Privacy Policy for Hugrik
Effective date: July 5, 2025
Last updated: July 5, 2025
1. Who we are
Hugrik is based in Sweden. For privacy-related inquiries, contact us at hello@hugrik.com.
2. What data we collect
We collect the following personal data:
- Full name
- Username
- Email address
- Password (stored securely as a cryptographic hash)
We also use essential cookies to maintain your login session and the functioning of the site.
Authentication is handled via Auth0 (a third-party identity provider). During sign-in, your email address and device information (such as IP address and user agent) may be processed by Auth0 to verify your identity.
To prevent abuse and ensure fair use, we apply anonymous rate-limiting techniques based on hashed network identifiers (e.g. IP address). These identifiers are not stored in a form that allows us to identify users.
We use self-hosted analytics software (Umami) to gather anonymous usage data to improve our product. This software does not use cookies or store personal data. All information is aggregated and anonymized before storage.
Core user data related to your account (such as application usage and preferences) is stored securely on infrastructure located in Sweden. Authentication credentials (e.g., email and password) are processed and securely stored by our authentication provider, Auth0, which may operate servers outside the EEA. We do not store or process your password directly. Authentication is managed entirely by Auth0, which uses industry-standard cryptographic protections for credential storage.
3. How we use your data
| Purpose | Legal Basis |
|---|---|
| To provide our services | Contractual necessity |
| To authenticate your account | Contractual necessity |
| To secure our platform | Legitimate interest |
| To communicate service updates | Legitimate interest |
| To send notification emails relating to user subscriptions | Consent and contractual necessity |
| To send marketing emails | Consent |
4. Your rights under GDPR
If you are located in the European Economic Area (EEA), you have the following rights:
- Access your personal data
- Request correction or deletion of your data
- Object to or restrict our processing of your data
- Request data portability
- Withdraw consent at any time (for consent-based processing)
- Lodge a complaint with your local data protection authority
5. International data transfers
Some of our third-party service providers are located outside the European Economic Area (EEA). For example, we use Auth0 (based in the United States) to manage user authentication. We use Vercel as a hosting platform, and some functions potentially processing personal data may be executed on servers in the United States. Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and industry-standard data protection measures in line with GDPR requirements.
6. Data retention
We retain your personal data only as long as necessary to fulfill the purposes described above, unless a longer retention period is required by law. You may request deletion of your data by contacting us.