Privacy Policy

1. Who we are

Ianura Research Initiative (“Ianura”, “we”, “us”).

Data controller: Corneliu Moisei

Contact: cornelius@ianura.com

2. What we collect

• Email address — for account creation and communication
• Password — hashed with bcrypt, never stored in plaintext
• Rules and constraints — that you upload or create
• Analysis results — generated from your rules
• Payment information — processed by Stripe; we do not store card numbers
• Usage data — pages visited, analyses run, features used
• IP address and browser information — from server logs

3. Why we collect it

• Email + password: to authenticate you
• Rules + results: to provide the analysis service
• Payment info: to process billing (via Stripe)
• Usage data: to improve the service and diagnose issues

Legal basis: Contract performance (Art. 6(1)(b) GDPR) for account and service data. Legitimate interest (Art. 6(1)(f)) for usage data and service improvement.

4. Who we share it with

• Stripe — payment processing (stripe.com/privacy)
• Hetzner — hosting infrastructure, Germany
• No one else. We do not sell data. We do not use data for advertising. We do not share data with AI training pipelines.

5. Where we store it

Data is stored on servers in Germany (Hetzner, EU). Encrypted at rest. TLS in transit. No data transferred outside the EU/EEA except to Stripe (US, under the EU-US Data Privacy Framework).

6. How long we keep it

• Account data: until you delete your account
• Analysis data: until you delete the analysis or your account
• Server logs: 90 days
• Payment records: 7 years (UK tax law requirement)

7. Your rights (GDPR)

You have the right to:

• Access your data
• Correct inaccurate data
• Delete your data (“right to be forgotten”)
• Export your data in machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent (where applicable)
• Lodge a complaint with the ICO (ico.org.uk)

To exercise any right, email cornelius@ianura.com. We respond within 30 days.

8. Cookies

• Session cookie — for authentication. Essential; no consent required.
• No analytics cookies.
• No advertising cookies.
• No third-party tracking.

9. Children

The service is not directed at anyone under 18. We do not knowingly collect data from children.

10. Changes

We may update this policy. Material changes will be notified by email. The last updated date is shown at the top of this page.

11. Contact

Corneliu Moisei
cornelius@ianura.com