Legal
Terms and conditions
Native AS ("Company," "Native," "we," "us," or "our") is a Norwegian limited company registered with company number 930 324 787, business address Behrens' gate 5, 0257 Oslo, Norway, and registered with the Norwegian Register of Business Enterprises and the VAT Register.
Our website https://native.no (the "Site") and any related products or services that link to these terms ("Terms") are collectively referred to as the "Services."
Native is a subscription-based software-as-a-service (SaaS) platform that uses artificial intelligence to help businesses produce, schedule, and publish content on social media, and to analyze performance. By using the Services, you agree to these Terms and to our Privacy Policy, which describes how we collect, use, and protect your data.
You can contact us at hei@native.no or via native.no/en/contact.
These Terms constitute a legally binding agreement between you (either personally or on behalf of a legal entity) and Native AS regarding your access to and use of the Services. By accessing the Services, you confirm that you have read, understood, and agreed to be bound by all these Terms. IF YOU DO NOT AGREE WITH ALL OF THESE TERMS, YOU ARE EXPRESSLY PROHIBITED FROM USING THE SERVICES AND MUST DISCONTINUE USE IMMEDIATELY.
We will notify you of planned changes to the Services in advance. Modified Terms become effective when posted or when you are notified by email from hei@native.no, as indicated in the message. By continuing to use the Services after the effective date of any changes, you agree to be bound by the modified terms.
The Services are intended for business users (B2B). Consumers as defined by law are not the target audience, and you confirm that the agreement is entered into as part of business activity. Users must be at least 18 years old to register and manage an account.
TABLE OF CONTENTS
Our services
Intellectual property rights
User representations
User registration and account security
AI-generated content
Purchases and payment
Cancellation and renewal
Prohibited activities
User generated contributions
Contribution license
Guidelines for reviews
Connection to social media
Canva integration
Third-party websites and content
Services management
Privacy and data processing (DPA)
Subprocessors
Technical and organizational security measures
Copyright infringements
Term and termination
Modifications and interruptions
Governing law
Dispute resolution
Corrections
Disclaimer
Limitations of liability
Indemnification
User data
Electronic communications, transactions, and signatures
Miscellaneous
Contact us
1. Our services
The Services consist of a SaaS platform that uses artificial intelligence to produce, schedule, publish, and analyze content on social media on behalf of the Customer, along with related functionality. Native grants the Customer a non-exclusive, non-transferable, revocable right to use the Services during the subscription period, for the Customer's internal business purposes.
The information provided through the Services is not intended for distribution or use by any individual or entity in any jurisdiction or country where such distribution or use would violate the law or regulation, or subject us to any registration requirement within such jurisdiction or country. Those who choose to access the Services from other locations do so on their own initiative and are solely responsible for compliance with local laws.
The Services are provided "as is" and "as available." We work toward high uptime, but we make no guarantee of uninterrupted or error-free operation. Planned maintenance is communicated when possible.
We may change, update, or develop functionality in the Services. Material changes that affect the Customer's use will be communicated by email or in the application within reasonable time in advance.
2. Intellectual property rights
2.1 Our rights
We own or have a license to all intellectual property rights in the Services, including all source code, databases, functionality, software, designs, audio, video, text, photographs, and graphics in the Services (collectively the "Content"), as well as the trademark "Native," service marks, and logos (collectively the "Marks"). The Content and Marks are protected by copyright, trademark, and other applicable intellectual property laws in Norway and internationally.
2.2 License to use
Subject to your compliance with the Terms, we grant you a non-exclusive, non-transferable, revocable license to:
access the Services,
download or print portions of the Content to which you have valid access, and
share and publish Content produced through the Services on social media platforms in accordance with the Terms and the platforms' own guidelines.
Except as expressly provided here, no part of the Services, the Content, or the Marks may be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or commercially exploited without our express prior written consent.
For other uses, contact hei@native.no.
2.3 AI-generated content
Content generated by AI through the Services ("AI Content") is not in itself protected by copyright under Norwegian law. Native does not assert ownership of AI Content generated specifically for the Customer through the Services. The Customer is free to use approved AI Content for its own marketing in accordance with the Terms. The Customer's obligations under Section 5 apply regardless.
2.4 Feedback
Feedback, suggestions, and ideas that the Customer voluntarily sends to Native ("Feedback") may be freely used by Native to develop the Services without compensation or acknowledgment. You hereby assign any intellectual property rights in Feedback to us.
2.5 Breach
A breach of these rights constitutes a material breach of the Terms, and your right to use the Services may terminate immediately.
3. User representations
By using the Services, you represent and warrant that:
all registration information you submit is true, accurate, current, and complete,
you will maintain the accuracy of such information and update it as necessary,
you have legal capacity and agree to comply with the Terms,
you are at least 18 years old,
you have the necessary authority to bind the entity you represent,
you will not access the Services through automated or non-human means (bot, script, or similar),
you will not use the Services for any illegal or unauthorized purpose, and
your use of the Services will not violate any applicable law or regulation.
If you provide information that is untrue, inaccurate, outdated, or incomplete, we may suspend or terminate your account and refuse all current or future use of the Services.
