Hauld

Privacy Policy

Last updated · May 14, 2026
Hauld is operated from France. Service published in English; the French version of these terms is available on request. For any question, write to contact@hauld.app.

This Privacy Policy explains what personal data Hauld collects, why we collect it, and what your rights are. Hauld is the data controller for the personal data described below. We comply with the EU General Data Protection Regulation (GDPR) and the UK equivalent.

1. Data we collect

  • Account data: your email address; if you sign up with a password, a salted password hash; if you sign in with Google, your Google account ID and basic profile (name, profile picture). We also store an opaque session cookie used to keep you signed in.
  • Designs and Outputs: any image you upload to generate a haul, plus the resulting photos. These are stored in your account so you can re-download them.
  • Billing data: when you make a purchase, Stripe collects your payment details on our behalf. Hauld never sees your full card number. We retain the customer ID, subscription ID, plan, and high-level invoice metadata.
  • Usage data: haul counts, regeneration counts, monthly and daily usage counters, timestamps of upsell impressions, and basic event analytics. We use first-party analytics on our own infrastructure.
  • Technical data: server logs (IP address, user agent, timestamps) for security and abuse prevention. These are retained for fourteen (14) days.

2. Why we collect it

  • To provide the Service (legal basis: performance of a contract).
  • To bill you and process payments (legal basis: performance of a contract).
  • To prevent fraud and abuse, and to keep our infrastructure secure (legal basis: legitimate interests).
  • To send you transactional email such as receipts and sign-in links (legal basis: performance of a contract).
  • To send you optional product updates and tips, only when you have explicitly opted in (legal basis: consent).

3. Who we share data with

Hauld relies on a small set of trusted processors. Each processor has a Data Processing Agreement with us:

  • Stripe Payments Europe Ltd. (Ireland) — payment processing, subscription billing, invoicing.
  • Amazon Web Services EMEA SARL (Luxembourg, SES service in Paris region) — sending transactional email (sign-in links, receipts, haul-ready notifications).
  • Google LLC — Gemini API — generating the lifestyle scenes from your design. Your design is sent to Gemini at generation time only and is not retained for model training.
  • Hetzner Online GmbH — our hosting provider. Hauld application servers and Postgres databases are hosted in Hetzner's Germany region.

We do not use Replicate, third-party advertising trackers, third-party analytics cookies, or remarketing pixels.

We do not sell, rent, or trade your personal data with third parties for advertising or any other purpose.

4. Data retention

  • Account data: kept for as long as your account is open.
  • Hauls and source designs: for non-subscriber accounts, each haul and its source design are deleted thirty (30) days after generation. Active subscribers retain hauls indefinitely while the subscription is open; deletion begins thirty (30) days after cancellation.
  • Server logs: fourteen (14) days.
  • Billing records: seven (7) years (legal requirement).

5. International transfers

Hauld stores its data in the EU (Germany, via Hetzner). Some of our processors (Stripe, AWS, Google) may process data in the United States. Where such transfers occur, they rely on the EU Standard Contractual Clauses or the EU–US Data Privacy Framework.

6. Your rights

Under GDPR you have the right to: access the personal data we hold about you; correct it; delete it; restrict or object to certain processing; receive a portable copy of it; and withdraw any consent you have given. You also have the right to lodge a complaint with your local data-protection authority.

To exercise any of these rights — including a Data Subject Access Request (DSAR) — email contact@hauld.app from the email address on your Hauld account. We respond within thirty (30) days.

7. Cookies

Hauld uses a small set of strictly necessary first-party cookies issued by our auth layer (better-auth) to keep you signed in and to protect against CSRF attacks. We do not use third-party advertising or tracking cookies.

8. Children

Hauld is not directed at children under sixteen (16). We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.

9. Contact

For privacy questions or to exercise any GDPR right, email contact@hauld.app. Hauld is operated from France; the data controller is reachable at the same address.