SkyraLogin

Privacy and cookies

Your privacy is important to us, and we are committed to respecting your rights. This privacy policy provides information about how we process personal data, including what personal data we collect, why we process it, and your rights regarding the processing of your personal information.

Skyra AS ("the Service," "the Provider," or "Skyra") is the provider of the website and service. Skyra is a SaaS application. We are registered in Norway under the company Skyra AS, organization number: 831161272.

If you have any questions about privacy, you can contact us at hei@skyra.no

Table of Contents

  1. Privacy for visitors
  2. Privacy for customers
  3. Privacy for survey respondents
  4. Other: Data retention, your rights and changes
  5. GDPR Features in Skyra

1. Privacy for visitors to skyra.no

Information we collect on the website

Piwik Pro

We use Piwik Pro to collect statistics on how the website is used and which pages are visited.

Skyra

If you open or respond to a Skyra survey, we collect your responses in Skyra's dashboard. Our surveys use cookies to function properly.

Forms and email

If you contact us or provide us with your personal information, we store this data to follow up and respond to your inquiries.

Purpose: Why we collect this information

We collect this information to make skyra.no more user-friendly and informative for our customers and potential customers. We store the data you provide us to respond to your inquiries.

2. Privacy for our customers

This section describes how we protect the privacy of customers and their employees who have registered a user account with Skyra.

Information you provide us

When you register your user account, we collect the following information:

  • Name
  • Email address
  • Organization name and your role/position (optional)
  • IP address registration (optional): Customers can choose to register the IP address of their network at the organizational level to prevent surveys from being displayed to employees on this network.

When you contact Skyra employees via email or other communication channels, you provide us with information that we collect and may store to respond to your inquiries.

Survey setup

We store the survey setup as part of the service. This includes questions, responses, settings, and any comments you enter.

Use of cookies and local storage

The service uses cookies to improve the user experience while you are logged into the application.

Subcontractors

The Skyra application is built on the cloud provider Scaleway, with data storage in the EU. Scaleway is the only provider that processes and stores data containing personal information.

Purpose: Why we collect your information

We collect this information to:

  • Deliver the service
  • Manage user accounts and access control
  • Communicate with customers
  • Provide customer support
  • Understand how the service is used

We will also use your email address to send you informational and marketing content, which you can choose to receive when registering your account. You can unsubscribe from newsletters at any time via your profile page when logged into Skyra.

Legal basis for collecting your data

We collect your data to fulfill our contractual obligations to you as a customer of the service. We process only the personal data necessary to provide the service.

If you provide consent for us to process your personal data for specific purposes, we will handle the data in accordance with these purposes and to the extent defined in the consent declaration. You can withdraw your consent at any time with future effect.

3. Privacy for respondents of a Skyra survey

Information we collect

As part of the service, Skyra surveys are conducted on our customers' websites. These surveys collect both responses and device data from participants who choose to respond. The survey does not intend to collect personal data, except when inviting participants to user testing. Responses are submitted continuously as users click "Next" in the survey.

Survey responses

  • Predefined answer choices
  • Free-text comments
  • For user testing recruitment, respondents may be asked for their name, email, and phone number, which are stored in a contact list.

We do not store personal data unless a user voluntarily enters it into a free-text field. Surveys can include a prompt advising users not to enter personal data and will also block certain free-text responses if personal data is detected. If personal data is submitted within a free-text field, it will be deleted in Skyra.

User testing registration

Our surveys may include an invitation to participate in user testing. Those who register are added to a contact list for scheduling user testing when needed.

Privacy related to user testing recruitment is described separately her.

Device data collected from surveys

  1. Browser name and version
  2. Browser user agent string
  3. Operating system
  4. Device type
  5. Pseudonymized IP address (used for geolocation lookup – city-level location of the respondent)
  6. Connection speed (2G, 3G, 4G, 5G)
  7. URL where the response was given

Cookies

Skyra surveys use cookies to ensure a smooth user experience. The purpose is to prevent users who have already submitted a response or chosen not to participate from being invited again. Cookies store whether a user should be re-invited and save this preference with a randomly generated identifier.

