Hasso - Privacy Policy

Last Updated on: 11 October 2025

This Privacy Policy ("Policy") describes how The Company DecodeChinese i Linköping AB, a company registered under the laws of Sweden with company registration number 559247-0560 ("DecodeChinese i Linköping AB", "us", "we" or "our"), collects, uses, and shares information about you when you access or use our innovation platform and related services (the "Service").

We are committed to protecting your privacy and handling your data in an open and transparent manner. By using our Service, you agree to the collection and use of information in accordance with this Policy.

1. Information We Collect

To provide and improve our Service, we collect the following types of information:

  • Information You Provide Directly:
    • Account Information: When you create an account, we collect personal information such as your name, email address, and company name.
    • User Input: We collect and process the business ideas, concepts, and related data you submit to the Service's AI chatbot ("User Input"). This is treated as your confidential information.
    • Payment Information: If you subscribe to a paid plan, our third-party payment processor will collect your payment card information. We do not store this information on our servers.
  • Information We Collect Automatically:
    • Usage Information: We collect data about how you interact with our Service, such as the features you use, the clicks you make, and the duration of your sessions.
    • Device and Connection Information: We collect information about the computer or device you use to access our Service, including your IP address, browser type, and operating system.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide and Maintain the Service: We use your Account Information and User Input to operate the Service, authenticate you, and provide the core functionality of generating and validating business ideas.
  • To Improve the Service: We analyze aggregated and anonymized Usage Information to understand user behavior, identify areas for improvement, and enhance the features and performance of our Service.
  • To Communicate With You: We use your email address to send you important service-related notices, updates, security alerts, and support messages.
  • For Security and Legal Compliance: We use information to protect the security and integrity of our Service and to comply with legal obligations.

Our Commitment to Confidentiality: Your User Input is your confidential information. The Company staff will only access this information in limited circumstances, such as when required for technical support or troubleshooting. We are subject to strict confidentiality obligations to not share or use your information and data.

Under the GDPR, we are required to have a legal basis for processing your personal data. Our legal bases are as follows:

  • Performance of a Contract: We process your Account Information and User Input because it is necessary to provide the Service you have signed up for, as described in our Terms of Service.
  • Legitimate Interest: We process Usage and Device Information for our legitimate interest in understanding how our Service is used, which helps us improve and secure it, provided this interest does not override your fundamental rights and freedoms.
  • Legal Obligation: We may process your data where it is necessary for compliance with a legal obligation to which we are subject.

4. How We Share Your Information & Our Sub-processors

We do not sell your personal information. We only share your data with trusted third-party service providers (sub-processors) who help us operate and improve the Service. All our primary sub-processors are hosted within the European Union (EU).

Sub-processorPurposeLocation (Country)URL
Microsoft AzureAI Model Hosting (for OpenAI models)EUhttps://www.microsoft.com/licensing/docs/view/microsoft-products-and-services-data-protection-addendum-dpa
SupabaseDatabase Hosting and User AuthenticationEUhttps://supabase.com/legal/dpa
VercelWebsite and Application HostingEUhttps://vercel.com/legal/dpa
Google AnalyticsService Usage AnalyticsEU[https://www.google.com/analytics/terms/dpa/dataprocessingamendment_20130906.html)
PostHogProduct and Service AnalyticsEUhttps://posthog.com/docs/privacy/gdpr-compliance

We may also share information if required by law or in connection with a major corporate transaction, such as a merger or sale of assets.

5. International Data Transfers

All of our primary data processors are located within the European Union (EU) or European Economic Area (EEA). Should we engage with a service provider located outside the EEA, we will ensure that the transfer of your personal data is lawful and that your data is protected by appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs).

6. Data Security

We take the security of your data very seriously. We implement appropriate technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: All data is encrypted in transit (using TLS/SSL) and at rest.
  • Access Controls: We limit access to personal and confidential data to authorized personnel only with strict non-disclosure agreements.
  • Secure Infrastructure: We rely on secure, GDPR-compliant infrastructure from our trusted partners.

7. Data Retention

We retain your personal information and User Input for as long as your account is active or as needed to provide you with the Service. You can delete your account and associated data at any time. We may retain certain information for a longer period if required to comply with our legal obligations or for legitimate business purposes like resolving disputes.

8. Your Data Protection Rights (Under GDPR)

As a user, you have the following rights concerning your personal data:

  • The right to access, rectify, or erase your personal data.
  • The right to restrict or object to the processing of your data.
  • The right to data portability.

To exercise these rights, please contact us at alex@usehasso.com.

Right to Lodge a Complaint: You also have the right to lodge a complaint with a supervisory authority. The competent authority in Sweden is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

9. Cookies and Tracking Technologies

We use browser cookies and similar technologies for essential purposes:

  • Essential Cookies: To keep you signed in to the Service and maintain your session.
  • Analytics Cookies: To help us understand how you use the Service so we can improve it. You can control the use of cookies at the individual browser level.

10. Changes to this Policy

We may update this Policy from time to time. We will notify you of any significant changes by posting the new Policy on our website and, where appropriate, through email. Your continued use of the Service after changes become effective constitutes your acceptance of the new Policy. You can always find the latest version at www.usehasso.com/legal/privacy-policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us. While The Company has not appointed a formal Data Protection Officer (DPO), our dedicated privacy team can be reached at: alex@usehasso.com

For more information about our terms, please see our Terms of Service.