Privacy Policy

This Privacy Policy explains how uhhh.ai (“uhhh.ai,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use our desktop application, our website at uhhh.ai, and our related services (collectively, the “Service”). We offer the Service worldwide.

uhhh.ai is operated by us from Alberta, Canada. Our designated Privacy Officer is accountable for our compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and Alberta’s Personal Information Protection Act (“PIPA Alberta”). You can reach the Privacy Officer, or contact us about any other privacy matter, at support@uhhh.ai.

1. Scope

This Policy applies to all users of the Service worldwide. By using the Service, you understand that we and our service providers may process your personal information in countries other than the one where you reside, including Canada, the United States, the United Kingdom, the European Union, and other regions where our infrastructure operates. Section 7 describes the safeguards we apply to international transfers.

2. Information we collect

We collect only what we need to run the Service.

Information you give us

Account information. Your email address and an account identifier, supplied through our identity provider (Clerk) when you sign in. We never see your password — Clerk handles authentication.

Billing information. If you subscribe to Pro, our payment processor (Paddle, acting as the merchant of record) collects your payment method, billing address, and tax information. We receive only a subscription identifier, status, and the date your current period ends. We never see your card number or full payment details.

Descriptions you submit. When you ask uhhh.ai to find a word, your description leaves your device, is processed by our backend, and is sent to our AI provider (OpenAI) to generate suggestions. We do not retain the raw text of your description on our servers after the response is delivered. We keep only a salted, one-way SHA-256 hash of the description and its character length, used for caching, abuse-prevention, and usage-accounting.

Suggestions you accept (“picks”) — opt-in only. If you have turned on the community-ranking program (it is off by default), then when you accept a suggestion, we store the raw description, the word you accepted, the other suggestions you were shown, and the position of your accepted word, in an aggregate corpus. These records do not include your account identifier and are not linked back to your account. We use this corpus to improve ranking for all users and may use it to fine-tune AI models. You can turn the program off at any time in Settings → Privacy; deactivation stops new records from being created.

Voice input. If you use the optional voice feature, audio is transcribed to text entirely on your device using a speech-to-text model. The audio never leaves your machine. The resulting text, if you submit it as a pick, follows the paths described above.

Communications. If you contact us at support@uhhh.ai or through the Service, we receive the contents of your message and any information you include.

Information we automatically collect

Device and usage information. A device identifier (a random UUID generated locally on your device the first time you sign in), the application version, operating system, basic usage counters (number of picks in the current Free-tier window), and timestamps. We use these to enforce Free-tier limits, diagnose problems, and improve quality.

Diagnostic information (opt-in only). If you opt in to crash reporting, we collect scrubbed crash reports and error traces through our processor Sentry. Crash messages are length-capped and scrubbed for known sensitive patterns (including descriptions, emails, and tokens) before transmission. Off by default.

Server and edge logs. Our backend retains short-lived edge logs (request method, status code, IP-derived region, basic timing) for security, abuse detection, and operational diagnostics. These are deleted on a rolling 30-day basis.

Website and cookies. The website uses the minimum cookies necessary to sign you in and to remember your preferences. We do not use advertising or cross-site-tracking cookies. See Section 13 for details.

What we do not collect

To be specific:

• We do not collect the raw text of your descriptions after the inference response is delivered, except in the opt-in community-ranking case described above.
• We do not collect audio recordings.
• We do not read your clipboard, screen contents, files, or keystrokes outside of the pick capture flow you trigger.
• We do not collect contents from other applications on your device.

3. How we use your information

We use the information described above to:

• provide, operate, and maintain the Service, including authenticating you, returning suggestions, and enforcing tier limits;
• process payments, manage subscriptions, and prevent payment fraud, through our processor Paddle;
• improve the Service, including (where you have opted in) improving ranking and fine-tuning the AI models we use;
• diagnose problems and protect the security of our users and our infrastructure;
• communicate with you about service-related matters (account, billing, security, material changes to this Policy or our Terms);
• enforce our Terms of Use and prevent abuse;
• comply with legal obligations and respond to lawful requests.

We do not use your information for marketing email without your separate consent. We do not use your information for cross-context behavioural advertising.