The script that runs Skyra surveys requires two cookies for proper functionality.

Cookie 1

  • Name: skyra.state
  • Function: Assigns a random code to the user's device.
  • Purpose: Helps Skyra remember the user and track whether surveys are open, closed, or completed.

Cookie 2

  • Name: skyra<survey-slug>
  • Function: Stores responses as the user submits them. Depending on the survey setup, this is either a session cookie or a cookie that expires within a few hours. The cookie is always deleted when the survey is completed or closed.
  • Purpose: Used by Skyra to display the correct survey card while the user navigates different pages.

These are first-party cookies, meaning they are created using a script running on the website where Skyra is implemented. Both cookies have a lifespan of 365 days and are classified as functional cookies.

Purpose: Why we collect this information

We collect this data as part of our service to provide insights and analysis on how our customers' websites are experienced by end users. We use cookies (local storage) to track your consent status and whether you are currently participating in the survey.

Legal basis

We process your data based on your consent. Consent for Skyra cookies is considered granted in accordance with the privacy policy of the respective website where Skyra is implemented. Consent for user testing registration is given through Skyra’s sign-up form.

When a user visits a website where Skyra is active, the website’s privacy policy applies to all data collected on that website.

Other

Data retention

Personal data will be processed and stored for as long as necessary to fulfill the purpose for which it was collected.

Your rights

You have the right to:

  • Access your data and receive a copy of it.
  • Request correction if your information is incorrect or outdated.
  • Request immediate deletion of your data.
  • Receive information about how we process your data.
  • File a complaint with the Norwegian Data Protection Authority (Datatilsynet) if you believe your rights have been violated.

Changes

If we make changes to this privacy policy, we will publish the updates here on skyra.no.

5. Important features for GDPR in the Skyra Application

Privacy, security, and accessibility

Privacy in surveys and dashboard

  • It is possible to include a prompt in the survey asking users not to enter personal information.
  • Survey settings can be adjusted to block the submission of certain types of personal information such as social security numbers, phone numbers, and email addresses.
  • Text in free-text responses can be masked.
  • All responses given by a respondent can be deleted.
  • Responses can be flagged for further review.
  • Search functionality makes it easy to search through large amounts of responses to check for unwanted words.
  • Surveys can also be set up without free-text fields, using only predefined answer options. This makes it impossible to submit personal information.
  • For user testing recruitment, active consent is required. A link to the customer’s own privacy policy can also be included. The registered data is stored in the customer’s contact list.

Security: Login and data storage

  • Skyra stores data with the French cloud provider Scaleway. The data stored includes responses and data received from surveys, as well as customer user account details (name and email).
  • Skyra encrypts data with Transport Layer Security (TLS level 1.3) during transmission between the survey and the cloud provider.
  • Skyra encrypts data at rest with AES-XTS 256-bit encryption.
  • Skyra uses OAuth2-based login via third parties (e.g., Google Workspace) or an email-based "Magic Link" login flow. Passwords are not stored by Skyra.

Access control

  • Skyra is a platform where the customer can log in themselves. To limit access to different surveys, responses, and settings, customers can set access levels in the following ways:
    • User: A user can be set as view/edit/admin. Admin has access to invite new users.
    • Teams: Teams make it easy to manage a large number of users. A user can be added to one or more teams and will have access to data based on this. Customers choose which team a user belongs to.
  • For security reasons, approved email domains are defined, so customer accounts must have an email address with an approved domain.
  • Employees at Skyra who support customers in using the tool and analyzing data may have access to the customer's Skyra account. All users with access must always be invited and will appear in the list of users.

Accessibility

  • Skyra supports WCAG 2.1 in the surveys displayed on the customer’s website.
  • WCAG 2.1 is not supported in the dashboard used by the customer’s staff.