Back to homepage
Legal

Privacy Policy

Last updated: April 2026

LocalSupply ("we", "us", or "our") is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and Norwegian data protection law. This policy explains what data we collect, why we collect it, and your rights.

1. Who we are

LocalSupply is a Norwegian company operating a B2B/B2C grocery marketplace. We act as the data controller for personal data collected through our platform at localsupply.site.

2. Data we collect

We collect the following categories of personal data:

  • Account data: name, email address, and password (hashed) when you register.
  • Business data (suppliers): company name, organisation number, and business address.
  • Order data: delivery addresses, order contents, payment method, and order history.
  • Communication data: messages sent between buyers and suppliers on the platform.
  • Technical data: IP address, browser type, and usage logs for security and performance purposes.
  • Vipps login data: if you sign in with Vipps, we receive your name and email from Vipps as part of the OAuth flow.

3. Why we process your data

  • To provide our service: processing orders, managing accounts, and enabling marketplace features (legal basis: contract).
  • To send transactional emails: order confirmations, password resets, and account notifications (legal basis: contract).
  • To verify supplier businesses: using the Brønnøysund Register Centre (Brreg) to validate Norwegian organisation numbers (legal basis: legitimate interest).
  • To comply with legal obligations: retaining records as required by Norwegian law (legal basis: legal obligation).
  • To improve our platform: analysing usage patterns to fix bugs and improve features (legal basis: legitimate interest).

4. Third-party services

We share data with the following third parties where necessary to operate the platform:

  • Resend — transactional email delivery.
  • Vipps — payment and login services.
  • LocalSupply Delivery — last-mile delivery. Your delivery address is used to arrange courier dispatch when a delivery is requested.
  • Vercel — cloud hosting and infrastructure.
  • Neon / PostgreSQL — database hosting.

All third-party processors are contractually bound to process your data only as instructed and in compliance with GDPR.

5. Data retention

We retain your account data for as long as your account is active. Order records are retained for 5 years to comply with Norwegian accounting regulations. You may request deletion of your account at any time from your account settings.

6. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict processing in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Lodge a complaint with Datatilsynet (the Norwegian Data Protection Authority) at datatilsynet.no.

7. Cookies

We use cookies for authentication and session management. See our Cookie Policy for full details.

© 2026 LocalSupply. Cookie Policy · About