Privacy Policy
Last updated: October 6, 2025
Effective date: October 6, 2025
🔒 Privacy at a Glance
📱 Local-First
Your data stays on your devices. We process most data locally, not in the cloud.
🎯 Minimal Collection
We collect only what's necessary for billing, support, and service improvement.
🛡️ No Sale
We never sell your personal data to third parties. Period.
⚖️ GDPR Compliant
Full compliance with EU data protection laws and your rights.
Table of Contents
1. Overview
Pauhu AI Oy ("we," "us," "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our AI software and services.
Our Privacy Principles
- Local-First Architecture: Most AI processing happens on your devices, not our servers
- Data Minimization: We collect only what's necessary for service operation
- Transparency: Clear explanation of what data we collect and why
- User Control: You control your data and can delete it anytime
- Security by Design: Strong encryption and security measures
2. Data We Collect
2.1 Account Information
When you create an account, we collect:
- Email address (required for account access)
- Name (optional, for personalization)
- Password (encrypted, we never see plaintext)
- Country/region (for tax calculations)
2.2 Billing Information
For subscription processing, we collect:
- Payment method details (processed by Stripe, we don't store card numbers)
- Billing address (required for tax compliance)
- VAT/tax ID (for business customers)
- Invoice preferences
2.3 Device Information
To enforce device limits and provide support:
- Device identifiers (hashed fingerprints, not personally identifiable)
- Operating system and version
- Hardware specifications (for compatibility)
- Software version and configuration
2.4 Usage Analytics (Optional)
With your consent, we may collect:
- Feature usage statistics (which tools you use)
- Performance metrics (response times, errors)
- Crash reports and debug information
- Anonymized usage patterns
2.5 Support Communications
When you contact support:
- Support ticket content and history
- Communication preferences
- Issue resolution tracking
2.6 What We DON'T Collect
Important: Due to our local-first architecture, we do NOT collect:
- ❌ Your code, documents, or content processed by the AI
- ❌ AI conversation history or prompts
- ❌ Files uploaded to or created by the software
- ❌ Personal projects or intellectual property
- ❌ Keystroke logging or screen recording
3. How We Use Data
3.1 Legal Basis for Processing (GDPR)
Data Type | Legal Basis | Purpose |
---|---|---|
Account Information | Contract Performance | Provide service access |
Billing Information | Contract Performance | Process payments |
Device Information | Legitimate Interest | Enforce license terms |
Usage Analytics | Consent | Improve service |
Support Data | Legitimate Interest | Provide customer support |
3.2 Specific Uses
We use your data to:
- Service Delivery: Authenticate access, enforce device limits, provide support
- Billing: Process payments, generate invoices, handle refunds
- Communication: Send service updates, security alerts, support responses
- Improvement: Analyze usage patterns to enhance features (with consent)
- Security: Detect fraud, prevent abuse, protect systems
- Legal Compliance: Meet tax, regulatory, and legal obligations
3.3 Automated Decision Making
We use automated systems for:
- Device authorization (based on license limits)
- Fraud detection (for payment security)
- System optimization (performance tuning)
You can request human review of any automated decisions affecting you.
4. Data Sharing
4.1 When We Share Data
We only share your data in these limited circumstances:
Service Providers
- Stripe: Payment processing (they never see your payment details)
- Cloudflare: CDN and security services (minimal data exposure)
- Email Service: Transactional email delivery
Legal Requirements
- Court orders or legal process
- Law enforcement requests (with proper warrants)
- Tax authority requirements
- Regulatory compliance
Business Transfers
In case of merger, acquisition, or sale, your data may transfer to the new entity. We'll notify you of any such changes.
4.2 What We NEVER Share
- ❌ Personal data for marketing purposes
- ❌ User content or AI interactions
- ❌ Data to data brokers or advertisers
- ❌ Personal information to competitors
4.3 Data Processing Agreements
All service providers sign Data Processing Agreements (DPAs) ensuring GDPR compliance and appropriate data protection.
5. Data Storage & Security
5.1 Where We Store Data
- Primary: European Union (GDPR-compliant providers)
- Backup: Encrypted backups in EU regions
- CDN: Cloudflare global network (minimal data)
5.2 Security Measures
- Encryption: AES-256 encryption at rest, TLS 1.3 in transit
- Access Control: Role-based access, multi-factor authentication
- Monitoring: 24/7 security monitoring and incident response
- Regular Audits: Third-party security assessments
- Data Minimization: Automatic deletion of unnecessary data
5.3 Data Retention
Data Type | Retention Period | Reason |
---|---|---|
Account Information | Duration of account + 30 days | Service provision |
Billing Records | 7 years | Tax compliance |
Usage Analytics | 12 months | Service improvement |
Support Tickets | 3 years | Support quality |
Security Logs | 1 year | Security monitoring |
6. Your Rights (GDPR & CCPA)
6.1 EU/UK Residents (GDPR Rights)
- Access: Request copies of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Delete your data (when legally permissible)
- Portability: Export your data in a standard format
- Object: Opt out of certain processing activities
- Restrict: Limit how we process your data
- Withdraw Consent: Remove consent for optional processing
6.2 California Residents (CCPA Rights)
- Know: What personal information we collect and use
- Delete: Request deletion of your personal information
- Opt-Out: Opt out of sale of personal information (we don't sell data)
- Non-Discrimination: Equal service regardless of privacy choices
6.3 How to Exercise Your Rights
Contact us at privacy@pauhu.ai or use our online form.
We'll respond within 30 days (EU) or 45 days (California). Identity verification may be required.
6.4 Complaints
EU residents can file complaints with their local data protection authority. Finnish DPA: tietosuoja.fi
8. Children's Privacy
Our service is not intended for children under 16 (or local age of digital consent). We don't knowingly collect data from children.
If we learn we've collected a child's data, we'll delete it immediately. Parents can contact us to request deletion.
9. International Transfers
We primarily process data within the EU. When transfers outside the EU are necessary, we ensure adequate protection through:
- Adequacy Decisions: EU-approved countries
- Standard Contractual Clauses: EU-approved contract terms
- Certification Programs: Privacy frameworks like Privacy Shield successor
You can request details about specific transfers affecting your data.
10. Policy Changes
We may update this Privacy Policy to reflect:
- Changes in our data practices
- New legal requirements
- Service improvements
- User feedback
We'll notify you of significant changes via:
- Email notification (for material changes)
- Website banner
- In-app notification
Continued use after notification indicates acceptance of changes.
11. Contact Us
Data Protection Officer
For privacy-related questions or requests:
- Email: privacy@pauhu.ai
- Subject Line: "Privacy Request - [Your Request Type]"
- Response Time: 30 days maximum
General Contact
- Company: Pauhu AI Oy (Y-tunnus: 3477255-1)
- Address: P.O. Box 292, 00100 HELSINKI, FINLAND
- Email: support@pauhu.ai
- Contact Form: Online Form
EU Representative
For EU-specific privacy matters:
- Company: Pauhu AI Oy
- Email: eu-privacy@pauhu.ai
- Address: P.O. Box 292, 00100 HELSINKI, FINLAND
🔒 Our Privacy Commitment
"Privacy is a fundamental right, not a luxury."
We built Pauhu AI with privacy by design. Your data stays on your devices, under your control. We collect only what's necessary and give you complete transparency about our practices.
Questions about privacy? We're here to help: privacy@pauhu.ai