Privacy Policy

Last updated: March 2026

1. Introduction

StintBox ("we", "us") is developed by Kameli ApS, based in Denmark. This policy explains what data we collect, why, and how we protect it.

2. What We Collect

During license validation (each app open)

  • License key
  • Machine ID hash (anonymized hardware fingerprint — we do not collect or store individual hardware information)
  • App version
  • IP address
  • Operating system name and version

When you create an account

  • Email address
  • Display name (optional)
  • Password (hashed, never stored in plain text)

When you purchase a license

Payment is processed by Paddle.com (our merchant of record). We do not store credit card numbers or payment details directly. See Paddle's privacy policy.

When you use the mobile app

All telemetry and sensor data is stored locally on your device. It is never uploaded to our servers unless you explicitly choose to share or sync it (e.g., publishing a session recap to your profile).

  • GPS / location data — recorded during sessions for telemetry overlay (speed, route, altitude, etc.)
  • Sensor data — accelerometer, gyroscope, and barometer readings captured during recording
  • OBD-II vehicle data — engine RPM, coolant temperature, and other diagnostics when an OBD adapter is connected
  • Camera control metadata — connection status and settings for linked action cameras (GoPro, Insta360, DJI)

Crash reporting & diagnostics

We use Sentry (sentry.io) to collect anonymous crash reports and performance data across our desktop, web, and mobile apps. This helps us identify and fix bugs quickly. No personal information, telemetry data, filenames, or GPS data is included in crash reports. Crash reporting can be disabled in the app settings.

  • Device type, operating system name and version
  • App version and runtime environment
  • Error messages and stack traces (code-level, no personal data)
  • General performance metrics (app startup time, export duration)

What we do NOT collect

  • Your telemetry data is never uploaded without your explicit action
  • Individual hardware serial numbers or specifications
  • Browsing behavior outside of stintbox.app
  • Continuous or background location tracking — GPS is only active during a recording session

3. Cloud Storage (Optional)

StintBox may offer optional cloud storage for video and telemetry files. This is always opt-in — your data is never uploaded without your explicit action. Cloud-stored data is encrypted at rest and only accessible to your account.

4. How We Use Your Data

  • License validation: verify your license is active and within device limits
  • Account management: login, password reset, subscription status
  • Support: respond to your inquiries
  • Product improvement: aggregate, anonymized statistics (e.g., "X% of users are on Windows") — never individual tracking

5. Data Sharing

We do not sell or share your personal data with third parties, except:

  • Paddle.com: processes payments as merchant of record
  • Sentry (Functional Software, Inc.): receives anonymous crash reports and performance data to help us fix bugs. No personal data is shared. See Sentry's privacy policy at sentry.io/privacy
  • Law enforcement: if legally required by Danish or EU law

That's it. No ad networks, no data brokers.

6. Data Storage & Security

  • Server located in Germany (Hetzner Cloud, Falkenstein)
  • Data encrypted in transit (TLS 1.3) and at rest
  • Passwords hashed with bcrypt
  • Machine IDs stored as SHA-256 hashes only
  • Database: PostgreSQL with regular backups

7. Your Rights (GDPR)

Under EU/GDPR, you have the right to:

  • Access: request a copy of your data
  • Correction: update inaccurate data
  • Deletion: request complete deletion of your account and data
  • Portability: receive your data in a standard format
  • Objection: object to specific processing

To exercise any right: email [email protected]. We will respond within 30 days.

8. Cookies

stintbox.app uses minimal cookies:

  • Session cookie: keeps you logged in (essential, no consent required)
  • Referral attribution cookie: 30-day first-party cookie for referral tracking (legitimate interest)

We do NOT use third-party tracking cookies, Google Analytics, Facebook Pixel, or similar.

9. Children

StintBox is not directed at children under 16. We do not knowingly collect data from children.

10. Data Retention

  • Account data: retained while your account is active. Deleted within 30 days of account deletion request.
  • License validation logs: retained for 12 months, then automatically purged.
  • Payment records: retained for 7 years (Danish tax law requirement).

11. Changes to This Policy

We will notify you of material changes via email at least 30 days in advance. Non-material changes are posted here with an updated date.

12. Contact