Privacy Policy
Last updated: March 7, 2026
1. Data Controller
CheckPFAS.com is operated by Jovian Creative AS, a company registered in Norway.
2. Scope of This Policy
This Privacy Policy applies to all visitors of checkpfas.com and describes how Jovian Creative AS collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Norwegian law.
3. Data We Collect
3.1 Data you provide directly
CheckPFAS does not require account registration or login. If you contact us by email, we will receive your email address and any information you include in your message. This data is used solely to respond to your inquiry.
3.2 ZIP code lookups
When you look up a ZIP code, the lookup is performed client-side against pre-built static data files. We do not log, store, or transmit your ZIP code or search query to any server. No personal data is collected through the water quality lookup tool.
3.3 Automatically collected data
Like most websites, our web server may receive standard technical data when you visit, including:
- IP address (truncated or anonymised where possible)
- Browser type and version
- Operating system
- Referring URL
- Pages visited and time of visit
This data is processed for security, performance, and aggregate analytics purposes. It is not used to identify individual users.
3.4 Cookies
CheckPFAS uses only essential cookies necessary for basic site functionality. We do not use advertising cookies or third-party tracking cookies on our own site. When you click affiliate links to Amazon or other retailers, those third-party sites may set their own cookies. We have no control over those cookies and they are subject to the respective privacy policies of those sites.
4. Legal Basis for Processing
Where we process personal data, we rely on the following legal bases under GDPR Article 6:
- Legitimate interests (Art. 6(1)(f)): Processing server logs for security and performance monitoring, and operating privacy-preserving analytics that collect no personal data.
- Contract (Art. 6(1)(b)): Handling email inquiries to respond to your request.
We do not use cookies for analytics and do not require a consent banner for our analytics tool. See Section 6.4 for details.
5. How We Use Your Data
Any personal data we collect is used exclusively to:
- Respond to your emails or support requests
- Monitor and maintain website security and performance
- Comply with legal obligations
We do not sell, rent, or share your personal data with third parties for marketing purposes.
6. Third-Party Services
6.1 Amazon Associates
CheckPFAS participates in the Amazon Services LLC Associates Program, an affiliate advertising program. When you click an Amazon affiliate link, Amazon may set cookies on your device to track purchases. Amazon's data processing is governed by Amazon's Privacy Notice.
6.2 Hosting
Our website is hosted on infrastructure that may process access logs. Our hosting provider is bound by data processing agreements consistent with GDPR requirements.
6.3 External data sources
Water quality data is sourced from the U.S. Environmental Protection Agency (EPA) UCMR 5 dataset, which is public domain. No personal data is transferred to the EPA when you use our lookup tool.
6.4 Plausible Analytics
We use Plausible Analytics, a privacy-friendly, EU-hosted analytics service operated by Plausible Insights OÜ (Estonia). Plausible:
- Does not use cookies or store any data in your browser
- Does not collect personal data or personally identifiable information
- Uses a daily rotating salt to hash IP addresses — the original IP is never stored
- Is fully compliant with GDPR, CCPA, and PECR without requiring a consent banner
Aggregate, anonymised data (page views, referrers, country-level geography) may be processed by Plausible on servers within the EU. For more information, see Plausible's Privacy Policy.
7. Data Retention
Server access logs are retained for a maximum of 30 days for security purposes, after which they are deleted or anonymised. Email correspondence is retained for as long as necessary to resolve your inquiry and for a reasonable period thereafter, not exceeding 2 years.
8. International Data Transfers
CheckPFAS is operated from Norway (EEA). If you access the site from outside the EEA, be aware that your connection data may pass through servers located in the EEA. Any transfers outside the EEA are conducted in compliance with GDPR Chapter V, using Standard Contractual Clauses or equivalent safeguards where required.
9. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate data.
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
- Right to restriction (Art. 18): Request that we restrict processing of your data.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests.
- Right to withdraw consent (Art. 7(3)): Withdraw any consent previously given at any time.
To exercise any of these rights, contact us at contact@checkpfas.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Norwegian supervisory authority: Datatilsynet (datatilsynet.no).
10. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Our website uses HTTPS encryption for all connections.
11. Children's Privacy
CheckPFAS is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of CheckPFAS after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
13. Contact
For any questions, data requests, or concerns about this Privacy Policy, please contact: