Skip to content
Prodsync
← Legal

Privacy Policy

Last updated: March 16, 2026

1. Introduction

This Privacy Policy explains how Prodsync AS (org. nr. 933 023 281), located at Torvmyrane 13, 6160 Hovdebygda, Norway ("Prodsync," "we," "us," or "our"), collects, uses, stores, and protects your personal data when you use our services.

This policy covers two products operated by Prodsync:

  • Prodsync Platform — a B2B event production management platform for organizations managing live events, concerts, and festivals.
  • Plot — a free tool for artists and tour managers to create stage plots and riders.

Prodsync AS is the data controller for the personal data described in this policy, as defined by the General Data Protection Regulation (GDPR).

By using either product, you agree to the data practices described in this policy. If you do not agree, please do not use our services.

2. Data We Collect — Prodsync Platform

When you use the Prodsync Platform, we may collect the following data:

Account and profile data

  • Name, email address, and profile information provided during registration
  • Authentication data (managed via Firebase Authentication or Google OAuth)
  • Organization membership and role within your organization
  • Language and display preferences

Event and production data

  • Event details (names, dates, locations, schedules)
  • Artist information, activities, and production plans
  • Transport, accommodation, hospitality, and crew data
  • Contact person details associated with events
  • Uploaded files and attachments

Usage data

  • Pages visited and features used (collected via Plausible Analytics, a privacy-focused analytics service that does not use cookies or collect personal data)
  • Device type and browser information (anonymized)

Data sharing within your organization

Data you enter into the Prodsync Platform is visible to other members of your organization, according to their role and permissions. Organization administrators control who has access to what data. Prodsync does not share your organization's data with other organizations.

3. Data We Collect — Plot

When you use Plot, we may collect the following data:

Account data

  • Name and email address provided during registration
  • Authentication data (managed via Firebase Authentication or Google OAuth)
  • Email verification status

Content you create

  • Stage plot data (element positions, labels, canvas settings)
  • Rider documents (artist name, technical specifications, input lists, hospitality requirements, contact details)
  • Uploaded logos and images

Usage data

  • Pages visited and features used (via Plausible Analytics, no cookies or personal data)

4. How We Use Your Data

We use the data we collect for the following purposes:

  • To provide, maintain, and improve our services
  • To authenticate your identity and manage your account
  • To store and deliver the content you create (events, stage plots, riders, etc.)
  • To send transactional emails (account verification, password resets)
  • To analyze usage patterns and improve the user experience (using anonymized, aggregated data)
  • To provide AI-powered features such as stage plot image analysis (Plot) and contract extraction (Prodsync Platform)
  • To comply with legal obligations

We do not sell your personal data. We do not use your data for advertising.

5. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Contract performance — Processing necessary to provide the services you have signed up for (account management, data storage, content delivery).
  • Legitimate interest — Processing necessary for our legitimate business interests, such as improving our services, preventing abuse, and ensuring security, where these interests are not overridden by your rights.
  • Consent — Where we rely on your consent (e.g., for optional cookies or marketing communications), you may withdraw consent at any time.
  • Legal obligation — Processing necessary to comply with applicable laws and regulations.

6. Third-Party Services

We use the following third-party services to operate our products:

  • Firebase Authentication (Google) — Account authentication and identity management. Processes email, name, and OAuth profile data.
  • MongoDB Atlas — Database hosting for application data. Data is stored in cloud-hosted databases.
  • Google OAuth — Optional sign-in method. Processes your Google account profile information (name, email, profile picture).
  • Resend — Transactional email delivery (account verification, password resets). Processes email addresses.
  • OpenAI — AI-powered features including contract analysis (Prodsync Platform). Content submitted to AI features is processed by OpenAI's API under their data processing agreement.
  • Google Gemini — AI-powered features including stage plot image analysis (Plot). Uploaded images are processed by Google's Gemini API under their data processing agreement.
  • Plausible Analytics — Privacy-focused website analytics. Does not use cookies, does not collect personal data, and is fully GDPR compliant.
  • DigitalOcean — Application hosting infrastructure.

Data submitted to AI-powered features is processed by third-party AI providers under their respective data processing agreements. We have configured these services to not use your data for model training where such options are available.

Each third-party service operates under its own privacy policy. We encourage you to review their policies for details on how they handle data.

7. Cookies and Local Storage

We use cookies and browser local storage for the following purposes:

  • Authentication — Firebase Authentication uses cookies and local storage to maintain your login session. These are essential for the service to function.
  • Preferences — We store your display preferences (such as theme, language, and UI settings) in cookies or local storage so they persist between visits.
  • Cookie consent — We store your cookie consent preference in local storage.

We do not use tracking cookies or third-party advertising cookies. Our analytics provider (Plausible) does not use cookies.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide our services:

  • Account data — Retained for the lifetime of your account. Deleted upon account deletion request.
  • Content data (events, stage plots, riders) — Retained for the lifetime of your account or organization membership.
  • Analytics data — Plausible retains anonymized, aggregated analytics data. No personal data is stored.

When you request account deletion, we will delete your personal data within 30 days, except where we are required by law to retain certain information.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or Norway, you have the following rights regarding your personal data:

  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can request that we correct inaccurate or incomplete data.
  • Right to erasure — You can request that we delete your personal data, subject to legal retention requirements.
  • Right to data portability — You can request your data in a structured, commonly used, machine-readable format.
  • Right to restrict processing — You can request that we limit how we process your data in certain circumstances.
  • Right to object — You can object to processing based on legitimate interests.
  • Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) if you believe your rights have been violated.

10. Data Security

We take reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest in our databases
  • Role-based access controls within the application
  • Regular security reviews of our infrastructure and code

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. International Data Transfers

Your data may be processed by third-party services located outside the European Economic Area (EEA). When this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or that the recipient is certified under an adequacy framework.

12. Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we may notify you by email or through a notice in our services.

We encourage you to review this policy periodically to stay informed about how we protect your data.

14. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Prodsync AS

Org. nr. 933 023 281

Torvmyrane 13, 6160 Hovdebygda, Norway

Email: [email protected]