4. User registration and account security
Use of the Services requires registration of an account. You shall provide accurate and current information and keep your login credentials confidential. You are responsible for all activity on your account, including actions taken by employees, contractors, and others to whom you grant access.
Suspected unauthorized access shall be reported to hei@native.no without undue delay.
We reserve the right to remove, reclaim, or change a username you select if we determine, in our sole discretion, that the username is inappropriate, obscene, or otherwise objectionable.
5. AI-generated content
5.1 Use of AI
The Services use large language and image models from third parties to generate text, images, and other content ("AI Content"). The current list of AI providers that process personal data on behalf of the Customer is set out in Section 17. Native does not train its own models on Customer data, and our AI providers are contractually prohibited from using Customer content for training.
5.2 The Customer has the final say
All AI Content must be reviewed and approved by the Customer before publication. By approving content for publication, the Customer confirms that the content has been reviewed, that the Customer has the necessary rights, and that the content can be published on the Customer's behalf.
5.3 No warranty
AI Content may contain errors, inaccuracies, outdated information, or unintended similarities to existing works, trademarks, or persons. Native makes no warranty that AI Content is accurate, original, or free from third-party rights, and disclaims liability for content approved and published by the Customer.
5.4 Prohibited AI Content
The Customer shall not use the Services to generate or publish content that:
depicts identifiable persons (including celebrities, politicians, employees of others, or other private individuals) without valid consent, in violation of applicable right-of-publicity laws and Norwegian Copyright Act § 104 on the right to one's own image,
imitates another person's voice, face, signature style, or personality (deepfakes or likeness misuse),
infringes third-party copyright, trademarks, design rights, or other intellectual property rights,
is misleading or capable of unduly influencing demand,
constitutes hidden advertising or otherwise breaches advertising laws requiring identifiable marketing,
contains illegal, hateful, discriminatory, harassing, pornographic, violent, defamatory, or misleading material, or
violates the guidelines of the relevant social media platform.
For US Customers, this includes prohibitions under New York Civil Rights Law §§ 50–51, California Civil Code § 3344, the Tennessee ELVIS Act 2024, and other applicable state right-of-publicity laws.
For EU/EEA Customers, this also includes obligations under the Norwegian Marketing Control Act §§ 7, 8, and 26 and equivalent EU consumer protection laws.
5.5 Labeling of AI Content
When content is generated in a way that requires disclosure that it is AI-generated (for example under EU AI Act Article 50, US state AI disclosure laws, or platform rules), the Customer is responsible for providing such labeling at the time of publication. Native will, to a reasonable extent, facilitate this in the user interface.
5.6 No automated decisions
We do not use AI to make decisions with legal effect or similarly significant impact on individuals (GDPR Article 22; equivalent provisions under US state law).
6. Purchases and payment
6.1 Payment method
We accept payment via Stripe. By using Stripe, you agree to Stripe's terms, available at stripe.com/en-no/legal/ssa.
6.2 Prices and taxes
All prices are quoted exclusive of value-added tax (VAT) and other applicable taxes unless clearly stated otherwise. Sales tax or other duties will be added where required. All payments are made in the currency displayed at checkout.
6.3 Advance payment and renewal
The subscription is invoiced monthly or annually in advance as specified in the order. You authorize us to charge your payment method on a recurring basis without requiring further approval for each charge, until you cancel.
6.4 Accurate information
You agree to provide accurate, complete, and current purchase and account information, and to keep your payment method up to date.
6.5 Price changes
We may change prices. Price changes for ongoing subscriptions are notified at least 30 days before they take effect and apply from the next renewal period. If you do not accept the price change, you may cancel before the new prices take effect.
6.6 Failure to pay
In the event of non-payment, we may send reminders and charge late-payment interest under applicable law, and we may temporarily block or terminate access.
6.7 Orders and limitations
We reserve the right to correct pricing errors, refuse orders, or limit quantities per customer, household, or order, in our sole discretion.
7. Cancellation and renewal
You may cancel your subscription at any time by logging into your account. Cancellation takes effect at the end of the current paid period. No refund is provided for the current period.
If you are unsatisfied with the Services, please email hei@native.no or use the contact form at native.no/en/contact.
The subscription renews automatically for a new equivalent period unless you cancel before the end of the current period.
8. Prohibited activities
You may not use the Services for any purpose other than what we make available. The Services may not be used for any commercial endeavors except those specifically endorsed or approved by us.
As a user of the Services, you agree not to:
systematically retrieve data or content from the Services to create or compile a collection, database, or directory without our written permission,
trick, defraud, or mislead us or other users, particularly in any attempt to obtain sensitive account information,
circumvent, disable, or interfere with security features of the Services,
disparage or otherwise harm us or the Services,
use information from the Services to harass, abuse, or harm others,
misuse our support services or submit false reports of abuse or misconduct,
use the Services in violation of applicable laws or regulations,
engage in unauthorized framing of or linking to the Services,
upload or transmit viruses, Trojan horses, or other harmful material, including spam,
engage in any automated use of the system, such as scripting, data mining, robots, or similar tools,
delete copyright or other proprietary rights notices from the Content,
attempt to impersonate another user or person,
interfere with, disrupt, or create an undue burden on the Services or connected networks,
harass, annoy, intimidate, or threaten our employees or representatives,
attempt to bypass measures designed to limit access to the Services,
copy or adapt the software code in the Services,
decompile, disassemble, or reverse-engineer the software (beyond what is permitted by mandatory law),
use the Services to train competing AI models or develop competing services, or
resell access to the Services without written consent from Native.