4. Legal bases for processing (EEA, United Kingdom, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, our legal bases under the GDPR, the UK GDPR, or the Swiss FADP, as applicable, are:

• Contract. To provide the Service you have requested and to process subscriptions.
• Legitimate interests. To secure the Service, prevent abuse, diagnose problems, and improve quality. We have weighed these interests against your rights and consider them not to override yours, given the limited and pseudonymous nature of the data involved.
• Consent. For the opt-in community-ranking program, the opt-in crash reporting, and any future marketing communications. You may withdraw consent at any time without affecting prior lawful processing.
• Legal obligation. Where required to comply with laws applicable to us.

5. Service providers (“sub-processors”)

We rely on the following providers to operate the Service. Each is contractually bound to use your information only to provide their service to us, and each was selected for security and privacy practices appropriate to its function.

We may disclose information when required by law, in response to lawful process, to enforce our Terms, or to protect our rights, property, or safety, or those of our users.

In the event of a merger, acquisition, or sale of substantially all our assets, your personal information may be transferred to the successor entity, subject to this Policy or a successor with equivalent protections.

6. We do not sell or share personal information

We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising. We do not use sensitive personal information for any purpose beyond what is necessary to provide the Service.

7. International transfers

Our infrastructure and the providers in Section 5 operate in several countries, including the United States, the United Kingdom, the European Union, and global edge locations. Where required, we rely on appropriate safeguards including:

• The European Commission’s Standard Contractual Clauses (2021/914) and the UK International Data Transfer Addendum for transfers from the EEA and the United Kingdom.
• The Swiss equivalent of the SCCs for transfers from Switzerland.
• For transfers of personal information about Quebec residents outside Quebec, we conduct privacy-impact assessments and put contractual safeguards in place, as required by Law 25.

8. Retention

We retain personal information only for as long as we need it for the purposes described in this Policy.

• Account information: while your account is active. Deleted when you delete your account (see Section 9).
• Billing records: for the period required by Canadian tax and financial-record retention laws (typically up to seven years).
• Hashed-description usage counters: while your account exists. Deleted when you delete your account.
• Server and edge logs: 30 days, rolling.
• Community-ranking corpus (opt-in only): retained as an aggregate corpus. Because these records do not contain your account identifier, they cannot be linked back to your account and are not deleted when you delete your account. New records stop being created when you turn the program off or delete your account. If you have reason to believe a specific record contains self-identifying content you want removed, contact us at support@uhhh.ai and we will investigate.
• Crash reports (opt-in only): retained for the period set by Sentry’s default policy (currently 90 days).
• Backups: rotated and overwritten in the ordinary course (typically up to 30 days).

Anonymised or aggregated information that cannot reasonably be linked to you may be retained for analytics, capacity planning, and Service improvement.

9. Account deletion

You can delete your account at any time from Settings → Account → Delete account. When you do, we:

1. cancel your active subscription (if any) immediately, through Paddle;
2. delete your identity record at our identity provider (Clerk); and
3. delete your account row and associated device records from our database.

Past records in the opt-in community-ranking corpus are not linked to your account identifier and are not selectively deleted, as explained in Section 8. Backups containing residual references are overwritten in the normal rotation.

Separately, our desktop application includes a “Forget everything” control in Settings → Data that wipes the on-device data store, including your cached suggestions and personal vocabulary. This action affects only your device and does not affect your account or billing.

10. Your rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you and obtain a copy.
• Correct inaccurate or incomplete information.
• Delete your account and associated personal information.
• Restrict or object to certain processing.
• Portability — receive your information in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing.
• Lodge a complaint with a supervisory authority.

To exercise your rights, contact us at support@uhhh.ai. We may need to verify your identity before completing your request. We will respond within the time required by applicable law (typically 30 days for GDPR and PIPEDA, and 45 days for US state privacy laws, with one extension where permitted).

11. Security

We protect the Service with TLS 1.3 for all app-to-backend traffic, certificate pinning, one-way hashing of identifiers and descriptions where they are stored, encryption of on-device data at rest using OS-keychain-held keys, code-signed releases with cryptographic update verification, least-privilege access controls, and rate limiting. We retain only what we need, for only as long as we need it. No method of transmission or storage is perfectly secure, but we work to limit what we hold in the first place.

12. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children below that age. If you believe we have collected information from a child, contact us at support@uhhh.ai and we will delete it.

13. Cookies and similar technologies

The website uses only the cookies necessary to sign you in and to remember your preferences. We do not use advertising, analytics-tracking, or cross-site cookies. The desktop application does not use web cookies; it stores limited local state (your account session, settings, and the on-device cache described in Section 9) on your device using your operating system’s standard mechanisms.

14. Do Not Track signals

There is no industry-standard interpretation of “Do Not Track” browser signals, and we do not respond to them. We do not track you across other websites or services in the first place.

15. Region-specific disclosures

Depending on where you reside, additional privacy rights apply.

Canada — Federal (PIPEDA)

If you are in Canada, you have the rights described in Section 10 under PIPEDA. You may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Alberta — PIPA Alberta (our home jurisdiction)

In addition to your PIPEDA rights, if you are a resident of Alberta you have rights under the Personal Information Protection Act (Alberta), including the right to be notified of an incident affecting your personal information that we determine creates a “real risk of significant harm” to you. You may file a complaint with the Office of the Information and Privacy Commissioner of Alberta at oipc.ab.ca. Our Privacy Officer is accountable for our compliance with PIPA Alberta.

Quebec — Law 25

If you are a resident of Quebec, in addition to the rights above, you have rights under the Act respecting the protection of personal information in the private sector (“Law 25”), including the right to:

• be informed of the categories of personal information we collect, the purposes for which we use it, the categories of persons within our organization who have access to it, and the duration of retention;
• receive your personal information in a structured, commonly used technological format and to have it transmitted to another person or entity (data portability);
• have automated processing that produces legal effects on you reviewed by a human (we do not currently use automated processing to make legal or similarly significant decisions about you);
• file a complaint with the Commission d’accès à l’information du Québec at cai.gouv.qc.ca.

We will notify affected individuals and the Commission d’accès à l’information without undue delay of any confidentiality incident that presents a risk of serious injury, as required by Law 25.

British Columbia — BC PIPA

If you are a resident of British Columbia, in addition to your PIPEDA rights you have rights under the Personal Information Protection Act (British Columbia) and may file a complaint with the Office of the Information and Privacy Commissioner for British Columbia at oipc.bc.ca.

European Economic Area, United Kingdom, and Switzerland

If you are in the EEA, UK, or Switzerland, we process your personal information as a “controller” under the GDPR, UK GDPR, or Swiss FADP, as applicable. Our legal bases are set out in Section 4 and your rights are set out in Section 10.

When we transfer personal information from the EEA, UK, or Switzerland to a country that has not been recognised as providing an adequate level of protection, we rely on the European Commission’s Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum, or the Swiss equivalent, as applicable. You may lodge a complaint with your local supervisory authority (for example, the UK Information Commissioner’s Office, the CNIL in France, the BfDI in Germany, or the FDPIC in Switzerland).

At our current scale we have not appointed a separate EU or UK representative; our Privacy Officer is the single point of contact for all GDPR matters.

United States — California, Colorado, Connecticut, Utah, Virginia, and similar state laws

If you are a resident of a US state with applicable privacy legislation, you may have the right to know, access, correct, delete, and opt out of the “sale” or “sharing” of personal information for cross-context behavioural advertising. We do not sell personal information and we do not share personal information for cross-context behavioural advertising. We do not use sensitive personal information for any purpose beyond what is necessary to provide the Service. You may designate an authorised agent to act on your behalf. We will not discriminate against you for exercising your rights.

Nevada

Nevada residents have the right under Nevada Revised Statutes Chapter 603A to opt out of the sale of certain personal information. We do not sell your personal information as defined in that statute.

Australia, Brazil, and other jurisdictions

If you are located in Australia (Privacy Act 1988), Brazil (LGPD), or any other jurisdiction with applicable privacy legislation, you may have similar rights to those described above. Contact us at support@uhhh.ai to exercise them.

16. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will notify you by email or in the application before the change takes effect. The “Last updated” date at the top reflects the most recent revision.

17. Contact us

For any privacy question, to exercise your rights, or for general support:

Email: support@uhhh.ai

Our Privacy Officer is the single point of contact for all data protection matters and is accountable for our compliance with PIPEDA and PIPA Alberta.