Hardmax AS (“we”, “us”) operates websites and software products under the Hardmax brand. This policy explains how we handle personal data across our websites and services.
Who we are
Controller: Hardmax AS, Brinken 19 A, 0654 Oslo, Norway.
Contact: hello@hardmax.no
What we collect today (pre-launch)
As of the date above, we do not process Garmin data and do not offer a public fitness app. Our websites may collect minimal technical data:
- Server logs (IP address, user agent, timestamps)
- Basic analytics/cookies (where applicable)
Future products (layered notices)
When we launch new apps, each app will have an app-specific privacy notice that explains exactly what data is collected, why, and for how long. Users will be asked for explicit consent before any health-related data is processed.
Legal basis
- Website operation & security: legitimate interests (GDPR Art. 6(1)(f))
- Cookies/analytics (if used): consent (Art. 6(1)(a))
Sharing and processors
We do not sell personal data. We may use vetted processors (e.g., hosting, error monitoring, analytics) under data processing agreements. A list of processors is available on request.
International transfers
Where processors are outside the EEA, we use appropriate safeguards (e.g., SCCs) as required by GDPR.
Data retention
- Server logs: typically up to 12 months (for security and troubleshooting)
- Analytics/cookies: per tool-specific retention; configurable via cookie settings
Security
Encryption in transit (TLS), encryption at rest where supported, least-privilege access, and audit logging.
Your rights
You can request access, rectification, deletion, restriction, portability, or object to processing. Contact: hello@hardmax.no. You may also complain to the Norwegian Data Protection Authority (Datatilsynet).
Children
Our websites are not directed to children under 16.
Changes
We will update this policy as our services evolve. Material changes will be highlighted here with a new “Last updated” date.