Violations may result in immediate suspension or termination of the account, as well as liability for damages.
9. User generated contributions
The Services may give you the opportunity to create, submit, post, or distribute content through the Services, including text, video, audio, photographs, graphics, comments, suggestions, AI Content, or other material (collectively "Contributions"). Contributions may be visible to other users and through third-party websites. Contributions you publish publicly may be treated as non-confidential and non-proprietary.
When you create or make Contributions available, you represent and warrant that:
the creation, distribution, transmission, public display, or performance of the Contributions does not and will not infringe third-party rights, including copyright, patent, trademark, trade secret, or moral rights,
you are the creator and owner of, or have the necessary licenses, rights, consents, and permissions to use the Contributions,
you have written consent from each identifiable individual depicted in the Contributions to use their name or likeness,
the Contributions are not false, inaccurate, or misleading,
the Contributions do not constitute unsolicited or unauthorized advertising, pyramid schemes, chain letters, spam, or other forms of solicitation,
the Contributions are not obscene, violent, harassing, defamatory, or otherwise objectionable,
the Contributions do not ridicule or abuse anyone,
the Contributions are not used to harass or threaten others or to promote violence against specific persons or groups,
the Contributions do not violate any applicable law, regulation, or rule,
the Contributions do not violate the privacy or right of publicity of any third party,
the Contributions do not violate laws protecting children or minors' health and well-being,
the Contributions do not contain offensive comments related to ethnicity, national origin, gender, sexual orientation, or disability,
the Contributions do not otherwise violate the Terms or applicable law.
Violations may result in termination or suspension of your access.
10. Contribution license
You retain ownership of all your Contributions and any intellectual property rights associated with them. Native does not assert ownership over your Contributions.
By posting Contributions to the Services, you grant Native a non-exclusive, royalty-free, worldwide license to use, store, copy, process, display, perform, translate, and transmit your Contributions to the extent necessary to:
deliver, operate, secure, and improve the Services,
send relevant portions of the content to our AI providers for content generation at your request, and
publish content you have approved on your connected social media accounts.
The license terminates when you delete the Contributions from the Services, except for backups and logs retained in accordance with our retention policy.
We reserve the right, in our sole discretion, to (1) edit or modify Contributions, (2) recategorize Contributions to place them in more appropriate locations within the Services, and (3) pre-screen or delete Contributions at any time without notice. We have no obligation to monitor your Contributions.
In providing the Services, we may use third-party AI solutions to process your Contributions. Such processing is carried out in accordance with our data processor obligations under GDPR (see Section 16) and our contractual prohibitions on use of Contributions for AI training by our subprocessors.
11. Guidelines for reviews
We may provide areas in the Services where you can leave reviews or ratings. When posting a review, you must comply with the following criteria:
you should have firsthand experience with the person or entity being reviewed,
reviews should not contain offensive language, profanity, or racist, abusive, or hateful expressions,
reviews should not contain discriminatory references based on religion, ethnicity, gender, national origin, age, marital status, sexual orientation, or disability,
reviews should not refer to illegal activities,
you should not be affiliated with competitors when posting negative reviews,
you should not draw conclusions about the legality of others' conduct, and
you should not make false or misleading statements.
We may accept, reject, or remove reviews at our discretion. We have no obligation to screen or delete reviews. Reviews do not represent our views or those of our affiliates or partners.
By posting a review, you grant us a perpetual, non-exclusive, worldwide, royalty-free license to reproduce, modify, translate, transmit, display, perform, and distribute the content of the review.
12. Connection to social media
12.1 Connection to third-party accounts
The Services allow you to connect your account to third-party services (each a "Third-Party Account") by (1) submitting login credentials or (2) granting us access to the Third-Party Account in accordance with the terms governing that account.
You confirm that sharing login credentials with us or granting us access to the Third-Party Account does not violate the terms of the relevant account and does not require us to pay fees or comply with usage limitations imposed by the third-party provider.
12.2 Use of data from Third-Party Accounts
By granting us access to Third-Party Accounts, you accept that:
we may access, make available, and store content from the Third-Party Account ("Social Network Content") through the Services, and
we may send and receive additional information from the Third-Party Account when it is connected to the Services.
Personally identifiable information posted on your Third-Party Accounts may be available in the Services depending on which accounts you connect and your privacy settings.
12.3 Limitations and Google user data
Data obtained via Google APIs is processed in accordance with Google's Limited Use Requirements. Such data is used solely to deliver the functionality the Customer has requested, and is not used for AI training, advertising, or other secondary purposes, and is not shared with third parties except where necessary to deliver the Services or required by law.
12.4 Your relationship with third-party providers
YOUR RELATIONSHIP WITH THIRD-PARTY PROVIDERS IS GOVERNED SOLELY BY YOUR AGREEMENTS WITH THEM. We do not review Social Network Content for accuracy, legality, or non-infringement, and are not responsible for such content.
