Privacy Policy

• Controller/Business: Desect, Bygdøy alle 111, 0273 Oslo, Norway
• Contact email: desect.ai@gmail.com
• EU/UK representative (if required): Not appointed.
• Data Protection Officer (if appointed): Not appointed.

This Policy covers personal information we process when you: (a) visit or use our websites and apps; (b) create an account, subscribe, or make a purchase; (c) interact with embedded third-party features (e.g., YouTube players) or our APIs; (d) contact us, participate in surveys, beta tests, or promotions; or (e) receive our marketing communications. This Policy does not cover third-party sites, services, or content we do not control.

A. You provide to us

• Account/profile details (name, email, password (hashed), preferences)
• Contact details and communications (support requests, feedback)
• Payment details processed by Stripe (e.g., last four digits, tokenized identifiers); we do not store full card numbers
• User-generated content (searches, uploads, comments, settings)

B. Automatically collected

• Device and usage data (IP address, device IDs, app version, timestamps)
• Log and analytics data (pages viewed, feature usage) — collected in part via Google Analytics
• Approximate location derived from IP or device settings
• Cookies, SDKs, pixels, local storage, and similar technologies

C. From third parties

• Authentication or single sign-on providers (subject to your settings)
• Google Analytics (usage and performance metrics)
• Stripe (payment processing metadata; not full card numbers)
• Content partners and platforms (e.g., when you interact with embedded YouTube content or our use of the YouTube Data API)

1. Providing the Service (account, features, transactions, support) — Contract, Legitimate interests
2. Personalization & preferences — Legitimate interests; Consent
3. Analytics & improvement — Legitimate interests; Consent
4. Security & abuse prevention — Legitimate interests; Legal obligation
5. Marketing & communications — Consent; Legitimate interests
6. Compliance — Legal obligation; Legitimate interests
7. Attribution & measurement — Consent; Legitimate interests

Where we rely on consent, you may withdraw it at any time via Cookie Settings or by contacting us.

We and certain third parties (including analytics, measurement, and content partners such as Google/YouTube) store and access information on your device when you use the Service. This may include placing, accessing, or recognizing cookies, local storage, SDKs, pixels, tags, and other similar technologies on your browser or device.

Purposes

• Essential operations, security, and fraud prevention (includes Stripe session cookies)
• Preferences and personalization
• Analytics and performance via Google Analytics
• Delivery of third-party content and features, including YouTube Data API and players
• (If applicable) Advertising and cross-site measurement

Who sets them

• First-party (Desect) for the purposes above
• Third-party: Google/YouTube and service providers may set and read their own identifiers when their features load

Your choices

• Manage consent for non-essential technologies via Cookie Settings and your browser/device settings.
• If you block or delete cookies, some features may not function properly.

YouTube API Services notice

Our Service may use YouTube API Services. Your use of YouTube features is subject to the YouTube Terms of Service and Google Privacy Policy. Google/YouTube may place or access identifiers on your device through embedded players or API usage. You can manage or revoke the app’s access to your Google account at Google Security settings.

• Service providers / processors (hosting, Google Analytics, customer support, email/SMS, Stripe payments, fraud prevention, attribution) under appropriate safeguards.
• Content and platform partners (e.g., Google/YouTube) when you interact with their features (they process data under their own policies).
• Business transfers (merger, acquisition, financing, sale of assets).
• Legal and safety (comply with law, enforce terms, protect rights and safety).

We do not sell your personal information for money. If any activity qualifies as a “sale” or “sharing” under U.S. state laws, we will disclose that and provide opt-out rights.

We operate globally. Your information may be transferred to and processed in countries outside your own (including transfers from the EEA/UK to the U.S.). Where required, we use appropriate safeguards such as Standard Contractual Clauses and the UK IDTA/Addendum, plus additional measures. Copies of relevant safeguards are available upon request.

We retain personal information only as long as necessary for the purposes described, to comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and context (e.g., account status, feature usage, legal requirements, and security needs).

We use technical and organizational measures appropriate to the risk (encryption in transit, access controls, monitoring, secure development practices). Passwords are stored using industry-standard hashing algorithms. No method of transmission or storage is 100% secure.

EU/EEA, UK, Switzerland

Rights to access, rectify, erase, restrict, port, and object (including to processing based on legitimate interests and, where applicable, profiling); withdraw consent at any time; and lodge a complaint with your supervisory authority.

Canada (PIPEDA)

Rights to access and correct; withdraw consent (subject to legal/contractual limits and reasonable notice); and complain to the Office of the Privacy Commissioner of Canada or your provincial commissioner.

United States (state privacy laws)

Rights to confirm processing and access, portability, deletion, correction (where applicable), and opt-out of targeted advertising, sale of personal data, and certain profiling. California residents may also limit use/disclosure of sensitive personal information and are protected from discrimination for exercising their rights.

Exercise your rights by contacting desect.ai@gmail.com. We may verify requests and identity. Authorized agents may submit requests subject to verification.

Marketing & cookie choices

• Unsubscribe using links in marketing emails.
• Control push notifications via device settings.
• Manage cookie preferences in Cookie Settings and in your browser/device.
• California residents may also use Do Not Sell or Share My Personal Information.

The Service is not directed to children under 13 (or the age required by your jurisdiction). We do not knowingly collect personal information from children without appropriate parental consent. If you believe a child has provided personal information, contact us to request deletion.

We do not engage in solely automated decisions that produce legal or similarly significant effects without human involvement. If we introduce such processing, we will provide required notices and safeguards.

Our Service may link to or integrate third-party sites and services. Their handling of your information is governed by their privacy policies.

We will update this Policy from time to time. If changes are material, we will provide prominent notice (e.g., in-app notice or email) and indicate the effective date at the top.

Questions or concerns? Contact desect.ai@gmail.com. EU/UK/Swiss users may also contact their data protection authority. We will work to resolve your concerns.

California (CCPA/CPRA)

• Categories collected: Identifiers; commercial information; internet/network activity; approximate geolocation; inferences; audio/visual if you upload content; and sensitive data only if strictly necessary (e.g., account credentials).
• Sources: You, your devices, and third parties (see Sections 3–4).
• Purposes: See Section 4. Sharing/disclosures: See Section 6.
• We do not sell personal information for money. If our use constitutes “sale” or “sharing,” you can opt out via Do Not Sell or Share My Personal Information and Cookie Settings.

Virginia/Colorado/Connecticut/Utah/etc.

Rights to access, correct (where applicable), delete, obtain a copy, and opt-out of targeted advertising, sale of personal data, and certain profiling. Use Cookie Settings and contact desect.ai@gmail.com.

Canada (PIPEDA)

We process personal information with knowledge and consent, except where otherwise permitted or required by law. You can access and correct your information and withdraw consent (subject to legal/contractual limits). Contact desect.ai@gmail.com or your provincial commissioner.

If we use analytics or attribution SDKs (e.g., app install measurement), those partners may collect device identifiers and usage data to provide aggregated analytics and attribution services. Where required, we will obtain consent before enabling these SDKs and provide opt-out controls in Cookie Settings.