NPCore

Privacy Policy

Last updated: March 12, 2026

1. Data Controller

HiveTech OÜ (registry code: 16591569, registered address: Sääse tn 10-50 Tamsalu linn, Tapa vald Lääne-Viru maakond 46105) is the data controller for personal data processed in connection with the NPCore service.

Contact: siim.teresk@gmail.com

2. Personal Data We Collect

  • Account data: Name, email address, password (hashed)
  • Usage data: API usage, credit consumption, games and NPC configurations, prompt logs and metadata
  • Payment data: Processed by Stripe (we do not store full card numbers). We receive payment confirmation and transaction IDs.
  • Technical data: IP address, browser type, session information when you use our web interface

3. Legal Basis and Purposes

We process your data on the following legal bases (GDPR Article 6):

Purpose Legal basis
Account creation, authentication, Service provisionContract (Art. 6(1)(b))
Email verificationContract
Billing and payment processingContract
Sending transactional emails (e.g. verification)Contract
Improving the Service, security, fraud preventionLegitimate interest (Art. 6(1)(f))
Compliance with legal obligationsLegal obligation (Art. 6(1)(c))

4. Data Retention

  • Account data: Retained while your account is active and for a reasonable period after closure for legal and compliance purposes
  • Usage and prompt logs: Retained as needed for Service operation and billing; may be anonymised or deleted after a defined period
  • Payment records: Retained as required by Estonian accounting and tax law (typically 7 years)

5. Data Processors

We use the following processors (sub-processors) that may process your data:

  • Stripe – Payment processing (EU/US)
  • Hosting provider – Server infrastructure (specify your provider, e.g. EU region)
  • Email service – Transactional emails (Laravel Mail / your provider)

We ensure processors provide adequate safeguards (e.g. standard contractual clauses, GDPR compliance).

6. Your Rights

Under GDPR, you have the right to:

  • Access – Obtain a copy of your personal data
  • Rectification – Correct inaccurate data
  • Erasure – Request deletion ("right to be forgotten") where applicable
  • Restriction – Limit processing in certain circumstances
  • Portability – Receive your data in a structured, machine-readable format
  • Object – Object to processing based on legitimate interests
  • Withdraw consent – Where processing is based on consent
  • Complain – Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

To exercise these rights, contact us at siim.teresk@gmail.com.

7. Security

We implement appropriate technical and organisational measures to protect your data (encryption, access controls, secure hosting).

8. International Transfers

Where we transfer data outside the EEA, we ensure appropriate safeguards (e.g. adequacy decisions, standard contractual clauses).

9. Changes

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice in the Service.

10. Contact

For questions or to exercise your rights: siim.teresk@gmail.com

Back to registration