Privacy Policy

Last updated: 22 January 2026

3RD ApS ("3RD", "we", "us" or "our") respects your privacy and is committed to protecting personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and other applicable data protection legislation.

This Privacy Policy describes how we collect, use, disclose and protect personal data in connection with our SaaS platform and related services (the "Services").

1. Data Controller

3RD ApS

Pilestræde 52A

DK-1112 Copenhagen K

Denmark

CVR: [insert CVR]

Email: info@get3rd.com

2. What Personal Data Do We Collect?

We collect and process the following categories of personal data:

2.1 Account Information

Name, email address, phone number
Company information (company name, business registration number, address)
Job title and role in the organization
Login credentials (encrypted password)

2.2 Payment Information

Billing information (name, address, business registration number)
Payment data is processed by our payment provider Stripe as an independent data controller

2.3 Usage Data

Log data (IP address, browser type, device information)
Interaction data (features used, clicks, navigation)
Performance data (response times, error reports)
Session data (login times, duration)

2.4 Customer Content

Prompts, queries and instructions
Configurations, brands, markets and settings
Feeds, data and other input to the Services
Output generated through the Services

2.5 Communications

Support requests and correspondence
Feedback, suggestions and reviews
Marketing communications (if you have given consent)

3. How Do We Collect Personal Data?

We collect personal data through:

Directly from you: When you create an account, fill out forms, contact support or use the Services
Automatically: Through cookies, log files and similar technologies when you access the Services
From third parties: From payment providers, authentication services (SSO) or other integrated services

4. Purposes and Legal Basis for Processing

We process personal data for the following purposes:

4.1 Provision of Services

Purpose: Operation, maintenance and delivery of the Services
Legal basis: Performance of contract (GDPR Art. 6(1)(b))

4.2 Payment Processing

Purpose: Billing, payment processing and accounting
Legal basis: Performance of contract (GDPR Art. 6(1)(b))

4.3 Support and Communication

Purpose: Responding to inquiries, providing technical support and customer service
Legal basis: Performance of contract (GDPR Art. 6(1)(b)) and legitimate interest (GDPR Art. 6(1)(f))

4.4 Product Development and Improvement

Purpose: Analysis of usage data, debugging, optimization and development of new features
Legal basis: Legitimate interest (GDPR Art. 6(1)(f))

4.5 Security and Abuse Prevention

Purpose: Security monitoring, prevention of abuse, fraud detection
Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) and legal obligation (GDPR Art. 6(1)(c))

4.6 Marketing

Purpose: Sending newsletters, product updates and marketing materials
Legal basis: Consent (GDPR Art. 6(1)(a)) – can be withdrawn at any time

4.7 Legal Compliance

Purpose: Compliance with legal requirements, accounting rules and government requests
Legal basis: Legal obligation (GDPR Art. 6(1)(c))

5. Disclosure of Personal Data

We only disclose personal data in the following situations:

5.1 Sub-processors

We use reliable third-party providers to deliver the Services:

Cloud hosting: AWS, Google Cloud Platform (EU regions)
AI/LLM providers: OpenAI, Anthropic, Google (process Customer Content to generate Output)
Payment processing: Stripe (independent data controller)
Analytics and monitoring: Tools for system monitoring and debugging
Support tools: Customer support and helpdesk systems

An updated list of sub-processors is available at:

https://trust.get3rd.com/subprocessors

5.2 Legal Requirements

We may disclose information if required by law, court order or government request.

5.3 Business Transfers

In the event of a merger, acquisition or sale of assets, personal data may be transferred as part of the transaction.

5.4 Consent

We may disclose information with your explicit consent.

6. International Transfers

Personal data may be transferred to and processed in countries outside the EU/EEA, including the USA, when we use third-party LLMs.

We ensure appropriate safeguards through:

EU Commission Standard Contractual Clauses (SCC)
Adequacy decisions
Other GDPR-approved transfer mechanisms

7. Retention of Personal Data

We retain personal data only as long as necessary:

Account information: Retained while your account is active
Customer Content: Retained during subscription period + 30 days after termination
Billing information: 5 years after transaction date (accounting law)
Support requests: 2 years after closure
Marketing data: Until consent is withdrawn or data is outdated
Log and security data: 12 months

After expiration of retention periods, personal data is deleted or anonymized.

8. Your Rights

Under GDPR, you have the following rights:

8.1 Right of Access (Art. 15)

You can request a copy of the personal data we process about you.

8.2 Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete information.

8.3 Right to Erasure (Art. 17)

You can request deletion of your personal data (the "right to be forgotten").

8.4 Right to Restriction (Art. 18)

You can request restriction of processing in certain situations.

8.5 Right to Data Portability (Art. 20)

You can request to receive your data in a structured, machine-readable format.

8.6 Right to Object (Art. 21)

You can object to processing based on legitimate interest.

8.7 Right to Withdraw Consent

You can withdraw consent at any time for marketing communications.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Danish Data Protection Agency:

Datatilsynet

Carl Jacobsens Vej 35

2500 Valby

Denmark

Email: dt@datatilsynet.dk

To exercise your rights, contact us at:

info@get3rd.com

9. Security

We implement technical and organizational security measures to protect personal data:

Encryption in transit (TLS/SSL)
Access control and authentication
Regular security monitoring
Employee training in data protection
Incident response procedures
Regular security reviews

No method of transmission or electronic storage is 100% secure. We strive to use commercially acceptable means to protect your personal data.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Necessary cookies: For login, session management and basic functionality
Functional cookies: To remember preferences and settings
Analytical cookies: To analyze usage and improve the Services
Marketing cookies: For targeted marketing (only with consent)

You can manage cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Services.

Read more in our Cookie Policy: https://trust.get3rd.com/cookies

11. Children's Privacy

The Services are not directed at persons under 18 years of age. We do not knowingly collect personal data from children. If you are under 18, you must not use the Services or provide us with personal data.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or through the Services at least 30 days before taking effect.

The latest version is always available at:

https://trust.get3rd.com/privacy

By continuing to use the Services after changes take effect, you accept the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our processing of personal data, please contact us:

3RD ApS

Pilestræde 52A

DK-1112 Copenhagen K

Denmark

Email: info@get3rd.com

*This Privacy Policy is part of 3RD's legal framework. For additional information, see:*

Terms and Conditions: https://trust.get3rd.com/terms
Data Processing Agreement: https://trust.get3rd.com/dpa
AI Policy: https://trust.get3rd.com/ai