Privacy Policy

This Privacy Policy explains how eSoftver d.o.o. ("RaicoHub", "we", "our", "us") processes personal data in connection with the RaicoHub website (raicohub.com) and the RaicoHub desktop application (collectively, the "Service"). It is written to comply with the EU General Data Protection Regulation 2016/679 ("GDPR"), the UK GDPR, the Serbian Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti, "LZPL"), and the California Consumer Privacy Act as amended by the CPRA ("CCPA").

1. Who we are

The data controller responsible for processing your personal data is:

• Company: eSoftver d.o.o.
• Registered address: Bavaništanski put 334, 26000 Pančevo, Republic of Serbia
• Tax ID (PIB): 113339582
• Email: podrska@esoftver.rs

We have not appointed a Data Protection Officer because we are not legally required to do so. You may direct all privacy questions to the email address above.

2. Scope

This Policy covers personal data collected through:

• The marketing website at raicohub.com (and its language subpaths).
• Online forms (contact, waitlist).
• The RaicoHub desktop application installed on your device.
• Voice and screen-share data routed through our backend services to AI model providers.
• Email correspondence you send to us.

It does not cover third-party websites or services we link to. Their privacy practices are governed by their own policies.

3. Data we collect

3.1 Information you provide directly

Category	Examples	Source
Contact data	Name, email address, message body	Contact form
Waitlist data	Email address, plan of interest	Waitlist form
Account data	Email, hashed password, organization name	Future account registration (when launched)
Support correspondence	Anything you tell us by email	Email to podrska@esoftver.rs

3.2 Information collected automatically

Category	Details	Source
Server log data	IP address, user-agent, requested URL, referrer URL, timestamp, response code	Apache web-server logs (kept for security & abuse prevention)
Download telemetry	The platform you downloaded for (windows / mac), IP address, user-agent	Sent to our backend when you click a download button (only if analytics consent is granted)
Analytics	Pageviews, approximate location (country level), device type, anonymized IP — only when you grant analytics consent	Google Analytics 4 (loaded after consent)
Local preferences	Your chosen language (key raicohub_lang)	localStorage in your browser; never transmitted to us

3.3 Data collected by the desktop application

When you use the RaicoHub desktop app:

• Microphone audio — captured locally and streamed in real time to our backend, then to the AI provider you selected, only while you have an active "live" session.
• Screen frames — captured locally and streamed for AI analysis only while you explicitly start a screen-share session and select the window or display to share.
• Code-watcher diffs — when you enable a project for code-watch, file diffs are computed locally and may be sent to your AI provider.
• Hardware fingerprint — a non-reversible hash of stable hardware identifiers used to bind a device to your account (anti-fraud).
• Session metrics — start/stop time, active seconds, and platform, used solely for plan-quota enforcement.

The desktop app does not capture keystrokes outside of a live session, does not read files outside the folders you explicitly enable for code-watch, and does not stream microphone or screen data unless you explicitly start the corresponding session.

4. Purposes & legal bases

Purpose	Legal basis (GDPR Art. 6)
Operate the website and deliver content you request	Legitimate interests (Art. 6(1)(f)) — running our service
Reply to your contact / waitlist enquiry	Legitimate interests & pre-contractual measures (Art. 6(1)(b) and (f))
Provide the desktop app: voice, screen-share, AI orchestration	Performance of a contract (Art. 6(1)(b))
Quota enforcement, billing (when paid plans launch)	Performance of a contract (Art. 6(1)(b))
Security, abuse prevention, fraud detection	Legitimate interests (Art. 6(1)(f))
Analytics & product improvement	Consent (Art. 6(1)(a)) — only after you accept analytics cookies
Legal compliance (e.g. tax records, court orders)	Legal obligation (Art. 6(1)(c))

5. Third parties & processors

We use a small number of carefully chosen processors. We share only the minimum data required and bind every processor by a written data-processing agreement.

