1. Data Controller

Xyra AB (Org. nr 559558-6701), Sweden. Contact: [email protected]

2. 100% Local AI Processing

Your privacy is protected by design. All screen analysis, OCR, and AI-Vision logic run locally on your device. Screenshots are processed in temporary RAM and are NEVER uploaded, stored, or shared. We do not see your screen.

3. Data Collection & Legal Basis

We process data under GDPR Art. 6 (Contractual Necessity and Legitimate Interest):

• Account Data: Email address for login and support.
• Subscription status: Managed via Stripe to provide Premium access.
• Device ID: A hashed identifier to enforce our single-device policy.
• Diagnostics: Anonymous crash reports to improve stability.

4. Third-Party Processors

We use encrypted connections to talk to our trusted partners:

• Google Firebase: Secure authentication and cloud infrastructure. Data may be processed in the US under Standard Contractual Clauses (SCCs).
• Stripe: Payment processing. We never see your credit card data.

5. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, secure authentication, and regular security audits. However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Swedish Authority for Privacy Protection (IMY) within 72 hours and affected users without undue delay, as required by GDPR Article 33-34.

6. Data Retention & Your Rights

We store data only as long as your account is active and necessary for the purposes outlined in this policy. Tax records are kept for 7 years as required by Swedish law. Inactive accounts may be deleted after 3 years of inactivity.

Under GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data ("right to be forgotten").
• Right to Restrict Processing: Limit how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time (where applicable).

To exercise these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

7. Children's Privacy

Xyra is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child without parental consent, we will delete such information promptly.

8. International Data Transfers

Your data may be processed and stored in servers located outside the European Economic Area (EEA), including the United States. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions by the European Commission.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in-app notification at least 30 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree, you must stop using the Service and delete your account.

10. Contact & Data Protection Officer

For privacy-related inquiries, data subject requests, or to report a security concern, contact us at: