Privacy Policy - Xyra AB

Last updated: May 18, 2026

1. Data Controller

The data controller responsible for the processing of your personal data is Xyra AB (org. nr 559558-6701), Mälaregatan 12, 151 71 Södertälje, Sweden. For all data requests and privacy questions, contact [email protected].

2. 100% Local Vision Processing

Your privacy is protected by design. All screen analysis, OCR, and template matching run locally on your device. Screenshots are processed in temporary RAM and are never uploaded, stored, or shared. We do not see your screen.

3. Data Collection & Legal Basis

We process the following limited data under GDPR Art. 6 (Contractual Necessity and Legitimate Interest):

  • Account Data: Email address for login, account recovery, and support.
  • Subscription status: A flag managed via Stripe indicating whether your account has access to Premium capabilities. Premium unlocks advanced automation nodes (such as OCR and image matching), the custom asset library, and reusable function blocks. We never see your card details.
  • Device ID: A hashed identifier used solely to enforce our single-device policy. It is not linked to your screen, gameplay, or location.

We do not collect screenshots, gameplay data, or anything shown on your screen. Blueprints you create or customise inside the app are stored in your device's app sandbox; we do not upload them. There are no analytics, crash reporting, or tracking SDKs in the app.

4. Third-Party Processors

We use encrypted connections to talk to our trusted partners:

  • Google Firebase (Authentication and Firestore): Secure login plus the database that holds your account flags, subscription status, and the public blueprint catalog. Data may be processed in the US under Standard Contractual Clauses (SCCs).
  • Stripe: Payment processing for Premium subscriptions. We never see your credit card data.

The public blueprint catalog (browsable inside the app) is a read-only resource. Browsing it or installing a blueprint does not log or share information about you beyond the standard authenticated session needed to read the catalog.

5. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, secure authentication, and regular security audits. However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Swedish Authority for Privacy Protection (IMY) within 72 hours and affected users without undue delay, as required by GDPR Article 33-34.

6. Data Retention & Your Rights

We store data only as long as your account is active and necessary for the purposes outlined in this policy. Tax records are kept for 7 years as required by Swedish law. Inactive accounts may be deleted after 3 years of inactivity.

Under GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Restrict Processing: Limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time (where applicable).

To exercise these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

7. Children's Privacy

Xyra is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child without parental consent, we will delete such information promptly.

8. International Data Transfers

Your data may be processed and stored in servers located outside the European Economic Area (EEA), including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions by the European Commission.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app notification at least 30 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree, you must stop using the Service and delete your account.

10. Contact

Xyra AB has not appointed a formal Data Protection Officer, as one is not required for our limited scale of processing (GDPR Article 37). The data controller handles all data protection matters directly. For privacy-related inquiries, data subject requests, or to report a security concern, contact us at:

Xyra AB

Email: [email protected]

Address: Mälaregatan 12, 151 71 Södertälje, Sweden

Organization Number: 559558-6701