12.5 Disconnection
You can disconnect the connection between the Services and your Third-Party Accounts at any time in your account settings. We will attempt to delete information obtained from the Third-Party Account stored on our servers, except for the username and profile picture associated with your account.
We use social media functionality provided by Ayrshare as a subprocessor.
12.6 Platform changes
Native is not responsible for changes, downtime, suspension, or policy changes by third-party platforms that affect the functionality of the Services.
13. Canva integration
The Services integrate with Canva, allowing you to import your Canva designs into Native for scheduling and publishing to your connected social media platforms.
13.1 Compliance with Canva's policies
When using Canva-connected features, you agree to comply with:
Violation of Canva's policies may result in suspension or termination of access to Canva-connected features and/or your Native account.
13.2 Usage limitations
Designs imported from Canva are available for scheduling and publishing to social media only. Canva-imported content cannot be opened or modified in Native's design editor. To edit Canva designs, please use Canva directly.
13.3 Your responsibilities
By importing Canva designs into Native, you confirm that:
you have the necessary rights to use and publish the imported content,
your use of Canva content remains subject to Canva's Content License Agreement, and
you accept responsibility for complying with any usage restrictions on licensed Canva content (such as Pro elements or licensed media).
13.4 Intellectual property
We do not claim ownership of any designs you import from Canva. You are solely responsible for ensuring your use of imported Canva content complies with all applicable license terms.
13.5 Service availability
Canva-connected features depend on the availability of Canva's platform and APIs. We are not liable for any unavailability, changes, or discontinuation of Canva's services that may affect your ability to import content into Native.
14. Third-party websites and content
The Services may include (or you may be directed to) links to other websites ("Third-Party Websites") and content from third parties ("Third-Party Content"). We do not investigate, monitor, or verify the accuracy, appropriateness, or completeness of Third-Party Websites or Third-Party Content. We are not responsible for such websites or content.
Inclusion, linking, or permission to use Third-Party Websites or Third-Party Content does not imply our approval or endorsement. Access to Third-Party Websites is at your own risk, and our Terms no longer apply.
Purchases made through Third-Party Websites are between you and the relevant third party, for which we hold no responsibility. You agree to hold us harmless from any harm caused by your purchase of such products or services, as well as any losses or harm resulting from Third-Party Content or contact with Third-Party Websites.
15. Services management
We reserve the right, but have no obligation, to:
monitor the Services for breaches of the Terms,
take appropriate legal action against anyone who, in our sole discretion, violates the law or the Terms, including reporting such users to the authorities,
in our sole discretion, refuse, restrict access to, limit availability, or disable Contributions or portions thereof,
remove from the Services or otherwise disable files and content that are excessively large or otherwise burdensome to our systems, and
manage the Services in a manner that protects our rights and property and ensures the Services function properly.
16. Privacy and data processing (DPA)
This Section 16, together with Section 17 (Subprocessors) and Section 18 (Technical and organizational security measures), constitutes a binding Data Processing Agreement ("DPA") between Native as data processor and the Customer as data controller, and satisfies the requirements of GDPR Article 28(3). By accepting these Terms, registering an account, and/or ordering the Services, the DPA is deemed entered into in writing between the parties under GDPR Article 28(9). The Customer confirms that the person accepting the Terms has the authority to also bind the Customer to the DPA.
A signable standalone version of the DPA is available on request by contacting hei@native.no, but is not a precondition for the DPA to be binding.
16.1 Roles
Data controller: For personal information about the Customer's contact persons and users (account information, billing data, support communications, usage data), Native is the data controller. See our Privacy Policy.
Data processor: For personal information included in Customer content and processed on behalf of the Customer through the Services, Native acts as data processor and the Customer is the data controller.
16.2 Subject matter, purpose, and categories of processing
Subject matter: Provision of a SaaS platform for AI-assisted production, scheduling, approval, and publishing of content on social media, along with associated analytics and support.
Duration: The contract period, plus up to 90 days after termination for deletion (180 days for backups), unless a longer retention is required by law.
Nature of processing: Collection, recording, storage, structuring, reading, adaptation, AI generation based on input, querying, use, transmission to social media platforms on the Customer's instruction, deletion, and destruction.
Purpose:
to deliver the Services in accordance with the Terms,
to generate content (text and images) tailored to the Customer's business,
to publish content on the Customer's connected channels following the Customer's approval,
to operate, secure, troubleshoot, and improve the Services,
to provide support and meet legal obligations.
Types of personal data:
Identification and contact details (name, email, phone, job title, employer),
Account information (username, hashed password, authentication tokens for social media),
Content data uploaded by the Customer (text, images, video, logos, examples),
Usage data (logs, IP addresses, device and browser information, click data),
Billing and payment data (primarily processed by Stripe as an independent controller),
Personal data that may appear in public content on connected social media accounts (comments, follower names, etc.) to the extent the Service retrieves such content,
AI prompts and outputs that may contain personal data the Customer chooses to include.
Special categories (GDPR Article 9): The Service is not intended for the processing of special categories of personal data. The Customer shall refrain from uploading such content unless expressly agreed otherwise.
