Privacy Policy

SomebodyMakeIt AS

Effective Date: March 26, 2026

Last Updated: March 26, 2026

About This Policy

This Privacy Policy explains how SomebodyMakeIt AS handles personal data when you visit or use somebodymakeit.com and related services, software, project spaces, communications, and payment-related workflows (the "Platform").

We are a Norwegian company and process personal data in line with applicable privacy law, including the GDPR and Norwegian data protection rules where they apply.

1. Data Controller

SomebodyMakeIt AS
Organization number: 935 454 492
Address: Carl Sørums vei 3, 3085 Holmestrand, Norway
Privacy contact: privacy@somebodymakeit.com
Support contact: support@somebodymakeit.com

2. Scope of This Policy

This Policy applies to personal data we process about users, visitors, customers, makers, buyers, company representatives, and other individuals who interact with the Platform.

The Platform is intended for adults and professional or business use. It is not directed to children.

3. Personal Data We Collect

The personal data we collect depends on how you use the Platform. We may collect:

• Please do not upload sensitive personal data or other information that is not necessary for the relevant Platform purpose unless you have a clear lawful basis and appropriate safeguards for doing so.

4. How We Use Personal Data

We may use personal data to:

• create and manage accounts, authenticate users, and provide Platform functionality;
• help users discover each other, communicate, collaborate, and manage project workflows;
• enable billing, payments, payouts, refunds, reversals, fraud prevention, verification, and related financial operations through us and our providers;
• provide customer support, respond to inquiries, and troubleshoot technical issues;
• secure the Platform, detect misuse, investigate incidents, enforce our Terms, and protect users, third parties, and SomebodyMakeIt;
• analyze usage, understand product adoption, improve the Platform, and develop new features and services;
• analyze how users move from open call, sourcing, prototyping, approvals, and production through delivery in order to improve workflows, matching, and related tools;
• develop, test, train, tune, evaluate, and improve analytics, ranking, search, recommendation, automation, matching, moderation, fraud-prevention, and AI-assisted features or systems used in connection with the Platform and related services;
• create aggregated, statistical, benchmarking, anonymized, and de-identified information and insights;
• comply with legal, accounting, tax, regulatory, contractual, security, and enforcement obligations; and
• communicate with you about your account, projects, support requests, policy updates, service messages, and, where permitted, marketing or product updates.

5. Legal Bases for Processing

Where the GDPR or similar rules apply, we rely on one or more of the following legal bases:

• Where we rely on legitimate interests, we consider the impact on individuals and apply safeguards we consider appropriate in the circumstances.

6. Data Sharing

We do not sell your personal data. We may share personal data where necessary with:

7. International Transfers

Some of our service providers may process personal data outside Norway or the EEA. When that happens, we use a lawful transfer mechanism where required, such as an adequacy decision, standard contractual clauses, the Data Privacy Framework where applicable, or another safeguard recognized by applicable law.

8. Retention

We keep personal data for as long as it is reasonably needed for the purposes described in this Policy, including to operate the Platform, maintain security, improve services, resolve disputes, and comply with legal obligations.

Examples include:

• account and project data, generally while your account is active and for a reasonable period afterwards;
• transaction, payout, invoice, bookkeeping, tax, and related records, which may be retained for at least 5 years after the end of the relevant accounting year where required by law, and sometimes longer where required or justified by legal, audit, dispute, or enforcement needs;
• logs, analytics, backups, and technical records, which may be retained for shorter or longer periods depending on operational, security, legal, and product needs; and
• anonymized, aggregated, benchmark, and de-identified information, which may be retained indefinitely.

9. Cookies and Similar Technologies

We use cookies and similar technologies to operate the Platform, remember settings, maintain security, understand usage, and improve the service.

Some cookies and similar technologies may be strictly necessary for core site or account functionality. Others, including analytics or similar technologies, may be optional and subject to consent requirements under applicable law.

Where required by law, we will ask for your consent before using non-essential cookies or similar technologies and will provide a way to withdraw or manage that consent.

Your browser settings may let you block or remove some cookies, but browser settings are not always a substitute for legally required consent controls, and blocking certain technologies may affect how the Platform works.

10. AI, Analytics, and Automated Processing

We may use automated tools to assist with ranking, matching, search, recommendations, workflow suggestions, fraud detection, moderation, support, analytics, and related Platform operations.

We may use personal data and other Platform data to develop, test, train, tune, evaluate, and improve analytics, automation, AI-assisted features, and related systems where we have a lawful basis and subject to applicable law.

We may also create aggregated, anonymized, benchmark, and de-identified datasets, outputs, and insights derived from Platform usage and project activity and use them for lawful business purposes.

We do not rely on solely automated decisions that produce legal or similarly significant effects on you unless we specifically tell you, provide any required information or rights, and have a lawful basis for doing so.

11. Security

We use reasonable technical and organizational measures intended to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure.

No system is completely secure, and we cannot guarantee absolute security or uninterrupted availability.

If we become aware of a personal data breach that we are legally required to notify about, we will notify the relevant authority and affected individuals in accordance with applicable law.

12. Your Rights

Depending on where you are located and the law that applies, you may have the right to request:

• access to your personal data;
• correction of inaccurate personal data;
• deletion of personal data;
• restriction of processing;
• objection to certain processing, including certain processing based on legitimate interests;
• data portability;
• withdrawal of consent where processing is based on consent; and
• review of certain automated decisions, where applicable.

13. Children

The Platform is intended for adults and professional users. We do not knowingly target children or permit persons under 18 to create accounts. If we become aware that we have collected personal data from a child in a way that is not lawful, we will take appropriate steps to delete or restrict that data.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice in a reasonable way before the changes take effect, unless immediate changes are required for legal, security, or operational reasons.

15. Contact

Questions about this Privacy Policy or requests relating to personal data can be sent to:

SomebodyMakeIt AS
Carl Sørums vei 3
3085 Holmestrand
Norway

Privacy: privacy@somebodymakeit.com
Support: support@somebodymakeit.com

This Policy should be read together with our Terms of Service.