Privacy Policy

Last Updated: January 23, 2026

1. Information We Collect

1.1 Account Information

When you create an account or purchase a license, we collect:

• Email Address: Used for account creation, license delivery, and communication
• Name: Optional, used for personalization and invoicing
• Password: Encrypted using industry-standard bcrypt hashing (we never store plain-text passwords)
• Company Name: Optional, for business customers

1.2 License Information

To validate and manage your software license, we collect:

• License Key: Unique identifier for your software license
• Hardware ID: A hashed identifier of your computer (used to bind license to device)
• Activation Date: When you first activated the license
• Expiration Date: When your license period ends
• License Type: Trial, Standard, Professional, or Enterprise
• License Status: Active, expired, or suspended

1.3 Payment Information

Payment processing is handled by Stripe, a PCI-DSS compliant payment processor:

• We DO NOT store: Credit card numbers, CVV codes, or full payment details
• We DO collect: Transaction IDs, payment status, and purchase amounts for record-keeping
• Stripe collects: Payment card information, billing address (see Stripe's Privacy Policy)

1.4 Technical Information

The software collects minimal technical data for license validation:

• Hardware Identifier: A unique, anonymized hash of your computer hardware
• Software Version: The version of LaserHuis Pro you're using
• Activation Timestamp: When license validation requests occur
• IP Address: Temporarily logged for security and fraud prevention (not permanently stored)

1.5 Usage Information

The software operates primarily offline and does NOT collect:

• ❌ Your project files or designs
• ❌ Images you process or create
• ❌ Screen captures or usage statistics
• ❌ Browsing history or other software usage

Your work stays on your computer. We only communicate with our servers for license validation.

2. How We Use Your Information

2.1 Essential Services

We use your information to:

• Create and manage your account
• Process payments and generate invoices
• Deliver license keys and account setup instructions
• Validate software licenses and prevent unauthorized use
• Provide technical support and troubleshooting
• Notify you of license expiration and renewal options

2.2 Communication

We may send you:

• Transactional Emails: License delivery, account setup, password resets, expiration notices (cannot be unsubscribed)
• Product Updates: Important updates, new features, security patches
• Support Responses: Replies to your support inquiries

We do NOT send marketing emails or newsletters without your explicit consent.

2.3 Security and Fraud Prevention

We use your information to:

• Prevent license key sharing and abuse
• Detect and prevent trial license abuse (multiple trials from same email or device)
• Protect against payment fraud
• Secure your account from unauthorized access

3. How We Store and Protect Your Information

3.1 Data Storage

Your data is stored securely using:

• Database: Supabase (PostgreSQL) with encryption at rest
• Location: Data centers in the EU (GDPR compliant)
• Passwords: Encrypted with bcrypt (cost factor 12)
• License Keys: Stored securely with access controls

3.2 Security Measures

We implement industry-standard security practices:

• 🔒 SSL/TLS encryption for all data transmission
• 🔒 Secure HTTPS connections for all web communications
• 🔒 Row-level security policies on database
• 🔒 Regular security updates and patches
• 🔒 Access controls and authentication requirements
• 🔒 Activity logging for suspicious behavior detection

3.3 Data Retention

We retain your data as follows:

• Active Accounts: Stored indefinitely while your account is active
• Expired Licenses: Retained for 2 years after expiration for renewal and support purposes
• Deleted Accounts: Permanently deleted within 30 days of account deletion request
• Transaction Records: Retained for 7 years for legal and accounting requirements
• Activity Logs: Retained for 90 days, then automatically deleted

4. Data Sharing and Third Parties

4.1 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Third-Party Services

We share limited data with trusted service providers:

• Stripe: Payment processing (email, payment details) - Privacy Policy
• Supabase: Database hosting (account and license data) - Privacy Policy
• Email Service: Transactional email delivery (email address, name)

All third parties are contractually obligated to protect your data and use it only for the specified purposes.

4.3 Legal Requirements

We may disclose your information if required by law:

• In response to valid legal requests (court orders, subpoenas)
• To protect our legal rights and property
• To prevent fraud or security threats
• To comply with regulatory obligations

5. Your Rights and Choices

5.1 Access and Portability

You have the right to:

• Access your personal data through your account dashboard
• Request a copy of all data we hold about you
• Export your data in a machine-readable format

5.2 Correction and Update

You can:

• Update your email, name, and account information in your dashboard
• Change your password at any time
• Contact support to correct any inaccurate information

5.3 Deletion

You have the right to:

• Request deletion of your account and personal data
• We will delete your data within 30 days of the request
• Some data may be retained for legal obligations (transaction records)

To request deletion, email us at privacy@laserhuis.com

5.4 Objection and Restriction

You can:

• Object to certain processing of your data
• Request restriction of processing under certain circumstances
• Withdraw consent for optional data processing

6. Cookies and Tracking

6.1 Essential Cookies

We use essential cookies for:

• Session Management: Keep you logged in to your account
• Security: Prevent cross-site request forgery (CSRF)
• Preferences: Remember your settings

6.2 No Tracking or Analytics

We do NOT use:

• ❌ Google Analytics or similar tracking tools
• ❌ Advertising cookies or pixels
• ❌ Third-party tracking scripts
• ❌ Cross-site tracking

7. Children's Privacy

LaserHuis Pro is not intended for users under 16 years of age. We do not knowingly collect information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

If you believe a child has provided us with personal information, please contact us at privacy@laserhuis.com

8. International Data Transfers

Your data is primarily stored in EU data centers. If you access our services from outside the EU:

• Your data may be transferred to and processed in the EU
• We ensure adequate protection through standard contractual clauses
• All transfers comply with GDPR requirements

9. Changes to This Privacy Policy

9.1 Updates

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last Updated" date at the top
• Significant changes will be communicated via email
• Continued use after changes constitutes acceptance

9.2 Review Regularly

We encourage you to review this policy periodically to stay informed about how we protect your privacy.

10. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights under GDPR:

• Right to Access: Obtain confirmation of data processing and access to your data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for optional processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

11. Contact Us

11.1 Privacy Inquiries

For privacy-related questions, concerns, or requests:

• Email: privacy@laserhuis.com
• Support Email: support@laserhuis.com
• Website: https://licence.laserhuis.com

11.2 Data Protection Officer

For GDPR-related matters, contact our Data Protection Officer at dpo@laserhuis.com

11.3 Response Time

We will respond to privacy requests within 30 days as required by GDPR.

---