Privacy Policy

Data controller:

We collect only limited information necessary to provide the Service.

A. Account and authentication information

When you sign in using Google or another authentication provider, we may receive information such as your name, email address, account identifier, and profile image or profile URL, depending on what the provider makes available to us.

B. Subscription and billing information

If you purchase a paid subscription, our payment provider, Polar, may process billing information such as payment status, subscription plan, renewal date, transaction ID, billing country, and invoice data. We do not store full payment card details on our own servers.

C. Support communications

If you contact us, we may collect your email address and the contents of your message so we can respond.

We do not intentionally store on our own systems:

• prompts you submit to the Service,
• screenshots, files, or images you submit for processing,
• generated outputs returned by AI models,

except for temporary technical handling strictly necessary to transmit the request, maintain security, prevent abuse, comply with law, or operate the Service.

To provide the Service, user inputs such as prompts, screenshots, or other content may be transmitted to third-party providers that process the request on our behalf or as independent service providers. These providers may include authentication providers, payment providers, hosting providers, and AI/model providers such as OpenAI, Google/Gemini, and Hugging Face.

We do not share user prompts or screenshots for advertising or resale. We do not intentionally keep them in our own long-term storage. However, third-party providers may process, log, or retain certain data under their own terms, privacy policies, and security practices. OpenAI states API data is not used to train its models by default unless a customer opts in, and Hugging Face states Inference Endpoints do not store payloads but retain logs for 30 days.

We process personal data only as needed to:

• create and manage user accounts,
• authenticate users,
• provide the Service,
• process subscriptions and payments,
• respond to support requests,
• maintain security and prevent abuse,
• comply with legal obligations,
• enforce our Terms of Service.

Where the GDPR applies, we rely on one or more of the following legal bases:

• Performance of a contract — to provide your account, subscription, and the Service;
• Legitimate interests — to secure, improve, and administer the Service;
• Legal obligation — where we must retain or disclose certain information under applicable law;
• Consent — where consent is legally required.

We may share limited personal data with:

• authentication providers,
• payment processors,
• hosting and infrastructure providers,
• AI/model providers used to generate outputs,
• professional advisers,
• regulators, courts, or law enforcement where legally required,
• a buyer or successor in the event of a merger, acquisition, or asset sale.

We do not sell personal data.

Because some of our service providers may be located outside your country or outside the European Economic Area, your information may be processed internationally. Where required, we rely on appropriate safeguards for such transfers.

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.

In general:

• account information is kept while your account is active and for up to 90 days after account closure, unless longer retention is required by law;
• billing and invoice records may be retained for as long as required by tax, accounting, or legal obligations;
• prompts, screenshots, and generated outputs are not intentionally retained by us in long-term storage.

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, and alteration. However, no method of transmission or storage is completely secure.

Depending on your location, you may have rights to:

• access your personal data,
• correct inaccurate data,
• request deletion,
• restrict processing,
• object to processing,
• request portability of your data,
• withdraw consent where processing is based on consent,
• lodge a complaint with a supervisory authority.

EU data protection authorities explain these rights under the GDPR, including access, rectification, erasure, restriction, portability, objection, and protection from certain solely automated decisions.

To exercise your rights, contact: contact@hintora.ai

The Service is not intended for children under 13, and we do not knowingly collect personal data from children below that age.

The Service may rely on third-party services and websites. Their privacy practices are governed by their own terms and policies, not ours.

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date above. Material changes may also be communicated through the Service or by email where appropriate.

For privacy questions, contact: