Hanlec LogoHanlec

Privacy Policy

Effective Date: April 1, 2026

This Privacy Policy describes how Vitor Sousa Pereira ("we," "us," or "our") collects, uses, and protects your personal information when you use the Hanlec platform, website, and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

Information You Provide

  • Account Information. When you register, we collect your name, email address, and password.
  • Payment Information. When you subscribe to a paid plan, we collect billing details through our payment processor (Stripe). We do not store your full credit card number on our servers.
  • Communications. When you contact us for support or send us messages, we collect the content of those communications.

Information Collected Automatically

  • Usage Data. We collect information about how you interact with the Service, including pages visited, features used, and actions taken.
  • Log Data. Our servers automatically record information such as your IP address, browser type, operating system, referring URLs, and timestamps.
  • Device Information. We collect information about the device you use to access the Service, including device type and screen resolution.
  • Analytics Data. We use Google Analytics to measure traffic and understand how visitors use the Service. Google Analytics sets cookies on your device and collects information such as your IP address (truncated where supported), referring page, pages viewed, time spent on the Service, and approximate location derived from IP. This information is processed by Google on our behalf. See Section 9 for details on managing analytics cookies.

Information from Third Parties

We may receive information about you from third-party services you use to authenticate with the Service or from payment processors in connection with your transactions.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your subscription
  • Send transactional communications such as account confirmations and billing receipts
  • Respond to your support requests and inquiries
  • Monitor and analyze usage patterns to improve the Service
  • Detect, prevent, and address fraud, abuse, and security issues
  • Comply with legal obligations

We do not sell your personal information to third parties.

3. Legal Bases for Processing

We process your personal information based on the following legal grounds:

  • Contract. Processing necessary to perform our contract with you (e.g., providing the Service, processing payments).
  • Legitimate Interests. Processing necessary for our legitimate business interests (e.g., improving the Service, preventing fraud), where those interests are not overridden by your rights.
  • Consent. Processing based on your consent (e.g., marketing communications), which you may withdraw at any time.
  • Legal Obligation. Processing necessary to comply with applicable laws and regulations.

4. How We Share Your Information

We may share your information with:

  • Service Providers. Third-party companies that help us operate the Service, including cloud hosting providers, payment processors, email delivery services, and analytics providers. These providers are contractually obligated to protect your information and use it only for the services they provide to us.
  • AI Providers. To power the AI features of the Service, the prompts you submit and the code or other context you share with the AI agent are sent to third-party AI model providers, including Anthropic, OpenAI, Kimi and others. We do not include your account credentials or billing information in these requests. Any content you include in your prompts — such as sample data, file contents, or code comments — is transmitted in full and may contain personal data. We recommend avoiding sharing sensitive personal data through the AI agent.
  • Legal Requirements. We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Hanlec, our users, or the public.
  • Business Transfers. In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

5. Data Processing and Sub-Processors

We use the following categories of sub-processors to deliver the Service:

CategoryPurpose
Cloud InfrastructureHosting, compute, and storage
Payment ProcessingSubscription billing and payment handling
Email DeliveryTransactional and support email
AI Model ProvidersCode generation and development assistance
AnalyticsTraffic measurement and product analytics (Google Analytics)

A list of the specific sub-processors we currently use is available on request by contacting support@hanlec.com.

6. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including countries outside the European Economic Area ("EEA") such as the United States. When we transfer personal data outside the EEA, we rely on one or more of the legal transfer mechanisms recognized under the GDPR, including:

  • Adequacy decisions of the European Commission, where the destination country has been deemed to provide an adequate level of data protection;
  • Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organizational measures where appropriate; and
  • Certification of U.S. recipients under the EU–U.S. Data Privacy Framework and its U.K. and Swiss extensions, where applicable.

You may request a copy of the relevant transfer mechanism by contacting us at support@hanlec.com.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. After account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required for legal compliance, fraud prevention, or the enforcement of our Terms of Service.

Log data is retained for up to 90 days for security and operational purposes.

8. Information Security

We implement reasonable technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Hashed and salted password storage
  • Access controls limiting employee access to personal data
  • Regular monitoring for security vulnerabilities

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Cookies and Tracking

We use the following categories of cookies and similar technologies:

  • Essential cookies. Strictly necessary for the Service to function, such as session authentication and security. These cannot be disabled.
  • Analytics cookies. Set by Google Analytics (cookies prefixed with _ga and _ga_*) to help us understand how visitors use the Service. These cookies collect information such as the pages you visit, time spent on the Service, and approximate location derived from your IP address. We do not use this information to identify you personally.

We do not use cookies for advertising or cross-site tracking.

When you first visit the Service, we display a notice informing you of our cookie use. You can control cookie preferences through your browser settings, and most browsers allow you to block analytics cookies specifically. You may also opt out of Google Analytics by installing the Google Analytics opt-out browser add-on. Disabling essential cookies may impair the functionality of the Service.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Request correction of inaccurate or incomplete information.
  • Deletion. Request deletion of your personal information, subject to legal retention requirements.
  • Portability. Request a copy of your data in a structured, machine-readable format.
  • Restriction. Request that we restrict the processing of your personal information in certain circumstances, such as while we verify the accuracy of data following a correction request.
  • Objection. Object to processing based on legitimate interests.
  • Automated Decisions. Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects on you. We do not currently make such decisions about you.
  • Withdraw Consent. Where processing is based on consent, withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Complaint. Lodge a complaint with a data protection supervisory authority. Users in the European Union may contact the authority in their country of residence. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD, www.cnpd.pt).

To exercise any of these rights, contact us at support@hanlec.com. We will respond to your request within 30 days.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it promptly.

12. Your Privacy Obligations

If you build applications on the Service that collect data from end users, you are responsible for:

  • Providing appropriate privacy notices to your end users
  • Obtaining any necessary consents for data collection and processing
  • Complying with applicable data protection laws in your jurisdiction

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes that reduce your rights, we will notify you by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

15. Contact

The data controller responsible for your personal information is Vitor Sousa Pereira, a company registered in Portugal. If you have any questions about this Privacy Policy or our data practices, or wish to exercise any of the rights described above, please contact us at support@hanlec.com.