top of page

Privacy Policy

Last updated: 07.04.2026

1. Introduction

This page describes how users can request deletion of personal data related to BluePaper AS and the BlueSearch service.

BluePaper AS complies with:

  • EU General Data Protection Regulation (GDPR)

  • Personal Data Act

  • Google API Services User Data Policy

This page is published to meet Google OAuth and Google API Services requirements regarding available mechanism for deleting user data.

2. What data can be stored via Google OAuth?

If you have logged in or authorized BlueSearch via Google, we may have access to:

  • Name

  • Email address

  • Google Account ID (sub)

  • Profile picture (if scope is given)

  • Any Google data you have explicitly granted access to (e.g. Drive, if enabled)

BluePaper only stores data that is necessary for:

  • Authentication

  • User management

  • Operation of the service

We do not sell user data and do not use Google data for marketing.

3. How to revoke Google access

You can at any time:

  1. Go to:
    👉 https://myaccount.google.com/permissions

  2. Find BlueSearch or BluePaper in the list

  3. Click “Remove access”

This stops further access to your Google account.

4. How to request deletion of stored data

To have data stored at BluePaper deleted:

Send email to:

📧 thomas@bluepaper.no

Please specify:

  • Full name

  • Email address used for Google login

  • That the request is for deletion of Google OAuth data

We may request identity verification to prevent unauthorized deletion.

5. What is deleted?

If the request is approved, the following will be deleted:

  • User account

  • Google OAuth identifier

  • Associated email address

  • Any tokens stored in our systems

  • Log data associated with the user profile

Data is deleted from active systems and permanently removed within 30 days.

Backup data is overwritten according to the regular backup cycle.

6. Exceptions

We cannot delete:

  • Data we are legally required to retain (Accounting Act)

  • Documentation required to handle legal claims

  • Data that is anonymized

7. Data Processor Situations (B2B)

If you use BlueSearch through a business (employer), the business is the data controller.

In such cases, deletion must also be approved by your organization.

8. Processing time

  • Confirmation will be sent within 7 days

  • Request processed within 30 days

  • In special cases, the deadline may be extended in accordance with the GDPR.

9. Contact information

Data controller:

BluePaper AS
Org. no.: 935 865 247
Bakkehågån 18, 2849 Kapp
Email: thomas@bluepaper.no

bottom of page