Privacy Policy

Last updated: 9 May 2025

Animal Detect ("we", "us", "our") is operated by Really A Robot ApS, Danserhøj 40, Brønderslev 9700, Denmark. We respect your privacy and are committed to processing personal data fairly, lawfully and transparently in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable e-Privacy rules.

1. Who is responsible for your data?

Data controller: Really A Robot ApS, Denmark, E-mail: eugene@animaldetect.com
Data Protection Officer (DPO): Not legally required; please use the contact above for all privacy matters.

2. Scope of this notice

This policy describes how we collect, use, disclose and protect personal data when you:

visit animaldetect.com or any sub-domain ("Website");
create an account and use our web application ("App");
purchase a subscription or one-off service; or
interact with us by e-mail or support chat.

3. What data we collect

Category	Typical items	Source
Account data	E-mail address, hashed password, chosen display name	Provided by you during sign-up
OAuth data	Google account identifier and e-mail (if you sign in with Google)	Google, after your consent
Payment data	Subscription tier, transaction ID, last four digits of card, billing address (if provided)	Stripe Payments Europe S.A.
Content data	Images you upload, processed output files, associated metadata	You, via App upload
Usage data	Date/time of visit, pages viewed, browser & device type, truncated IP address	Automatically from your browser via Umami Analytics
Technical data	Authentication/session cookies, Stripe fraud-prevention cookies	Automatically from your browser

We do not intentionally collect special-category data (GDPR Art. 9) nor do we profile or make automated decisions that produce legal effects.

4. Purposes & lawful bases

Purpose	Lawful basis (Art. 6 GDPR)	Details
Create and maintain your user account	Contract Art. 6 (1)(b)	We need basic identity & credentials to deliver the service you request.
Process payments & issue invoices	Contract Art. 6 (1)(b) & Legal obligation Art. 6 (1)(c)	Required for subscription fulfilment and tax compliance.
Provide image-processing functionality	Contract	We store the files you upload and generate results on your demand.
Prevent fraud & secure the service	Legitimate interest Art. 6 (1)(f)	Essential cookies and logs help detect abusive or automated behaviour.
Audience measurement & service improvement (Umami)	Legitimate interest	We use cookieless, first-party analytics limited to aggregate statistics.
Respond to enquiries & support requests	Legitimate interest	Necessary to answer you and improve customer experience.

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms through an internal Legitimate-Interest Assessment and concluded that our processing is proportionate and minimally intrusive.

5. Cookies & similar technologies

We aim to keep tracking minimal. The Website only sets essential cookies.

We do not use advertising, social-media or analytics cookies, and therefore no consent banner is displayed. Umami Analytics operates without storing any identifier on your device.

How to block cookies anyway: Most browsers let you delete or block cookies in settings. Blocking the above cookies may prevent you from logging in or completing payments.

6. Hosting & sub-processors

Google Cloud Platform – europe-west (Frankfurt) → hosting & object storage for uploaded images and results.
Stripe Payments Europe S.A. (Ireland) → payment processing; PCI-DSS compliant.
Umami Cloud – EU region (Germany) → audience measurement (cookieless).

All data is stored and processed within the European Economic Area (EEA). If a future transfer outside the EEA becomes necessary we will implement EU-approved Standard Contractual Clauses or rely on an adequacy decision and update this notice accordingly.

7. Data retention

Data type	Retention period
Account & billing records	As long as you have an account + 6 years for statutory accounting
Uploaded images & outputs	Until user deletes either account or project that is assigned to the images.
Server logs & raw analytics	24 hours, rolled-up aggregates kept 13 months

You may delete your account at any time from the profile page or by e-mail; backups are purged within 30 days.

8. Security measures

TLS encryption in transit (HTTPS)
AES-256 encryption at rest on all GCP storage volumes
Continuous vulnerability patching

9. Your rights

Under GDPR you have the right to:

access the personal data we hold about you;
request rectification or erasure;
restrict or object to processing (including analytics);
receive a copy of your data in portable format;
withdraw consent where processing is based on consent;
lodge a complaint with your local supervisory authority (e.g., Datatilsynet, Denmark).

To exercise any right, please write to info@animaldetect.com. We will respond within 30 days.

10. Children

Our services are intended for professionals and organizations. We do not knowingly collect or solicit personal information from children under the age of 13. If we become aware that we have collected personal information from a child, we will delete it immediately.

11. Changes to this policy

We may update this document to reflect legal or technical changes. For substantial modifications we will notify registered users by e-mail at least 14 days in advance. The version date appears at the top of the page.

12. Contact

If you have questions about privacy or data protection, contact info@animaldetect.com.

By using Animal Detect you acknowledge that you have read and understood this Privacy & Cookie Policy.