Categories of data subjects: The Customer's employees and users; the Customer's customers, leads, and partners that may appear in content; followers and persons who interact with the Customer's social media accounts; persons depicted or referenced in content the Customer uploads or approves.
16.3 Instructions
Native processes personal data only on documented instructions from the Customer. The Terms, this DPA, the Customer's configuration and use of the Service, and any subsequent written instructions are deemed documented instructions. Native shall notify the Customer without undue delay if Native believes an instruction violates GDPR or other data protection law (GDPR Article 28(3)(h)).
16.4 Confidentiality
Native ensures that personnel authorized to process personal data have committed themselves to confidentiality or are subject to an appropriate statutory obligation of confidentiality, and have received appropriate training. The confidentiality obligation continues after termination of the relationship as long as the information remains confidential in nature.
16.5 Security (GDPR Article 32)
Native implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as further described in Section 18. Native may update the measures over time, provided that the level of security is not materially reduced.
16.6 No AI training on Customer data
Personal data and content processed by AI providers for content generation at the Customer's request is not used to train their models. This is secured through Native's commercial agreements with the relevant providers.
16.7 Assistance to the Customer
Data subject rights: Native shall, insofar as possible and using appropriate technical and organizational measures, assist the Customer in responding to requests from data subjects regarding access, rectification, erasure, restriction, data portability, and objection. Requests received directly by Native will be redirected to the Customer without undue delay.
DPIA and prior consultation: Native shall assist the Customer in carrying out data protection impact assessments (GDPR Article 35) and any prior consultation with the supervisory authority (GDPR Article 36) where applicable.
Native may charge a reasonable fee for assistance that goes beyond what is included in the Services and that is caused by the Customer's own circumstances. Standard functionality for access, export, and deletion within the Service is included in the subscription.
16.8 Personal data breaches
Native shall notify the Customer without undue delay after becoming aware of a personal data breach affecting personal data (GDPR Article 33(2)). The notification shall, to the extent information is available, include:
a description of the nature of the breach, including categories and approximate number of data subjects and personal data records concerned,
contact information for further details,
likely consequences of the breach, and
measures taken or proposed to address the breach and mitigate its effects.
If not all information is available at the same time, it may be provided in phases without further undue delay. Native shall document breaches and cooperate with the Customer in handling them, but is not obligated to notify the supervisory authority on the Customer's behalf; this is the Customer's responsibility.
16.9 Audit and documentation
Native shall, upon the Customer's request, make available the information necessary to demonstrate compliance with GDPR Article 28 and this DPA.
The Customer has the right to conduct audits, including inspections, of Native's compliance. The audit right may be exercised once per calendar year, after at least 30 days' written notice, during Native's regular business hours, and without unreasonably disrupting operations. The Customer bears its own costs.
Native may discharge the audit obligation by providing recognized certifications or audit reports (such as ISO/IEC 27001 certificates, SOC 2 Type II reports, or equivalent) where these are available and cover the relevant processing. Auditors engaged by the Customer shall not be competitors of Native and shall sign a confidentiality undertaking. Supervisory authorities have audit rights under law, and these are not limited by the foregoing.
16.10 Deletion and return
Upon termination of the Terms, or at the Customer's request during the term, Native shall, at the Customer's choice, delete or return all personal data and delete existing copies, unless retention is required under EU law or national law (such as the Norwegian Bookkeeping Act § 13 and Accounting Act). Deletion normally occurs within 30 days after termination, and at the latest within 90 days, except for backups, which are deleted in accordance with Native's standard deletion routines and at the latest within 180 days. Upon request, Native shall confirm in writing that deletion has been completed.
16.11 International data transfers
Personal data is stored primarily in the EU/EEA, mainly in Google Cloud regions in Ireland.
To the extent personal data is transferred to third countries (outside the EEA), such transfers shall be made on a valid transfer basis under GDPR Chapter V, including:
an adequacy decision under GDPR Article 45 (such as the EU–US Data Privacy Framework for certified US recipients), or
the European Commission's Standard Contractual Clauses (SCC 2021/914) under GDPR Article 46(2)(c), supplemented by necessary technical and organizational measures based on a Transfer Impact Assessment.
Where SCCs are used, they are entered into between Native and the third-country subprocessor (Module 3), or between the Customer and the third-country recipient with Native as intermediary (Module 2), as relevant. The Customer authorizes Native to enter into SCCs with subprocessors on the Customer's behalf. A completed SCC annex is available on request.
Native shall inform the Customer if a transfer basis ceases to apply or is materially weakened, and shall implement measures to ensure continued lawful transfer or, if necessary, suspend the transfer.
For UK Customers, transfers rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs.
16.12 Hosting
The Services are hosted primarily in the EU/EEA. If you use the Services from another region with different laws on the collection, use, or disclosure of personal data, you consent to your data being transferred to and processed in the EU/EEA.
17. Subprocessors
Native uses subprocessors to deliver the Services. The Customer hereby provides general written authorization for the use of these subprocessors under GDPR Article 28(2).
Native shall notify the Customer of planned changes by addition or replacement of subprocessors at least 30 days before the change takes effect, normally by email to the Customer's registered contact or by updating this list combined with notice. The Customer may within 30 days from the notification object in writing on reasonable data protection grounds. The parties shall in good faith try to find a solution. If the parties do not reach agreement within reasonable time, the Customer may terminate the affected part of the Service with effect from the date the subprocessor is engaged; prepaid amounts covering the period after termination are refunded pro rata.
