Privacy Policy

Effective date: February 25, 2026

This Privacy Policy explains how Brainbow v/ Mikkel Malmberg (“Brainbow”, “we”, “us”) handles personal data for Tuna (app and website).

1. Privacy approach

Tuna is designed to collect as little data as possible. We avoid collecting user content wherever possible.

In particular, Tuna does not intentionally collect:

  • search queries
  • clipboard contents
  • dictation transcripts
  • file contents

2. Data we process

A) Purchase and license data

If you purchase Pro, we process limited purchase and licensing data, such as:

  • email address you provide at checkout (optional)
  • Stripe checkout and session identifiers
  • license key metadata (stored as digest and prefix, not plaintext key in server records)
  • device activation records (for example device ID, optional device name, activation and refresh timestamps)

B) Minimal product telemetry

Tuna may send pseudonymous product telemetry for Pro/versioning and product decisions, including:

  • pseudonymous install identifier (server stores hash)
  • app version and platform
  • daily aggregated counters related to Pro limits and upgrade flow

Telemetry is designed to be aggregate and pseudonymous.

C) Website and service request metadata

When you use the website or app endpoints (for example downloads, store refresh, licensing, telemetry), our servers necessarily process technical request data such as:

  • IP address
  • user agent
  • request path, timestamp, and basic HTTP logs

3. Legal bases (GDPR)

Where GDPR applies, we process data under:

  • contract: to provide Tuna services you request (purchase, licensing, updates)
  • legitimate interests: to secure, operate, and improve Tuna with minimal analytics and abuse prevention
  • legal obligations: where required by applicable law (for example accounting/tax records)

4. Processors and third parties

We use service providers that process data on our behalf, including Stripe for payments and checkout.

These providers process data under their own terms/privacy notices and applicable data protection law.

5. International transfers

Your data may be processed outside your country (including outside the EEA). Where required, we rely on appropriate safeguards (such as contractual safeguards) for cross-border transfers.

6. Retention

We keep data only as long as needed for the purposes above, including licensing, support, security, abuse prevention, and legal/accounting obligations.

Then we delete or de-identify data where feasible.

7. Your rights (GDPR)

If GDPR applies, you may have rights to:

  • access
  • rectification
  • erasure
  • restriction
  • objection
  • data portability
  • withdraw consent (where processing is based on consent)

You also have the right to lodge a complaint with your local data protection authority.

To exercise rights, contact [email protected].

8. Security

We use reasonable technical and organizational measures to protect data. No system is perfectly secure.

9. Changes

We may update this Privacy Policy. We will post the updated version with a new effective date.

10. Contact

Privacy questions or requests: [email protected]