Pauhu
Pricing Docs Support

Privacy Policy

Last updated: October 6, 2025

Effective date: October 6, 2025

🔒 Privacy at a Glance

📱 Local-First

Your data stays on your devices. We process most data locally, not in the cloud.

🎯 Minimal Collection

We collect only what's necessary for billing, support, and service improvement.

🛡️ No Sale

We never sell your personal data to third parties. Period.

⚖️ GDPR Compliant

Full compliance with EU data protection laws and your rights.

Table of Contents

  1. Overview
  2. Data We Collect
  3. How We Use Data
  4. Data Sharing
  5. Data Storage & Security
  6. Your Rights
  7. Cookies & Tracking
  8. Children's Privacy
  9. International Transfers
  10. Policy Changes
  11. Contact Us

1. Overview

Pauhu AI Oy ("we," "us," "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our AI software and services.

Our Privacy Principles

  • Local-First Architecture: Most AI processing happens on your devices, not our servers
  • Data Minimization: We collect only what's necessary for service operation
  • Transparency: Clear explanation of what data we collect and why
  • User Control: You control your data and can delete it anytime
  • Security by Design: Strong encryption and security measures

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (required for account access)
  • Name (optional, for personalization)
  • Password (encrypted, we never see plaintext)
  • Country/region (for tax calculations)

2.2 Billing Information

For subscription processing, we collect:

  • Payment method details (processed by Stripe, we don't store card numbers)
  • Billing address (required for tax compliance)
  • VAT/tax ID (for business customers)
  • Invoice preferences

2.3 Device Information

To enforce device limits and provide support:

  • Device identifiers (hashed fingerprints, not personally identifiable)
  • Operating system and version
  • Hardware specifications (for compatibility)
  • Software version and configuration

2.4 Usage Analytics (Optional)

With your consent, we may collect:

  • Feature usage statistics (which tools you use)
  • Performance metrics (response times, errors)
  • Crash reports and debug information
  • Anonymized usage patterns

2.5 Support Communications

When you contact support:

  • Support ticket content and history
  • Communication preferences
  • Issue resolution tracking

2.6 What We DON'T Collect

Important: Due to our local-first architecture, we do NOT collect:

  • ❌ Your code, documents, or content processed by the AI
  • ❌ AI conversation history or prompts
  • ❌ Files uploaded to or created by the software
  • ❌ Personal projects or intellectual property
  • ❌ Keystroke logging or screen recording

3. How We Use Data

3.1 Legal Basis for Processing (GDPR)

Data Type Legal Basis Purpose
Account Information Contract Performance Provide service access
Billing Information Contract Performance Process payments
Device Information Legitimate Interest Enforce license terms
Usage Analytics Consent Improve service
Support Data Legitimate Interest Provide customer support

3.2 Specific Uses

We use your data to:

  • Service Delivery: Authenticate access, enforce device limits, provide support
  • Billing: Process payments, generate invoices, handle refunds
  • Communication: Send service updates, security alerts, support responses
  • Improvement: Analyze usage patterns to enhance features (with consent)
  • Security: Detect fraud, prevent abuse, protect systems
  • Legal Compliance: Meet tax, regulatory, and legal obligations

3.3 Automated Decision Making

We use automated systems for:

  • Device authorization (based on license limits)
  • Fraud detection (for payment security)
  • System optimization (performance tuning)

You can request human review of any automated decisions affecting you.

4. Data Sharing

4.1 When We Share Data

We only share your data in these limited circumstances:

Service Providers

  • Stripe: Payment processing (they never see your payment details)
  • Cloudflare: CDN and security services (minimal data exposure)
  • Email Service: Transactional email delivery

Legal Requirements

  • Court orders or legal process
  • Law enforcement requests (with proper warrants)
  • Tax authority requirements
  • Regulatory compliance

Business Transfers

In case of merger, acquisition, or sale, your data may transfer to the new entity. We'll notify you of any such changes.

4.2 What We NEVER Share

  • ❌ Personal data for marketing purposes
  • ❌ User content or AI interactions
  • ❌ Data to data brokers or advertisers
  • ❌ Personal information to competitors

4.3 Data Processing Agreements

All service providers sign Data Processing Agreements (DPAs) ensuring GDPR compliance and appropriate data protection.