Native shall, by written agreement, impose on every subprocessor the same data protection obligations as set out in the Terms, in particular providing sufficient guarantees to implement appropriate technical and organizational measures. Native remains fully liable to the Customer for the subprocessor's performance of its obligations (GDPR Article 28(4)).
As of the effective date of these Terms, Native uses the following subprocessors:
17.1 Infrastructure and operations
Subprocessor | Service | Processing | Location | Transfer basis |
|---|---|---|---|---|
Google Ireland Limited (Google Cloud Platform) | Hosting, database storage, Cloud Run, Cloud Storage | Storage and processing of all customer and application data | EU (Ireland) | Within EEA |
Google LLC (Vertex AI, Gemini, Nano Banana) | AI model inference | Processing of prompts and generation of text/images | EU/US | EU–US Data Privacy Framework / SCC. Data not used for model training. |
17.2 AI providers
Subprocessor | Service | Processing | Location | Transfer basis |
|---|---|---|---|---|
Anthropic, PBC | LLM inference (Claude Opus, Sonnet, Haiku) | Processing of prompts for content generation | US | EU–US Data Privacy Framework / SCC. Data not used for model training. |
OpenAI, L.L.C. | LLM inference (GPT models) | Processing of prompts for content generation | US | EU–US Data Privacy Framework / SCC. Data not used for model training (API use). |
X.AI LLC | LLM inference (Grok models) | Processing of prompts for content generation | US | SCC. Data not used for model training. |
17.3 Content publishing and scraping
Subprocessor | Service | Processing | Location | Transfer basis |
|---|---|---|---|---|
Ayrshare LLC | Publishing to social media platforms | Intermediate storage and forwarding of content to connected channels | US | EU–US Data Privacy Framework / SCC |
Firecrawl (Mendable AI, Inc.) | Web scraping for context retrieval | Retrieval of public web content on the Customer's instruction | US | SCC |
17.4 Payment and billing
Third party | Service | Processing | Location | Role |
|---|---|---|---|---|
Stripe Payments Europe, Ltd. | Payment processing and subscription management | Processing of payment data | EU (Ireland) / global | Independent controller for payment data |
17.5 Analytics and product insights
Subprocessor | Service | Processing | Location | Transfer basis |
|---|---|---|---|---|
PostHog Inc. | Product analytics and user behavior | Storage of usage data, events, and session data | EU | Within EEA (PostHog EU Cloud) |
17.6 Support and communication
Subprocessor | Service | Processing | Location | Transfer basis |
|---|---|---|---|---|
Mimir AS | AI-powered customer support | Processing of support inquiries and associated contact data | EU/EEA | Within EEA |
18. Technical and organizational security measures
Native implements the following technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with GDPR Article 32:
18.1 Access control
Role-based access management following the "least privilege" principle
Two-factor authentication (2FA) for administrative access
Strong password requirements
Logging of access and changes
Periodic review of access rights
18.2 Encryption
TLS 1.2 or higher for data in transit
Encryption of data at rest (AES-256 or equivalent) where technically appropriate
Encrypted storage of authentication tokens and passwords (hashing)
18.3 Operational security
Hosting in Google Cloud, primarily in EU regions (Ireland)
Segmentation of environments (development, test, production)
Patching and updates in line with vendor recommendations
Logging and monitoring of security events
18.4 Resilience and continuity
Daily automated backups with encryption
Geographic redundancy within the EU/EEA for critical data
Incident response and business continuity plans for handling security incidents and operational disruptions
Periodic testing of recovery routines
Defined recovery objectives (RTO and RPO) appropriate to the nature of the Services
18.5 Personnel and training
Confidentiality undertaking as part of employment agreements
Mandatory training in data protection and information security for all personnel upon onboarding and periodically thereafter
Background checks for personnel with extended access, where proportionate and lawful
Clear procedures for revoking access upon termination of employment
18.6 Secure development
Established procedures for secure software development (Secure SDLC)
Code review and peer review before production deployment
Use of automated tools for dependency analysis and vulnerability scanning
Separation of development, test, and production environments
Limited use of real personal data in test and development environments
18.7 Incident management
Established process for identification, classification, escalation, and handling of security incidents
Defined roles and points of contact for security breaches
Documentation and post-incident review with implementation of improvement measures
18.8 Vendor management
Risk assessment of subprocessors before onboarding
Written agreements with data protection and security obligations equivalent to the Terms
Periodic monitoring of subprocessor compliance, including review of available certifications and audit reports
18.9 Physical security
Physical security of data is provided by the cloud provider (Google Cloud), which operates data centers with ISO 27001, SOC 1, SOC 2, and SOC 3 certifications. Native AS does not maintain its own physical infrastructure that stores personal data.
18.10 Data minimization and retention
Collection is limited to what is necessary to deliver the Services
Defined retention periods with automated deletion where technically possible
Deletion and anonymization of data that is no longer necessary
19. Copyright infringements
We respect the intellectual property rights of others. If you believe that material available on or through the Services infringes a copyright you own or control, please notify us immediately at hei@native.no or via native.no/en/contact (the "Notice").
