Skip to main content

Privacy Policy

Last updated: 2026-05-24

This Privacy Policy explains how Hash Technology Limited ("Aedifex", "we", "us") collects, uses, discloses, and protects information about users of aedifex.app and related services (the "Service"). We comply with the Hong Kong Personal Data (Privacy) Ordinance (PDPO) and, where applicable, the EU General Data Protection Regulation (GDPR) and the UK GDPR.

1. Scope

This policy applies to personal data we collect about visitors to our website, registered users of the Service, and individuals who contact us. It does not apply to third-party services we link to from the Service; please review their privacy policies separately.

2. Data controller

The data controller is Hash Technology Limited, a company incorporated in the Hong Kong Special Administrative Region. For all privacy enquiries, contact us at legal@aedifex.app.

3. Information we collect

Account information: name, email address, password (hashed), and authentication tokens. Profile and usage data: projects you create, files you upload, AI prompts and outputs, and editor activity needed to operate the Service. Billing data: when you subscribe, our payment processor collects card details on our behalf; we receive only billing metadata (last 4 digits, expiry, plan, transaction status). Technical data: IP address, browser type, device identifiers, language, referring URLs, and timestamps, collected via server logs and cookies. Communications: messages you send to support, sales, or legal.

4. How we use your information

We use personal data to: (a) provide and operate the Service; (b) authenticate you and secure your account; (c) bill subscriptions and prevent fraud; (d) provide customer support; (e) send service announcements and, where you have opted in, product updates; (f) improve the Service through aggregated analytics; (g) comply with legal obligations.

5. Legal basis (GDPR)

Where the GDPR applies, we rely on: contract performance (to provide the Service you signed up for), legitimate interest (to secure and improve the Service), consent (for non-essential cookies and marketing emails), and legal obligation (tax, accounting, and law enforcement requests).

6. When we share your information

We do not sell your personal data. We share it only with: service providers acting on our behalf under contractual data protection commitments (hosting, payment processing, email, analytics, AI inference); authorities when required by law or to protect our rights and users' safety; and parties to a business transfer if Aedifex is acquired or merged.

7. Sub-processors

Key sub-processors include: Cloudflare (hosting, CDN, DDoS protection, database via D1); Stripe and Airwallex (payment processing); OpenAI and Anthropic (AI inference, where you use AI features); Resend or similar (transactional email). The current list is available on request to legal@aedifex.app.

8. Data retention

We retain account and project data for as long as your account is active. After account deletion, we delete or anonymize personal data within 30 days, except where we are legally required to retain it (e.g., billing records for tax purposes, typically 7 years).

9. International transfers

We process data in Hong Kong and other jurisdictions where our sub-processors operate (including the EU, the US, and Singapore). Where personal data is transferred outside the EEA or the UK, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

10. Your rights

Depending on your location, you have the right to: access the personal data we hold about you; request correction or deletion; restrict or object to processing; data portability; withdraw consent at any time; and lodge a complaint with a supervisory authority (the Hong Kong Office of the Privacy Commissioner for Personal Data, or your local EU/UK data protection authority). To exercise these rights, email legal@aedifex.app.

11. Cookies and tracking

We use essential cookies to keep you logged in and to remember your preferences. With your consent, we use analytics cookies to understand aggregate usage patterns. You can manage cookie preferences in your browser; disabling essential cookies will impair the Service.

12. Security

We employ industry-standard safeguards including encryption in transit (HTTPS), encrypted database storage, password hashing, access controls, and regular security reviews. No system is completely secure, and you are responsible for protecting your credentials.

13. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or in-product notice at least 14 days before the change takes effect.

15. Contact

Privacy questions, data requests, or complaints should be sent to legal@aedifex.app or to Hash Technology Limited at the contact address listed on our Contact page.