5. Data Storage & Security

5.1 Where We Store Data

  • Primary: European Union (GDPR-compliant providers)
  • Backup: Encrypted backups in EU regions
  • CDN: Cloudflare global network (minimal data)

5.2 Security Measures

  • Encryption: AES-256 encryption at rest, TLS 1.3 in transit
  • Access Control: Role-based access, multi-factor authentication
  • Monitoring: 24/7 security monitoring and incident response
  • Regular Audits: Third-party security assessments
  • Data Minimization: Automatic deletion of unnecessary data

5.3 Data Retention

Data Type Retention Period Reason
Account Information Duration of account + 30 days Service provision
Billing Records 7 years Tax compliance
Usage Analytics 12 months Service improvement
Support Tickets 3 years Support quality
Security Logs 1 year Security monitoring

6. Your Rights (GDPR & CCPA)

6.1 EU/UK Residents (GDPR Rights)

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Delete your data (when legally permissible)
  • Portability: Export your data in a standard format
  • Object: Opt out of certain processing activities
  • Restrict: Limit how we process your data
  • Withdraw Consent: Remove consent for optional processing

6.2 California Residents (CCPA Rights)

  • Know: What personal information we collect and use
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of sale of personal information (we don't sell data)
  • Non-Discrimination: Equal service regardless of privacy choices

6.3 How to Exercise Your Rights

Contact us at privacy@pauhu.ai or use our online form.

We'll respond within 30 days (EU) or 45 days (California). Identity verification may be required.

6.4 Complaints

EU residents can file complaints with their local data protection authority. Finnish DPA: tietosuoja.fi

7. Cookies & Tracking

7.1 Cookies We Use

Type Purpose Duration Required
Authentication Keep you logged in Session Yes
Security Fraud prevention 30 days Yes
Preferences Remember settings 1 year No
Analytics Usage statistics 2 years No

7.2 Cookie Control

You can control cookies through:

  • Browser settings (disable all non-essential cookies)
  • Our cookie banner (granular consent)
  • Account preferences (analytics opt-out)

7.3 Third-Party Analytics

With your consent, we use:

  • Privacy-focused analytics (no personal data collection)
  • Error tracking (for bug fixes)
  • Performance monitoring (service optimization)

All analytics are anonymized and aggregated.

8. Children's Privacy

Our service is not intended for children under 16 (or local age of digital consent). We don't knowingly collect data from children.

If we learn we've collected a child's data, we'll delete it immediately. Parents can contact us to request deletion.

9. International Transfers

We primarily process data within the EU. When transfers outside the EU are necessary, we ensure adequate protection through:

  • Adequacy Decisions: EU-approved countries
  • Standard Contractual Clauses: EU-approved contract terms
  • Certification Programs: Privacy frameworks like Privacy Shield successor

You can request details about specific transfers affecting your data.

10. Policy Changes

We may update this Privacy Policy to reflect:

  • Changes in our data practices
  • New legal requirements
  • Service improvements
  • User feedback

We'll notify you of significant changes via:

  • Email notification (for material changes)
  • Website banner
  • In-app notification

Continued use after notification indicates acceptance of changes.

11. Contact Us

Data Protection Officer

For privacy-related questions or requests:

  • Email: privacy@pauhu.ai
  • Subject Line: "Privacy Request - [Your Request Type]"
  • Response Time: 30 days maximum

General Contact

  • Company: Pauhu AI Oy (Y-tunnus: 3477255-1)
  • Address: P.O. Box 292, 00100 HELSINKI, FINLAND
  • Email: support@pauhu.ai
  • Contact Form: Online Form

EU Representative

For EU-specific privacy matters:

  • Company: Pauhu AI Oy
  • Email: eu-privacy@pauhu.ai
  • Address: P.O. Box 292, 00100 HELSINKI, FINLAND

🔒 Our Privacy Commitment

"Privacy is a fundamental right, not a luxury."

We built Pauhu AI with privacy by design. Your data stays on your devices, under your control. We collect only what's necessary and give you complete transparency about our practices.

Questions about privacy? We're here to help: privacy@pauhu.ai

Legal

  • Terms of Service
  • Privacy Policy
  • Cookie Policy

Support

  • Documentation
  • FAQ
  • Contact

Company

  • About
  • Pricing
  • Status

© 2025 Pauhu AI. All rights reserved.