Processor	Role	Data shared	Location
Google LLC ("Gemini Live API")	AI model provider for voice + screen analysis	Audio stream, screen frames, prompts during a live session	USA / EU (regional)
Google Ireland Limited ("Google Analytics 4")	Website analytics — loaded only after consent	Anonymized IP, pageviews, approximate country, device	USA / EU
Hetzner / OVH (or equivalent EU host)	Server infrastructure for app.raicohub.com	All website & backend traffic (encrypted in transit)	Germany / EU
GitHub, Inc.	Distribution of the macOS installer	Standard download server logs (IP, user-agent)	USA

We never sell your personal data and never share it for cross-context behavioural advertising.

6. International transfers

Some of our processors (notably Google for AI inference and analytics, and GitHub for distribution) are based in the United States. When personal data is transferred outside the European Economic Area / Serbia, we rely on:

• The EU Standard Contractual Clauses (Commission Decision 2021/914) where applicable; and
• The EU–US Data Privacy Framework for processors that have self-certified to it; and
• Supplementary technical measures (encryption in transit, anonymized IPs, minimal data sharing).

You can request a copy of the safeguards we use by emailing us.

7. Retention

Data	Retention period
Contact / waitlist email	Until your request is resolved + 12 months, then deleted
Server access logs	30 days, then rotated out
AI session audio / screen frames	Not stored by us — streamed live to the AI provider and discarded after the session
Session metrics (active seconds, timestamps)	For the duration of your account, plus the period required for tax/accounting (10 years under Serbian law for invoices)
Cookie consent record	13 months in your browser, then we re-prompt

8. Your rights

Subject to the limits set by applicable law, you have the right to:

1. Access the personal data we hold about you (GDPR Art. 15).
2. Rectify inaccurate or incomplete data (Art. 16).
3. Erase your data where one of the grounds in Art. 17 applies ("right to be forgotten").
4. Restrict processing (Art. 18).
5. Data portability — receive your data in a structured, commonly used format (Art. 20).
6. Object to processing based on legitimate interests, including profiling (Art. 21).
7. Withdraw consent at any time, where processing is based on consent (Art. 7(3)). Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
8. Lodge a complaint with a supervisory authority — for Serbia, the Commissioner for Information of Public Importance and Personal Data Protection; for EU residents, your local DPA; for UK residents, the ICO.

California residents additionally have the right under CCPA/CPRA to know what personal information we collect, to delete it, to correct it, to opt out of "sale" or "sharing" (we do neither), and to non-discrimination for exercising these rights.

To exercise any right, email podrska@esoftver.rs. We respond within 30 days (extendable by 60 days for complex requests, with notice).

9. Security

We use industry-standard measures to protect your data:

• TLS 1.2+ encryption for all data in transit.
• Encrypted storage at rest for credentials.
• Role-based access control with least-privilege within our team.
• Audited backups, retained for the period stated above.
• Independent code review for changes affecting authentication or data flows.
• Hardware-fingerprint binding so that stolen credentials alone cannot impersonate a device.

No system is perfect. If we ever discover a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and you without undue delay (GDPR Art. 33–34).

10. Cookies & similar technologies

We use a minimal, categorized set of cookies and local-storage entries. See our separate Cookie Policy for the full list and your controls. You can change your cookie choices at any time using the "Manage cookies" button in the page footer.

11. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Automated decisions & profiling

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. AI features in the Service generate suggestions; the user is always the one who decides whether to accept them.

13. Changes to this policy

We may update this Policy from time to time. The "last updated" date at the top reflects the most recent change. For material changes (e.g., a new processor in a new jurisdiction, a new category of data) we will notify users prominently — via in-app banner, email where we have one, and a re-prompt of the cookie banner.

14. Contact & complaints

For any privacy question, request, or complaint:

• Email: podrska@esoftver.rs
• Post: eSoftver d.o.o., Bavaništanski put 334, 26000 Pančevo, Serbia

If you believe we have not handled your concern properly, you may complain directly to the Serbian Commissioner (poverenik.rs) or your local data-protection authority.