Privacy policy

Effective date: May 25th, 2018

This Privacy Policy describes how we collect, use and disclose personal data, and what choices you have with respect to your data.

By using “we”, “our” and “us” in this context, we refer to the entity EdTech Foundry AS, the Norwegian company with registration number NO998716454 (the “Company”), that operates the Differ Services and acts as the controller or processor of your data as explained in more detail below.

Applicability of this privacy policy

This Privacy Policy applies to the Company’s online tools and platforms, including the associated Differ mobile and desktop applications (collectively, the “Services”), and other Company websites (collectively, the “Websites”) and other interactions (e.g., customer service inquiries etc.) you may have with the Company. If you do not agree with the terms, do not access or use the Services, Websites or any other aspect of the Company’s business.

This Privacy Policy does not apply to any third party applications or software that integrate with the Services (“Third Party Services”), or any other third party products, services or businesses.

Why we process Data

We collect and process personal data in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, we process data to provide, update, maintain, protect and improve our Services, Websites and business. This includes use of personal data to:

If data is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Company may use it for any business purpose. To the extent data is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

The Personal Data we collect and receive

Company may collect and receive different categories of Personal Data in a variety of ways (collectively, the “Data”)

Account Details. To create or update your account, you or your institution (e.g., your university or employer) supply Company with data such as phone number, email address, password, profile photo and/or similar account details. In addition, Customers that purchase a paid version of the Services provide Company (or its payment processors) with billing details such as credit card information, banking information and/or a billing address.

User content. When using the Services, you may create/enter/upload data such as text messages, photos, files, links, voice recordings, video calls, conversations, communities and/or other user generated content, and share this with other users of the Services, and/or publicly online.

Usage data. When using the Services, the Services logs activities such as user sessions, navigation, messages sent, files uploaded, conversations created, communities created and/or similar log data. In relation to this activity, the Services may also store and process metadata such as date and time, Internet Protocol (IP) address, browser information, device information, location information and/or similar.

Cookie information. We may use cookies and similar technologies in our Websites and Services that help us collect Data. See our cookie policy for more information.

Third party data. You or the admins of your conversations, communities and institutions may choose to permit or restrict Third Party Services for your accounts, conversations, communities, institutions or similar. Typically, Third Party Services are software that integrate with our Services. Once enabled, Company is authorized to connect and access Data made available by the Third Party Service to facilitate the integration.

Contact Information. In accordance with the consent process provided by your device, any contact information that you choose to import (such as an address book from a device) is collected when using the Services.

Additional Information provided to Company. We may receive Data when submitted to our Websites or if you participate in user research, contests, events, apply for a job, request support, interact with our social media accounts or otherwise communicate with Company.

Generally, no one is under a statutory or contractual obligation to provide any Data. However, certain Data is collected automatically and, if some Data, such as account details, is not provided, we may be unable to provide the Services.

How we share and disclose your Data

Company may share or disclose Personal Data in the following ways:

Displaying the Services. When a user submits Data, it may be displayed to other users in the same or connected conversations, communities or institutions. For example, a user’s name and profile photo may be displayed within their user profile to other users.

Sharing with other users. The Services provide different ways for users to communicate and collaborate with other users, in example by sharing info, writing messages, uploading files or similar. In doing so, you grant us the right to share this data with the other users who have access to these direct messages, group chats and communities, institutions or similar. This includes the ability of other users to export conversation logs that both you and they are part of.

Sharing with your institution. If you are member of conversations, communities or institutions owned or managed by an organization you are affiliated with, Data may be shared with this organization. This may include, for example, universities accessing Data about their students, or employers accessing Data about their employees.

Admin access. Users with special access rights, such as community owners, administrators, teachers, or representatives of your institution, may be able to access, modify or restrict access to data within the conversations, communities and institutions where they have these rights. This may include, for example, community owners exporting logs of community activity, or your teachers accessing user metrics and analytics within their communities.

Public access. The Services provide different ways for users to allow new users to join their conversations, communities and institutions. In doing so, data associated with these conversations, communities and institutions may be made publicly available on the Internet. This may include, for example, a community owner sharing an join-link to their community, that leads to a webpage that publicly displays the name and purpose of the community, and a list of its members.

