Privacy Policy
Last updated: February 10, 2026
Plain Language Summary
- ✓We collect account info (email, name) and usage data to provide the Service
- ✓Uploaded designs are processed in memory by AI services and not stored permanently by the AI provider
- ✓We store analysis results and usage history in Firebase (Google Cloud)
- ✓Payment processing is handled by Stripe - we never see your card details
- ✓You have full GDPR rights: access, correct, delete, or export your data anytime
1. Introduction
Hunter Research AS ("we", "us", "our") operates HandoffPro ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.
We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and Norwegian data protection laws.
Data Controller:
Hunter Research AS
Karl Johans gate 25
Oslo, Norway
Email: axel@devin.no
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address (if you register with email)
- Name and profile information from OAuth providers (Google, GitHub) if you choose to authenticate with them
- Account creation date and last login time
- Subscription status (Free or Pro tier)
2.2 Uploaded Design Files
When you upload screenshots for analysis, we process these images to generate structured output. Uploaded designs are:
- Sent to third-party AI services for analysis (processed in memory, not stored permanently by the AI provider)
- Not stored on our servers after processing completes (unless you choose to save analysis results)
- Associated with your account if you are logged in, allowing you to view analysis history
2.3 Usage Data
We automatically collect:
- Analysis history: timestamps, number of images uploaded, generated output
- Technical data: IP address, browser type, device information, operating system
- Service usage patterns and feature interactions
- Error logs and diagnostic data to improve Service reliability
2.4 Payment Information
Payment processing is handled by Stripe. We do not store your credit card details. Stripe collects and processes payment information according to their Privacy Policy.
We receive from Stripe:
- Subscription status and billing cycle information
- Last four digits of your payment method
- Payment success or failure events
2.5 Cookies and Tracking
We use cookies and similar technologies for authentication, analytics, and advertising. For detailed information, see our Cookie Policy.
3. How We Use Your Information
We use your personal data to:
- Provide the Service: Process uploaded designs, generate AI analysis, deliver results
- Manage your account: Authentication, subscription management, usage tracking
- Process payments: Handle subscriptions and billing through Stripe
- Improve the Service: Analyze usage patterns, fix bugs, develop new features
- Communicate with you: Send service updates, respond to support requests
- Ensure security: Detect and prevent fraud, abuse, or security threats
- Comply with legal obligations: Respond to legal requests, enforce our terms
4. AI Processing of Your Designs
When you upload a screenshot for analysis, we send it to third-party AI services. These AI services:
- Process your design in memory to generate structured output
- Do not permanently store your uploaded images (per their data processing agreements)
- May use aggregated, anonymized data to improve their AI models (subject to their terms)
- Are located in the United States and other jurisdictions (see "International Data Transfers" below)
We select AI providers who comply with GDPR requirements and have appropriate data processing agreements in place.
5. Data Storage and Security
Firebase (Google Cloud Platform): We use Firebase to store account information, analysis history, and usage data. Firebase data is stored in Europe where possible, with backups in Google Cloud regions.
Security Measures: We implement industry-standard security practices including:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for stored data
- Access controls and authentication
- Regular security audits and monitoring
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal data for as long as necessary to:
- Provide the Service to you while your account is active
- Comply with legal obligations (e.g., tax and accounting records)
- Resolve disputes and enforce our agreements
Account Data: Stored until you delete your account, plus 30 days for recovery
Analysis History: Stored indefinitely unless you request deletion
Payment Records: Retained for 7 years to comply with accounting requirements
Uploaded Designs: Not stored permanently; processed in memory only
7. Your Rights Under GDPR
As a data subject, you have the following rights:
7.1 Right to Access
You can request a copy of the personal data we hold about you. We will provide this in a structured, commonly used format.
7.2 Right to Rectification
You can update or correct your personal information through your account settings or by contacting us.
7.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data. We will comply unless we have a legal obligation to retain certain information.
7.4 Right to Data Portability
You can request a copy of your data in a machine-readable format to transfer to another service.
7.5 Right to Object
You can object to certain processing of your data, including marketing communications and automated decision-making.
7.6 Right to Restriction
You can request that we limit how we use your data while we investigate a complaint or dispute.
To exercise any of these rights, contact us at axel@devin.no. We will respond within 30 days.
8. International Data Transfers
HandoffPro uses third-party services that may process data in the United States and other countries outside the European Economic Area (EEA):
- Firebase/Google Cloud: Data stored in EU regions where possible, subject to Google's data processing terms
- Stripe: Payment processing in the United States, covered by Standard Contractual Clauses (SCCs)
- AI Services: May process data in the United States, with appropriate GDPR safeguards
These transfers are protected by Standard Contractual Clauses (SCCs) and other appropriate safeguards as required by GDPR.
9. Third-Party Services
HandoffPro integrates with third-party services, each with their own privacy policies:
- Firebase Authentication & Firestore: Google Privacy Policy
- Stripe: Stripe Privacy Policy
- Google AdSense (Free tier only): Google Ads Policy
10. Children's Privacy
HandoffPro is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.
For significant changes, we may also send you an email notification if you have provided an email address.
12. Supervisory Authority
You have the right to lodge a complaint with a data protection authority. As a Norwegian company, we are supervised by:
Datatilsynet (Norwegian Data Protection Authority)
Postboks 458 Sentrum
0105 Oslo, Norway
Website: www.datatilsynet.no
Email: postkasse@datatilsynet.no
13. Contact Us
If you have questions or concerns about this Privacy Policy or how we handle your personal data, please contact us:
Hunter Research AS
Karl Johans gate 25
Oslo, Norway
Email: axel@devin.no