Privacy Policy

Effective Date: March 12, 2026

Knauken AS (Org. nr. 925584649) ("we", "our", "us") built the Twinkle Timer app and web service as a Commercial service. This Privacy Policy applies to your use of the Twinkle Timer app and web service and outlines how we, as a company, handle your data and protect your privacy.

Data Controller:
Knauken AS
Organization Number: 925584649
Email: help@hauken.io

Information Collection and Use

What We Collect

We do not collect any personal information. All data we store is anonymous and cannot be used to identify you.

Exactly What We Store in Our Database

Here is a complete list of all data we store about you:

  • User ID — A random identifier (e.g., abc123-def456)
  • Credit Balance — How many credits you have remaining (a number)
  • Transaction IDs — Purchase receipt identifiers to prevent duplicate charges (auto-deleted after 90 days)
  • Purchase Flag — Whether you've ever purchased credits (yes/no)
  • Family ID — Your family identifier (iOS app only, for family sharing)
  • CloudKit User ID — Links your family to your Apple iCloud account (iOS app only)
  • Free Credits Claimed — Which family claimed your one-time free credits (iOS app only)

That's it. We store nothing else. No names, no emails, no photos, no device information, no usage patterns, no tracking data.

What We Process (But Don't Store)

  • Photos: Transmitted to AI providers (Google Gemini or OpenAI) for processing. We never save them. They are discarded immediately after generation.
  • Generated Images: Returned to your device. We do not store them. They are saved locally on your device or in your private iCloud account (iOS app only).
  • Service Logs: We log API requests and errors (timestamps, success/failure, error messages) for debugging. Logs contain only your anonymous user ID and technical details.

You Are Completely Anonymous

We cannot identify who you are. Your user ID is a random UUID (e.g., abc123-def456-...) that is not connected to your name, email, phone number, device ID, IP address, or any other personal information. Unless you voluntarily share your user ID with us, you remain completely anonymous.

Important: We Never See Your Photos

We do not see, store, or have access to any of the photos you upload or the images generated by our AI providers. Your photos are sent directly from your device to the AI service (Google Gemini or OpenAI) through our secure infrastructure. We act only as a secure intermediary - we never save, view, or access your photos or generated images on our servers. All generated images are stored locally on your device or in your private iCloud account (if using family sharing).

How We Use Your Data

  • Photos are processed solely to generate AI images as part of the core app functionality
  • Your anonymous user ID and credit balance are essential for the service to function
  • Service logs help us debug issues and maintain service reliability
  • Family sharing data allows you to share profiles and images with family members (iOS app only)

Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract: Processing your photos, user ID, and credit balance is necessary to fulfill our contract with you to provide the image generation service
  • Legitimate Interest: We process service logs and crash reports based on our legitimate interest in maintaining service reliability and fixing technical issues

No consent required: Since we only collect data essential for the service to function, and you remain anonymous, there is no separate consent mechanism for data collection. By using the service, you agree to this minimal data processing.

International Data Transfers

Your photos are processed by AI providers whose servers may be located outside the European Economic Area (EEA), including:

  • Google Gemini: Data may be processed on Google's global infrastructure
  • OpenAI: Data may be processed on OpenAI's servers in the United States

These transfers are protected by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, or adequacy decisions. Your photos are transmitted securely and are not retained by us or the AI providers after processing is complete.

Third-Party Services

To provide and improve our service, we use the following third-party services:

Google Gemini (Primary AI Provider)

We use Google's Gemini API to generate AI images from your photos. When you use the image generation feature:

  • Your photo is sent to Google's servers for processing
  • Generated images are returned to our service
  • Google's data handling is governed by their privacy policy

Review Google's privacy practices: Google Privacy Policy

OpenAI (Fallback AI Provider)

If Google Gemini is unavailable, we use OpenAI's API as a fallback for image generation. The same data processing applies as with Gemini.

Review OpenAI's privacy practices: OpenAI Privacy Policy

PostHog (Logging)

We use PostHog to log service events and errors. This includes:

  • API request logs (timestamps, success/failure status)
  • Error logs for debugging purposes
  • Credit balance changes
  • All data is associated only with your anonymous user ID
  • No behavioral tracking, usage analytics, or user profiling

Review PostHog's privacy practices: PostHog Privacy Policy

Vercel (Hosting & Infrastructure)

Our web service and API are hosted on Vercel. Vercel may process technical data such as IP addresses and request logs for infrastructure purposes.

Review Vercel's privacy practices: Vercel Privacy Policy

RevenueCat (Purchase Processing - iOS App Only)

For iOS app users, we use RevenueCat to process credit purchases through the Apple App Store. RevenueCat handles:

  • Verifying purchases with Apple
  • Delivering transaction receipts to our backend
  • Managing purchase history

RevenueCat receives your Apple App Store purchase data (transaction ID, product ID, receipt) to enable credit delivery. This data is not linked to your personal identity by RevenueCat or by us. We only receive a webhook notification with the transaction ID and your anonymous user ID.

Review RevenueCat's privacy practices: RevenueCat Privacy Policy

Apple CloudKit (Family Sharing)

If you use family sharing features, profile and image data are stored in your private iCloud account via CloudKit. This data is encrypted and controlled by Apple's privacy policies.