Third Party Sub-Processors. We may engage third party companies or individuals as service providers or business partners to process Data on our behalf. These third parties may, for example, provide virtual computing and storage services. Additional information about the sub-processors we use to support delivery of our Services is set forth at at

Third Party Services. You or the admins of your conversations, communities and institutions may choose to permit or restrict Third Party Services for your accounts, conversations, communities, institutions or similar. When enabled, Company may share Data with these Third Party Services. Third Party Services are not owned or controlled by Company and they may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.

During a Change to Company’s Business. If Company engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Company’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Data may be shared or transferred, subject to standard confidentiality arrangements.

Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Data for any purpose. For example, we may share aggregated or de-identified Data with prospects or partners for business or research purposes, such as telling a prospective customer the average amount of users participating within a typical community.

To Comply with Laws. If we receive a request for information, we may disclose Data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.

To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Company or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.

Other sharing with Consent. Company may share or disclose your Data in other ways and/or with other parties than described in our Privacy Policy, if prior consent for this sharing has been given by you.

Data retention

If no other Data retention is defined within the Services for your account, conversations and communities, or by a Customer Agreement governing your access to the Services, Company will retain your Data as long as your account exists within our Services, and as required by applicable law. This may include keeping your Data after you have deactivated your account for the period of time needed for Company to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements. The deletion of your account will result in the deletion and/or de-identification of your Data within reasonable time.


We take security of data very seriously. Company works hard to protect your Data from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Data we collect, process and store, and the current state of technology. More info about how we work with data security may be found at Given the nature of communications and information processing technology, Differ cannot guarantee that Data, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.

Your rights

Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Data in human readable and machine readable formats, as well as to seek to update, correct, delete, or restrict the processing of this Data. You may also withdraw consent to process your Data at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You can usually exercise these rights using the settings and tools provided in your Services account. If you cannot use the settings and tools, contact Support inside the Services or at  for assistance.

Age limitations

To the extent prohibited by applicable law, Company does not allow use of our Services and Websites by anyone younger than 16 years old. If you are younger than 16 years old, do not access or use the Services, Websites or any other aspect of the Company’s business. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will takes steps to delete such information.

Automated decision-making or profiling

Company may use automated decision-making, including profiling, in the delivery of our Services in order to improve your user experience. This may include, for example, automatically initiating conversations between you and chatbots and/or other users, based on your previous activity, and/or the activity of other users in the Services.

International data transfers

Company’s data processing is governed by Norwegian law, and by Norway’s membership in the EEA, applicable EU Directives and Regulations. Company may transfer your Data to countries other than the one in which you live. We deploy the following safeguards if Company transfers Data originating from the European Economic Area or Switzerland to other countries not deemed adequate under applicable data protection law:

E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. When transferring Data to sub-processors in the US, we may do so to sub-processors self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. To learn more about the Privacy Shield Program, please see

European Union Model Clauses. In the absence of, or in addition to, the E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield, Company may enter into European Union Model Clauses, also known as Standard Contractual Clauses, with sub-processors to meet the adequacy and security requirements for users and Customers in the European Union, and other international transfers of Customer Data. For more info about the European Union Model Clauses, please see the European Commission’s data protection website.  ur previous activity, and/or the activity of other users in the Services.

Data protection authority

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority or the Norwegian Data Protection Authorities, which is Company’s lead supervisory authority in the European Economic Area:

The Norwegian Data Protection AuthoritiesVisitor
address: Tollbugata 3, 0152 Oslo, Norway
Postal address: P.O. Box 8177 Dep., 0152 Oslo, Norway
Web address:
Email address:
Telephone: +47 22 39 69 00

Contacting us

Please feel free to contact us if you have any questions about this Privacy Policy or our practices, or if you are seeking to exercise any of your statutory rights. You may contact us at:

Company name: EdTech Foundry AS
Visitor address: Nydalsveien 37, 0484 Oslo, Norway
Postal address: Hoffsveien 6a, 0275 Oslo, Norway
Email address: