Home › Privacy Policy · Wersja polska

Privacy Policy

Last updated: 3 July 2026 · Applies to the Hutchlet app, this website, and e-mail correspondence.

1. Data controller

The controller of personal data within the meaning of Regulation (EU) 2016/679 (GDPR) is:

Actuna Sp. z o.o.
ul. Mściwoja II 28A, 83-300 Kartuzy, Poland
KRS 0000522912 · NIP 5892014912 · REGON 222160269

Contact in all matters concerning personal data: rodo@actuna.pl. A Data Protection Officer has not been appointed; the contact point is the management board via the address above.

2. Scope of this policy

This policy covers three separate contexts, described in turn below:

  • the Hutchlet app — installed and running on your Mac;
  • this website (hutchlet.actuna.com);
  • e-mail correspondence with us.

3. The Hutchlet app — no data reaches Actuna

Hutchlet processes everything locally, on your Mac. The app has no servers, no user accounts and no sign-in, contains no analytics, telemetry, advertising or tracking components, and the Mac App Store build ships without any networking entitlement, so it cannot make network connections at all. Clipboard history, snippets and secrets are stored only on your device; secrets are additionally encrypted (AES-256-GCM) with a key protected by the Secure Enclave / Keychain and unlocked with Touch ID.

Actuna does not receive, and has no access to, any data processed by the app. With respect to the contents of your clipboard, Actuna is not a data controller — this data never leaves your device. The app is not directed at children and collects no personal data from anyone.

If you purchase Hutchlet in the Mac App Store, or opt in to sharing diagnostics and crash reports with Apple in macOS settings, that data is processed by Apple (Apple Distribution International Ltd. / Apple Inc.) as an independent data controller, under Apple's privacy policy. Actuna does not receive that data.

A technical, app-focused summary of the above (with implementation details) is maintained in the source repository as PRIVACY.md; the app is source-available so these statements can be independently audited.

4. This website

The website hutchlet.actuna.com is a static site. It uses no cookies, no analytics and no trackers, and it loads no third-party scripts, fonts or embeds.

Like any website, it is served by a hosting provider whose servers automatically record server logs, including the visitor's IP address, request time, requested URL and browser identification (user agent). This data is processed for the purpose of delivering the site and ensuring its security and stability — the legal basis is the controller's legitimate interest (Art. 6(1)(f) GDPR). Server logs are kept for the period set by the hosting provider's policy and are not used to identify visitors.

The site stores a single value in your browser's localStorage (key hutchlet-theme) holding your light/dark theme preference. It is functional only, never leaves your browser and is not transmitted to Actuna; you can remove it at any time by clearing site data in your browser.

5. E-mail correspondence

When you write to us, we process your e-mail address, the contents of your message and any data you include in it:

  • rodo@actuna.pl — data-subject requests and privacy matters; legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR);
  • security@actuna.pl — vulnerability reports (coordinated disclosure); legal basis: legitimate interest in the security of our products (Art. 6(1)(f) GDPR);
  • tech@actuna.pl — support, licensing and general enquiries; legal basis: performance of a contract or steps prior to entering one (Art. 6(1)(b) GDPR) or legitimate interest in handling enquiries (Art. 6(1)(f) GDPR).

Providing your data is voluntary and is not a statutory or contractual requirement; however, without an e-mail address we will not be able to reply to your message.

6. Recipients of data

Personal data described above may be disclosed only to entities that support our operations: the website hosting provider (server logs) and our e-mail service provider (correspondence). Apple acts as an independent controller as described in section 3. We do not sell personal data and do not share it for marketing purposes.

7. Transfers outside the EEA

Our hosting or e-mail providers may process data in countries outside the European Economic Area, including the United States. In such cases the transfer takes place under safeguards provided for by the GDPR — an adequacy decision of the European Commission (including the EU–U.S. Data Privacy Framework, where the provider is certified) or standard contractual clauses. Details are available on request at rodo@actuna.pl.

8. Data retention

  • App data — stored solely on your device and entirely under your control; deleting entries or uninstalling the app removes it. Actuna holds nothing.
  • Website server logs — retained for the period set by the hosting provider; Actuna does not maintain a separate copy.
  • Correspondence — kept for as long as needed to handle the matter and afterwards for as long as claims may be raised, no longer than the statutory limitation periods.

9. Your rights

With regard to personal data we process (website logs, correspondence), you have the right to: access your data and obtain a copy (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and to object to processing based on legitimate interest (Art. 21). Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, write to rodo@actuna.pl. We respond within one month of receiving the request.

Right to object (Art. 21 GDPR). Where we process personal data on the basis of legitimate interest — website server logs and correspondence sent to security@actuna.pl or tech@actuna.pl — you have the right to object at any time, on grounds relating to your particular situation, by writing to rodo@actuna.pl. We will then no longer process that data unless we demonstrate compelling legitimate grounds overriding your interests, rights and freedoms, or the data is needed to establish, exercise or defend legal claims.

10. Complaint to the supervisory authority

You have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warszawa, Poland — uodo.gov.pl.

11. No automated decision-making or profiling

We do not make automated decisions producing legal effects and we do not profile users. The app's on-device classification of sensitive clipboard entries is performed with deterministic rules, locally, and its results are never visible to Actuna. Neither the app nor the website uses artificial-intelligence systems.

12. Changes to this policy

Material changes to this policy will be published on this page with an updated date at the top.