Dashboard Privacy Policy
Last updated 13 June 2026
The Torii Dashboard is the self-service interface that Torii ApS (“Torii”, “we”, “us”) offers its customers. It allows you to onboard with Torii, test your integration in a sandbox environment, and configure and manage your products in production, including setting up social logins, reviewing audit logs, and managing your users across both sandbox and production environments. This Privacy Policy describes how we process the personal data of the people who use the Dashboard.
Purpose of processing
We process your personal data on the following bases:
- To provide the Dashboard under our agreement with you: creating your account, authenticating you, controlling access, recovering your account, communicating with you about the service (such as email verification and security notices), and handling invoicing.
- To meet our legal obligations: for example, retaining invoice and accounting records.
- For our legitimate interest in keeping the Dashboard secure: preventing and investigating abuse, and maintaining the audit log of sign-in activity and account actions.
- With your consent, to contact you about our offerings, which you can withdraw at any time.
Cookies
The Dashboard uses two strictly necessary cookies: __client_session, which
keeps you signed in, and __client_session_hint, which lets the Dashboard show
your signed-in state immediately when it loads (it carries no personal data, just
a timestamp). Both last up to 30 days. We use no analytics, advertising, or
tracking cookies, and because strictly necessary cookies are exempt from consent,
the Dashboard shows no cookie banner.
Personal data we collect
- Email address
- First name and last name
- The credentials or social/OAuth identity you sign in with
- Your organisation and company-registration details, used for billing
- Sign-in activity, sessions, and IP address, recorded in an audit log
Retention
Torii keeps your data for as long as you or your organisation uses the Dashboard. When your account is closed, or you request deletion, your personal data is removed within 30 days, except where we must retain records to meet a legal obligation, such as invoices, which the Danish Bookkeeping Act requires us to keep for 5 years from the end of the financial year.
Staff access
Torii staff may sign in to or access your Dashboard account where necessary to provide support or to investigate a problem. Any such access is recorded in the audit log.
Who we share data with, and where
We use a small number of service providers (“sub-processors”) that process personal data on our behalf, under contract and only on our instructions:
| Sub-processor | Service | Personal data processed | Location |
|---|---|---|---|
| Cloudflare, Inc. | Reverse proxy / edge security for the Dashboard | IP address and HTTP request metadata | USA; global edge network |
| Hetzner Online GmbH | Hosting of the Dashboard and database | Dashboard data at rest, and server logs including IP address | Falkenstein, Germany (EU) |
| Fenerum | Subscription billing and invoicing | Organisation and company-registration details, and invoices | Denmark (EU) |
| AhaSend BV | Email delivery (verification, notifications, support) | Email address and the contents of emails we exchange with you | Netherlands (EU) |
We do not sell personal data or share it with third parties for their own marketing.
Our hosting and email delivery are in the EU. Cloudflare is based in the United States, so the data it handles may be transferred outside the EU/EEA. For that transfer we rely on the EU–US Data Privacy Framework, where the provider is certified, or the European Commission’s Standard Contractual Clauses. You can request a copy of the relevant safeguards from privacy@torii.so.
Signing in with a third party
You can sign in to the Dashboard with Google or GitHub. When you do, we receive your email address and name from that provider (not from you) and use them only to create and access your account, nothing more. Your use of Google or GitHub, and their handling of your data, is governed by their own privacy policies.
Your rights
Under the GDPR, you have the following rights over the personal data we hold about you:
- the right to be informed (which is why we publish this policy)
- the right to access the data we hold about you
- the right to have inaccurate data rectified
- the right to have your data erased
- the right to restrict or object to our processing of it
- the right to data portability
- the right to withdraw any consent you have given
To exercise any of these rights, contact us at privacy@torii.so. You may also lodge a complaint with the Danish Data Protection Agency (Datatilsynet, datatilsynet.dk).
Changes to this policy
We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page.