We believe privacy is a right, not a feature. This policy explains in plain language what data we collect, why we collect it, and how you can control it. EasyOKR is operated by Lachica Systems and all data is hosted within the EU.
1. Who We Are
EasyOKR is a product of Lachica Systems, registered in Norway. When this policy refers to "we", "us", or "our", it means Lachica Systems as the data controller for the personal data you provide.
Contact: info@easyokr.eu · +47 98 019 019
2. Data We Collect
We only collect data that is necessary to provide and improve EasyOKR. This falls into two categories:
2.1 Data you provide directly
- Account information: name, work email address, and password (stored as a salted hash).
- Organisation data: company name, team structure, and any OKRs or key results you create within the platform.
- Communications: messages you send us via email or in-app support chat.
- Billing information: handled entirely by our payment processor (Stripe). We never store full card numbers.
2.2 Data collected automatically
- Usage data: pages visited, features used, clicks, and session duration — used to improve the product.
- Technical data: IP address, browser type, operating system, and device type.
- Log data: server logs retained for up to 90 days for security and debugging purposes.
3. How We Process Your Data
We process personal data on the following legal bases under GDPR Article 6:
- Contract performance (Art. 6(1)(b)): to provide the EasyOKR service you signed up for.
- Legitimate interests (Art. 6(1)(f)): to analyse usage patterns, prevent fraud, and improve product security — always balanced against your rights.
- Consent (Art. 6(1)(a)): for non-essential cookies and marketing communications, where you have explicitly opted in.
- Legal obligation (Art. 6(1)(c)): when required by Norwegian or EU law.
We do not sell your personal data to third parties. We do not use your OKR content to train AI models.
4. Cookies & Tracking
We use a minimal set of cookies to make EasyOKR work and to understand how it is used.
4.1 Essential cookies
These are required for the service to function and cannot be disabled:
- Session cookie: keeps you logged in during your visit.
- CSRF token: protects form submissions from cross-site request forgery.
4.2 Analytics cookies (optional)
With your consent, we use a privacy-friendly analytics tool (self-hosted Plausible Analytics) to understand aggregate traffic patterns. Plausible does not use persistent cookies and does not fingerprint individual users.
4.3 Third-party cookies
If you connect integrations (e.g. Slack, Jira), those services may set their own cookies subject to their respective privacy policies.
You can manage or withdraw cookie consent at any time by clicking "Cookie settings" in the site footer, or by adjusting your browser settings.
5. Data Retention
- Account and OKR data is retained for as long as your account is active.
- If you delete your account, we permanently delete your personal data within 30 days, except where retention is required by law (e.g. billing records for 5 years under Norwegian accounting law).
- Server logs are deleted after 90 days.
- Anonymised, aggregated analytics data may be retained indefinitely.
6. Where Your Data Is Stored
All personal data and OKR content is stored on servers located within the European Union (primary region: Frankfurt, Germany). We do not transfer personal data outside the EEA without adequate safeguards (Standard Contractual Clauses or equivalent).
7. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Access: request a copy of the data we hold about you.
- Rectification: ask us to correct inaccurate data.
- Erasure: request deletion of your data ("right to be forgotten").
- Portability: receive your data in a structured, machine-readable format.
- Restriction: ask us to limit processing in certain circumstances.
- Objection: object to processing based on legitimate interests.
- Withdraw consent: where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email info@easyokr.eu. We will respond within 30 days. If you are unsatisfied, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).
8. Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. However, no system is 100% secure. If you discover a vulnerability, please disclose it responsibly to info@easyokr.eu.
9. Changes to This Policy
We may update this policy periodically. When we make material changes, we will notify you via email and update the "Last updated" date at the top. Continued use of EasyOKR after changes constitutes acceptance of the revised policy.
10. Contact
For any privacy-related questions or requests:
Lachica Systems
Dronning Eufemias gt. 49
Oslo, Norway
Email: info@easyokr.eu
Phone: +47 98 019 019