Review Apple's privacy practices: Apple Privacy Policy

Data Retention

We retain data only as long as necessary to provide the service:

  • Photos: Not permanently stored by us. Transmitted to AI providers for processing and immediately discarded.
  • Generated Images: Stored in your iCloud account (if using family sharing in iOS app) or locally on your device. We do not store generated images on our servers.
  • User ID and Credit Balance: Retained indefinitely as long as you use the service. You can request deletion by contacting us (you will lose your credits).
  • Service Logs: Retained for operational purposes (debugging, reliability monitoring). Logs are periodically purged according to our retention schedule.

To delete your user ID and all associated data, contact us at help@hauken.io with your user ID. Note that deletion will result in loss of your credit balance and you will no longer be able to use the service with that ID.

Error Logging

When errors occur (API failures, timeouts, etc.), we log error details to help us improve the service. These logs include:

  • Your anonymous user ID
  • Timestamp of the error
  • Error type and message
  • API endpoint that failed
  • No personal information, photos, or generated images are included in error logs

If you use the iOS/Android app, crash reports may be collected by Apple/Google according to your device settings and their privacy policies.

Children's Privacy (COPPA Compliance)

Twinkle Timer is designed for parents and caregivers to use with children under their supervision. We do not knowingly collect personal information directly from children under 13 years of age. The service must be used by a parent or legal guardian who is at least 13 years old. Parents have full control over what photos are uploaded and processed.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we may have collected information from a child under 13, please contact us at help@hauken.io.

Security

We are committed to protecting your privacy and security:

  • Photos are transmitted securely over HTTPS
  • We do not permanently store your photos on our servers
  • Family sharing data is encrypted in iCloud
  • We use industry-standard security practices

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, you have the following rights. However, because you are completely anonymous and we collect minimal data essential for the service, some rights may be limited:

  • Right of Access: You can request a copy of the data we hold about your anonymous user ID. However, since you are anonymous, you would need to provide us with your user ID to retrieve this data.
  • Right to Rectification: You can ask us to correct inaccurate data, though we only store your credit balance and service logs
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your user ID and associated data by contacting us. Note that this will result in loss of your credit balance.
  • Right to Restrict Processing: You can ask us to limit how we use your data, but this may prevent the service from functioning
  • Right to Data Portability: You can request your data (user ID and credit balance) in a structured, machine-readable format
  • Right to Object: You can object to processing, but since we only process data essential for the service, this may prevent you from using the service
  • Right to Lodge a Complaint: You can file a complaint with your local data protection authority

To exercise any of these rights, please contact us at help@hauken.io and provide your user ID. We will respond to your request within 30 days.

Important: Since we cannot identify you without your user ID, and your ID is not linked to any personal information, you have strong privacy protection by default. The only way we can access your data is if you voluntarily share your user ID with us.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). However, CCPA primarily applies to "personal information" that identifies you. Since we only collect anonymous user IDs that cannot be linked to your identity, CCPA protections are largely not applicable:

  • Right to Know: We collect only your anonymous user ID, credit balance, and service logs. This data cannot identify you personally.
  • Right to Delete: You can request deletion of your anonymous user ID by contacting us (note: you will lose your credit balance)
  • Right to Opt-Out of Sale: We do not sell your data. Period.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

We do not sell your information to third parties. We do not share your data with anyone except our essential service providers (Google Gemini, OpenAI, Vercel) for the sole purpose of providing the image generation service.

AI Provider Data Handling

When you use the image generation feature, your photos are sent to our AI providers (Google Gemini or OpenAI). Important details:

  • Retention: According to Google and OpenAI policies, photos submitted through their APIs are not retained after processing is complete. They are used only to generate the requested image.
  • Training: Your photos are not used to train AI models. Both Google and OpenAI have committed that API requests are not used for model training.
  • Processing Time: Your photo is in transit for only the time required to generate an image (typically 5-30 seconds).
  • Encryption: All data is transmitted over encrypted HTTPS connections.

For more details, please review the privacy policies of Google and OpenAI.

Data Breach Notification

In the unlikely event of a data breach that affects your personal data, we will:

  • Notify you within 72 hours of becoming aware of the breach
  • Inform you about the nature of the breach and the data affected
  • Advise you on steps you can take to protect yourself
  • Report the breach to the relevant data protection authorities as required by law

Given that we do not store your photos on our servers, the risk of a photo data breach from our systems is minimal.

Cookies and Tracking

The Twinkle Timer service does not use cookies or tracking technologies for behavioral analytics or advertising. We do not track your usage patterns, build user profiles, or monitor your activity across websites. The only data we collect is what's essential for the service to function: your anonymous user ID, credit balance, and service logs.

Links to Other Sites

The Twinkle Timer app or web service may include links to third-party websites. If you click on an external link, you will leave our app or website and be directed to the third-party's site. We are not responsible for the content, privacy policies, or practices of those websites, so we encourage you to review their privacy policies.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. You are advised to review this policy periodically for any changes. Any updates will be posted on this page.

Contact Us

If you have any questions or suggestions about this Privacy Policy, please contact us at:

Knauken AS
Email: help@hauken.io

This policy is effective as of March 12, 2026.

← Back to Home