Please be aware that under applicable law you may be held liable for damages if you make material misrepresentations in a Notice. Consult an attorney if you are unsure.
For US Customers, we follow procedures consistent with the Digital Millennium Copyright Act (DMCA). Our designated agent for DMCA notices is reachable at hei@native.no.
20. Term and termination
20.1 Term
The Terms apply for as long as you use the Services.
20.2 Our right to terminate
WITHOUT LIMITING ANY OTHER PROVISION OF THE TERMS, WE RESERVE THE RIGHT, IN OUR SOLE DISCRETION AND WITHOUT NOTICE OR LIABILITY, TO DENY ACCESS TO AND USE OF THE SERVICES, FOR ANY REASON, INCLUDING FOR BREACH OF ANY REPRESENTATION, WARRANTY, OR OBLIGATION IN THE TERMS OR FOR VIOLATION OF APPLICABLE LAW. WE MAY TERMINATE YOUR USE OR PARTICIPATION IN THE SERVICES OR DELETE YOUR ACCOUNT AND ANY CONTENT OR INFORMATION YOU HAVE POSTED, AT ANY TIME WITHOUT NOTICE.
In the event of a material breach that is capable of being remedied, a reasonable cure period shall normally be granted.
20.3 No re-registration
If we suspend or terminate your account, you are prohibited from registering and creating a new account under your name, a fictitious or borrowed name, or the name of any third party.
20.4 Deletion upon termination
Upon termination, the Customer's data will be deleted or anonymized in accordance with our retention policy and the DPA in Section 16, normally within 30 days, except for data that must be retained to comply with legal requirements (e.g. the Norwegian Bookkeeping Act § 13).
21. Modifications and interruptions
We reserve the right, in our sole discretion, to modify, suspend, or discontinue parts of the Services at any time, with reasonable notice where practicable. We may also impose limits on certain features or restrict access to parts of or the entire Services.
We cannot guarantee uninterrupted access to the Services, and we may experience technical issues, maintenance, or updates that may result in downtime, errors, delays, or interruptions. You acknowledge and agree that we are not liable for any loss, damage, or inconvenience caused by your inability to access or use the Services during any downtime or discontinuation.
22. Governing law
These Terms are governed by Norwegian law. The UN Convention on Contracts for the International Sale of Goods (CISG) does not apply. You and Native AS agree to submit to the non-exclusive jurisdiction of the courts of Oslo, Norway, to resolve any dispute that may arise in connection with the Terms.
Customers outside Norway confirm that they have knowingly and willingly chosen Norwegian law and venue, as part of business activity.
23. Dispute resolution
If you have any concerns or complaints relating to the Services, please contact us directly at hei@native.no or via native.no/en/contact. We will do our utmost to resolve disputes amicably.
If a dispute cannot be resolved amicably, it shall be settled by the ordinary courts of Norway, with Oslo District Court as the venue.
24. Corrections
We may correct typographical errors, inaccuracies, or omissions, including descriptions, prices, availability, and other information in the Services, at any time without prior notice. We do not provide refunds under any circumstances, including in the event of errors or miscommunication, unless otherwise required by mandatory law.
25. Disclaimer
THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. YOU AGREE THAT YOUR USE OF THE SERVICES IS AT YOUR OWN RISK. TO THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, IN CONNECTION WITH THE SERVICES AND YOUR USE OF THEM, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
WE MAKE NO WARRANTY AS TO THE ACCURACY OR COMPLETENESS OF THE CONTENT IN THE SERVICES, AND WE ASSUME NO LIABILITY FOR:
ERRORS OR INACCURACIES IN CONTENT AND MATERIALS,
PERSONAL INJURY OR PROPERTY DAMAGE RESULTING FROM YOUR ACCESS TO AND USE OF THE SERVICES,
UNAUTHORIZED ACCESS TO OR USE OF OUR SECURE SERVERS AND/OR ANY PERSONAL OR FINANCIAL INFORMATION STORED THEREIN,
INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE SERVICES,
BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE THAT MAY BE TRANSMITTED TO OR THROUGH THE SERVICES BY ANY THIRD PARTY, AND/OR
ANY ERRORS OR OMISSIONS IN ANY CONTENT OR MATERIALS, OR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE VIA THE SERVICES.
WE DO NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITY FOR ANY PRODUCT OR SERVICE ADVERTISED OR OFFERED BY A THIRD PARTY THROUGH THE SERVICES.
26. Limitations of liability
IN NO EVENT WILL WE OR OUR DIRECTORS, EMPLOYEES, OR REPRESENTATIVES BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST REVENUES, LOSS OF DATA, LOSS OF BUSINESS OPPORTUNITIES, REPUTATIONAL HARM, OR OTHER DAMAGES ARISING FROM YOUR USE OF THE SERVICES, INCLUDING AI CONTENT, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE TERMS, OUR AGGREGATE LIABILITY TO YOU, REGARDLESS OF THE BASIS OF THE CLAIM, SHALL BE LIMITED TO THE AMOUNT YOU HAVE ACTUALLY PAID TO US FOR THE SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
The limitation of liability does not apply in the event of:
intent or gross negligence,
liability under mandatory law that cannot be limited, or
liability under GDPR Article 82.
