Privacy Policy
Effective Date: April 1, 2026
This Privacy Policy describes how Hanlec ("we," "us," or "our") collects, uses, and protects your personal information when you use the Hanlec platform, website, and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.
1. Information We Collect
Information You Provide
- Account Information. When you register, we collect your name, email address, and password.
- Payment Information. When you subscribe to a paid plan, we collect billing details through our payment processor (Stripe). We do not store your full credit card number on our servers.
- Communications. When you contact us for support or send us messages, we collect the content of those communications.
Information Collected Automatically
- Usage Data. We collect information about how you interact with the Service, including pages visited, features used, and actions taken.
- Log Data. Our servers automatically record information such as your IP address, browser type, operating system, referring URLs, and timestamps.
- Device Information. We collect information about the device you use to access the Service, including device type and screen resolution.
Information from Third Parties
We may receive information about you from third-party services you use to authenticate with the Service or from payment processors in connection with your transactions.
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Process transactions and manage your subscription
- Send transactional communications such as account confirmations and billing receipts
- Respond to your support requests and inquiries
- Monitor and analyze usage patterns to improve the Service
- Detect, prevent, and address fraud, abuse, and security issues
- Comply with legal obligations
We do not sell your personal information to third parties.
3. Legal Bases for Processing
We process your personal information based on the following legal grounds:
- Contract. Processing necessary to perform our contract with you (e.g., providing the Service, processing payments).
- Legitimate Interests. Processing necessary for our legitimate business interests (e.g., improving the Service, preventing fraud), where those interests are not overridden by your rights.
- Consent. Processing based on your consent (e.g., marketing communications), which you may withdraw at any time.
- Legal Obligation. Processing necessary to comply with applicable laws and regulations.
4. How We Share Your Information
We may share your information with:
- Service Providers. Third-party companies that help us operate the Service, including cloud hosting providers, payment processors, email delivery services, and analytics providers. These providers are contractually obligated to protect your information and use it only for the services they provide to us.
- AI Providers. To power the AI features of the Service, your prompts and code context are sent to third-party AI model providers. We minimize the data shared and do not send your personal account information to AI providers.
- Legal Requirements. We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Hanlec, our users, or the public.
- Business Transfers. In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
5. Data Processing and Sub-Processors
We use the following categories of sub-processors to deliver the Service:
| Category | Purpose |
|---|---|
| Cloud Infrastructure | Hosting, compute, and storage |
| Payment Processing | Subscription billing and payment handling |
| Email Delivery | Transactional and support email |
| AI Model Providers | Code generation and development assistance |
| Analytics | Usage metrics and performance monitoring |
6. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we implement appropriate safeguards in accordance with applicable data protection laws, including standard contractual clauses where required.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. After account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required for legal compliance, fraud prevention, or the enforcement of our Terms of Service.
Log data is retained for up to 90 days for security and operational purposes.
8. Information Security
We implement reasonable technical and organizational measures to protect your personal information, including:
- Encryption of data in transit and at rest
- Hashed and salted password storage
- Access controls limiting employee access to personal data
- Regular monitoring for security vulnerabilities
No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.
9. Cookies and Tracking
We use cookies and similar technologies for:
- Essential Cookies. Required for the Service to function, such as session authentication.
- Analytics Cookies. Help us understand how users interact with the Service to improve it.
You can control cookie preferences through your browser settings. Disabling essential cookies may impair the functionality of the Service.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access. Request a copy of the personal information we hold about you.
- Correction. Request correction of inaccurate or incomplete information.
- Deletion. Request deletion of your personal information, subject to legal retention requirements.
- Portability. Request a copy of your data in a structured, machine-readable format.
- Objection. Object to processing based on legitimate interests.
- Withdraw Consent. Where processing is based on consent, withdraw that consent at any time.
To exercise any of these rights, contact us at privacy@hanlec.dev. We will respond to your request within 30 days.
11. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it promptly.
12. Your Privacy Obligations
If you build applications on the Service that collect data from end users, you are responsible for:
- Providing appropriate privacy notices to your end users
- Obtaining any necessary consents for data collection and processing
- Complying with applicable data protection laws in your jurisdiction
13. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes that reduce your rights, we will notify you by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.
15. Contact
If you have any questions about this Privacy Policy or our data practices, please contact us at:
- Email: privacy@hanlec.dev
- Address: Hanlec, Portugal