. 6(1)(f)): operating a secure website, preventing abuse, producing high-level usage statistics to improve content and UX, and keeping necessary business records. We balance these interests against your rights and expectations.

  • Consent (Art. 6(1)(a) and ePrivacy rules): placing or reading non-essential cookies or similar identifiers for analytics and session replay. You can withdraw consent at any time through the controls we provide.

  • Legal obligation (Art. 6(1)(c)): keeping records required by law and responding to lawful requests from authorities.

We do not make automated decisions that produce legal or similarly significant effects about you.

Sharing Information

How We Share Information

We share information about you only as needed and with appropriate safeguards:

  • Service providers (processors). We use carefully selected vendors to operate our site and communications, for example:

    • Cloud infrastructure and security: Cloudflare (Pages/CDN, security features, Turnstile), and storage for site media.
    • Analytics: Google Analytics 4 and Microsoft Clarity, subject to your consent where required.
    • Email delivery and form handling: providers we use to send and receive email and process contact form submissions. These providers process information on our instructions and are bound by confidentiality and data protection commitments.

  • Professional advisors. Accountants, auditors, or legal counsel where necessary and subject to confidentiality.

  • Legal and regulatory. If we are required to do so, we may disclose information to comply with law, court orders, or lawful requests from public authorities.

  • Protection of rights and safety. Where reasonably necessary to protect the rights, property, or safety of Alos, our clients, or the public, for example investigating abuse or security incidents.

  • Business transfers. If we undergo a restructuring, merger, or asset sale, information may be transferred as part of the transaction, subject to continued protection consistent with this policy.

  • With your direction or consent. For example, if you ask us to share your details with a project partner, or agree that we may publish a testimonial or case study.

We do not sell personal information and we do not share it with third parties for their own marketing.

Information Shared Publicly

Our marketing site does not host public user profiles or comments. Contact messages and email addresses you provide are not published. If we showcase client work or testimonials, we do so only with permission and we remove or mask personal details where appropriate.

How Long We Keep Information

We keep personal information only for as long as it is needed for the purposes described in this policy, or to meet legal, accounting, or reporting obligations. When a retention period expires, we delete or irreversibly anonymize the data.

Category-specific retention:

  • Contact inquiries: Messages sent via our contact form or by email are kept for up to 24 months after our last interaction, unless they become part of a client file or legal record. If a project proceeds, relevant correspondence is stored with the project records and retained for the period required by law and our contractual obligations.
  • Operational and security logs (including CDN/edge logs): Limited technical logs (e.g., IP address, user agent, timestamps, request metadata) are retained for up to ~30 days to operate the site, troubleshoot incidents, and prevent abuse.
  • Anti-bot and security signals (e.g., Cloudflare Turnstile): Short-lived and typically retained by the provider only for the time needed to validate the challenge and protect the service.
  • Analytics (Google Analytics 4, Microsoft Clarity): We use vendor retention controls and keep analytics data for only as long as necessary for aggregate reporting and site improvement. We may retain non-identifying, aggregated statistics for longer.
  • Recruitment: Application data is retained for the duration of the process and generally up to 12 months thereafter unless a longer period is required by law or you consent to a longer period.

Backups and caches are cycled and overwritten on a rolling basis. Deletions from active systems may take additional time to reflect across backups.

Security

No online service can be 100% secure, but we take reasonable and appropriate measures to protect your information against unauthorized access, use, alteration, or destruction. Measures include:

  • TLS encryption in transit and secure hosting behind a CDN with DDoS mitigation and bot protection (Cloudflare).
  • Principle of least privilege, access controls, and auditability on systems that store correspondence and project records.
  • Monitoring for abuse patterns and security anomalies; timely patching and configuration hardening.

Because alos.no does not provide public user accounts, you do not need to create credentials to browse our site or to contact us. For our internal systems and client environments we use additional safeguards such as multi-factor authentication where available.

Choices

You have options regarding your information:

  • Analytics and cookies: Where required, we request your consent before enabling non-essential analytics (Google Analytics 4 and Microsoft Clarity). You can withdraw consent at any time using the controls we provide (see the Cookies section of this policy). You may also configure your browser to block or delete cookies; some site features (e.g., language preference) may rely on essential cookies or equivalent storage.
  • Email and contact preferences: If you no longer wish to receive follow-ups about an inquiry, let us know in your reply and we will stop non-essential communications (we may still send messages necessary to respond to your request or perform a contract).
  • Device and browser controls: You can use browser settings, content blockers, or network-level tools to limit tracking technologies. If your browser sends a “Do Not Track” signal, we currently do not respond to that signal. Please use our consent controls instead to manage non-essential analytics.
  • Data rights: Depending on where you live (including the EEA/UK/Switzerland/Norway), you may have rights to access, correct, delete, or restrict processing of your personal data, and to object to processing or withdraw consent. See the “Your Rights” section below for how to exercise these rights.

If you have questions about choices or need help changing a preference, contact us using the details in the “Contact Us” section.

Your Rights

Depending on where you live (including the EEA/UK/Switzerland/Norway), you may have rights over your personal data. These can include the right to:

  • Access a copy of your personal data;
  • Request correction (rectification) of inaccurate data;
  • Request deletion (erasure);
  • Restrict or object to certain processing (including analytics based on legitimate interests);
  • Data portability (to receive your data in a structured, commonly used format);
  • Withdraw consent at any time where processing is based on consent (e.g., non-essential analytics cookies);
  • Lodge a complaint with a supervisory authority. In Norway, this is Datatilsynet.

To exercise your rights, contact us at email: privacy@alos.no. We may need to verify your identity before acting on a request. If we decline a request where the law allows (for example, to comply with legal obligations), we will explain why.

Controllers and Contact

Controller: Alos, Org. no. [XXXX XX XXXX] Email: privacy@alos.no

International Transfers

We are based in Norway (EEA), but some of our providers process data in other countries. For example:

  • Cloudflare (CDN/edge security and hosting for alos.no);
  • Google Analytics 4 (website analytics);
  • Microsoft Clarity (session analytics/heatmaps).

When personal data is transferred outside the EEA/UK/Switzerland, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and supplementary measures where required. Where providers offer EU/EEA data-region options, we use them when feasible. You can contact us for more details about transfers and safeguards.

Ads and Analytics by Others

We do not run third-party advertisements on alos.no.
We use Google Analytics 4 and Microsoft Clarity to understand aggregate site usage and improve the site. These services may set cookies or similar technologies and collect device information, approximate location (derived from IP), and on-site interactions (e.g., pages viewed, clicks, scrolls). See the Cookies section for details and how to manage consent or opt out. Your browser’s “Do Not Track” signal is not acted on by these services; please use our consent controls instead.

Third-Party Software and Services

Our site may link to or embed third-party content (e.g., maps or videos). Interacting with such content can allow those providers to collect data subject to their own privacy policies. We recommend reviewing any third-party policy before use. Current core providers include Cloudflare (delivery/security), Google Analytics 4, and Microsoft Clarity.

How to Reach Us

Questions or requests about this Privacy Policy or your data rights:

We aim to respond without undue delay and within the timelines set by applicable law.

Privacy Policy Changes

We may update this policy from time to time. We will post the updated version here and adjust the “Last updated” date. Material changes may also be announced on the site. Your continued use of alos.no after changes means you accept the updated policy.

Last updated: [2025-10-02]