Claims must be made in writing within reasonable time and at the latest within twelve (12) months after you became or ought to have become aware of the claim, failing which the claim lapses.
CERTAIN US STATE LAWS AND INTERNATIONAL LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES OR THE EXCLUSION OF CERTAIN DAMAGES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE ABOVE DISCLAIMERS OR LIMITATIONS MAY NOT APPLY TO YOU, AND YOU MAY HAVE ADDITIONAL RIGHTS.
27. Indemnification
You agree to defend, indemnify, and hold harmless us, including our subsidiaries, affiliates, and all of our respective officers, agents, partners, and employees, from and against any loss, damage, liability, claim, or demand, including reasonable attorneys' fees, made by any third party arising out of:
your Contributions,
your use of the Services,
breach of the Terms,
breach of your representations and warranties in the Terms,
infringement of third-party rights, including intellectual property rights, privacy, or right of publicity,
publication of AI Content that you have approved,
breach of the Norwegian Marketing Control Act, the Norwegian Copyright Act, or other applicable laws, or
any claim or dispute arising from content created or generated through the Services, including matters relating to copyright, trademark, defamation, privacy, or other legal issues.
We reserve the right, at your expense, to assume exclusive control and defense of any matter for which you are obligated to indemnify us, and you agree to cooperate, at your expense, with our defense of such claims.
28. User data
28.1 General
We collect and retain data you transmit to the Services in order to manage the performance of the Services, as well as data relating to your use. Such data may include account information, content you submit or create, and your interactions with the Services.
28.2 Protection of Google user data
When you connect Google accounts to the Services, we collect and process Google user data solely to deliver our social media services. Google user data is never used for AI model training, marketing, or other purposes beyond core functionality. Such data is handled under additional security measures and retention limitations as described in our Privacy Policy.
28.3 No AI training on your data
Native does not train AI models on your data, and our AI providers are contractually prohibited from using your inputs/outputs for training.
28.4 Backups
We perform regular routine backups of data, but you are solely responsible for all data you transmit or that relates to activity you have undertaken using the Services. You agree that we are not liable for any loss or corruption of such data, unless the loss is caused by our gross negligence or intent.
28.5 Reference to the Privacy Policy
For more information on our data processing, see our Privacy Policy, which is incorporated into the Terms by reference.
29. Electronic communications, transactions, and signatures
Visiting the Services, sending us emails, and completing electronic forms constitute electronic communications. You consent to receive electronic communications, and you agree that all agreements, notices, disclosures, and other communications we provide to you electronically satisfy any legal requirement that such communication be in writing.
YOU HEREBY CONSENT TO THE USE OF ELECTRONIC SIGNATURES, CONTRACTS, ORDERS, AND OTHER RECORDS, AND TO THE ELECTRONIC DELIVERY OF NOTICES, POLICIES, AND RECORDS OF TRANSACTIONS INITIATED OR COMPLETED BY US OR VIA THE SERVICES.
You hereby waive any right or requirement under any law, regulation, rule, or ordinance in any jurisdiction that requires an original signature or delivery or retention of non-electronic records.
30. Miscellaneous
30.1 Entire agreement
The Terms, together with our Privacy Policy and the order confirmation, constitute the entire agreement between you and us. The DPA provisions in Section 16, together with the subprocessor list in Section 17 and the security measures in Section 18, are an integral part of the Terms.
In the event of conflict between these documents, the following order of precedence applies: (1) order confirmation or separate written agreement signed by both parties, (2) the DPA provisions in Sections 16–18 for matters concerning the processing of personal data, (3) other provisions of the Terms, and (4) the Privacy Policy.
30.2 No waiver
Our failure to enforce any right or provision of the Terms does not constitute a waiver of such right or provision.
30.3 Assignment
You may not assign your rights or obligations under the Terms without Native's written consent. Native may assign the agreement to a group company, or in connection with a merger, demerger, or business transfer, provided that the new party is bound by equivalent terms.
30.4 Severability
If any provision of the Terms is held to be unlawful, invalid, or unenforceable, that provision shall be deemed severed from the Terms and shall not affect the validity and enforceability of the remaining provisions.
30.5 Force majeure
Neither party is liable for any breach caused by circumstances beyond the party's reasonable control, including power outages, internet outages, war, riot, natural disasters, pandemics, government action, cyber attacks, or failure of essential subcontractors.
30.6 No partnership
No joint venture, partnership, employment, or agency relationship is established between you and us as a result of the Terms or your use of the Services.
30.7 Interpretation
You agree that the Terms shall not be construed against us on the basis that we drafted them.
30.8 Language
The Terms are published in Norwegian and English. The English version is made available for convenience. In the event of conflict between the language versions, the Norwegian version prevails, unless otherwise expressly agreed.
31. Contact us
For questions or inquiries regarding the Terms, please contact us:
Native AS Company no. 930 324 787 Behrens' gate 5, 0257 Oslo, Norway
Email: hei@native.no Contact form: native.no/en/contact
Document last updated April 26, 2026. Version 2.2.
