Privacy Policy
1. Introduction
This Privacy Policy describes how Larsson Software ("we," "us," or "our") collects, uses, and protects your personal data when you use the Mante Home mobile application (the "Service").
We are committed to protecting your privacy. This policy explains what data we collect, why we collect it, how we use it, and the rights you have regarding your data under the General Data Protection Regulation (GDPR) and other applicable laws.
By using the Service, you agree to the collection and use of information in accordance with this policy.
2. Data Controller
The data controller responsible for your personal data is:
Larsson Software
Organisation number: 936 751 520
Vestre Hamravei 13B
4314 Sandnes
Norway
Contact for privacy matters: hello@larssonsoftware.com
You may contact us at any time with questions about this policy or to exercise your rights as described in Section 10.
3. Data We Collect
We collect only the data necessary to provide the Service. We have deliberately designed the Service to collect as little personal information as possible.
3.1 Account Information
When you create an account, we collect:
- Email address — required for authentication and account recovery
- Password — required for authentication. Your password is hashed by our authentication provider (Supabase) and is never stored, logged, or accessible to us in plain text.
3.2 Home Information
When you set up your home profile, we collect:
- Home address (optional) — a free-text field you may fill in however you wish. You are not required to provide a real or precise address.
- Country — used to provide regionally relevant maintenance recommendations
- Year the home was built (optional)
- Home size in square meters or square feet (optional)
- Climate self-assessment — your selection of preset options describing local winter and summer conditions
- Unit system preference — metric or imperial
We do not collect GPS coordinates or precise location data.
3.3 Item and Maintenance Data
When you add items to the Service, we collect:
- Item details — type, brand, model, estimated age, condition, and any notes you choose to add
- Photos of items — if you choose to use the photo analysis feature
- Maintenance task history — AI-generated maintenance tasks, your edits to those tasks, completion timestamps, and any notes you attach to completed tasks
3.4 Technical and Usage Data
To operate the Service securely, we collect minimal technical data:
- Photo analysis usage counter — the number of photo analyses you have used in the current month (used to enforce the monthly limit)
- API request rate counter — the number of API requests made in the current hour (used to prevent abuse)
- Timestamps — when records are created and updated
3.5 Data We Do Not Collect
We want to be explicit about what we do not collect:
- We do not use analytics, tracking, or behavioral profiling tools
- We do not collect device identifiers, advertising IDs, or persistent tracking tokens
- We do not collect precise location or GPS data
- We do not access your contacts, calendar, or other apps on your device
- We do not use third-party advertising or marketing services
- We do not collect phone numbers
- We do not collect payment or financial information
- We do not collect health, biometric, or sensitive category data
- We do not use cross-app tracking
4. How We Use Your Data
We use the data we collect solely to provide the Service. Specifically:
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Create and manage your account | Email, password (hashed) | Contract (Article 6(1)(b)) |
| Provide personalized maintenance recommendations | Home information, item details | Contract (Article 6(1)(b)) |
| Analyze photos and item descriptions using AI | Photos, item details, home context | Contract (Article 6(1)(b)) |
| Send local maintenance reminders on your device | Task schedules (stored only on your device) | Contract (Article 6(1)(b)) |
| Enforce usage limits and prevent abuse | Usage counters | Legitimate interest (Article 6(1)(f)) |
| Respond to support requests | Whatever data you share with us in the request | Legitimate interest (Article 6(1)(f)) |
| Comply with legal obligations | As required by law | Legal obligation (Article 6(1)(c)) |
We do not use your data for advertising, profiling, or any purpose unrelated to providing the Service.
5. AI Photo and Text Analysis
The Service uses Anthropic's Claude AI model to analyze photos of home items and text descriptions you provide.
When you use photo analysis: Your photo is sent to Anthropic's Claude API along with context about your home (country, unit system, year built). Claude analyzes the image and returns a suggested identification and maintenance tasks.
When you use manual (text-only) analysis: The text description you provide (item type, brand, model, age, condition, notes) is sent to Anthropic's Claude API along with home context. Claude returns suggested maintenance tasks.
What Anthropic receives: the photo or text description you provide, plus home context (country, unit system, year built).
What Anthropic does not receive: your email address, home address, full item history, completed tasks, or any identifier that would link the analysis to you as a person.
Anthropic processes this data in the United States as a data processor on our behalf. See Section 7 for details on international data transfers.
Anthropic's privacy practices are described at: https://www.anthropic.com/legal/privacy
6. Service Providers and Sub-processors
We use the following service providers to operate the Service. Each is contractually bound to process your data only on our instructions.
Supabase (Auth, Database, Storage)
- Purpose: User authentication, database for your items and tasks, storage for your photos
- Location: European Union (EU region)
- Data processed: All data described in Section 3 except AI analysis requests
- Privacy policy: https://supabase.com/privacy
Vercel (Backend Hosting)
- Purpose: Hosts the backend service that mediates AI analysis requests
- Location: European Union (Paris, France — cdg1 region)
- Data processed: AI analysis requests (photos or text) passing through to Anthropic
- Privacy policy: https://vercel.com/legal/privacy-policy
Anthropic (AI Analysis)
- Purpose: AI-powered photo and text analysis of home items
- Location: United States
- Data processed: Photos, text descriptions, home context data
- Privacy policy: https://www.anthropic.com/legal/privacy
Platform Providers
Apple (App Store) and Google (Play Store) distribute the Service. Their collection of installation, crash, and usage data is governed by their own policies and not controlled by us.
7. International Data Transfers
Your data is primarily stored and processed within the European Union:
- Authentication, database, and photo storage are hosted on Supabase's EU infrastructure
- Our backend service runs on Vercel's Paris, France region
The only data that leaves the EU is data sent to Anthropic for AI photo and text analysis. Anthropic processes this data in the United States.
For this transfer to the United States, we rely on:
- Standard Contractual Clauses (SCCs) — approved by the European Commission as a legal mechanism for international data transfers
- Encryption in transit (HTTPS/TLS) for all data transmission
AI analysis is a core feature of the Service. By using the Service to add or analyze items, you consent to this transfer. If you do not wish your data to be processed in the United States, please do not use the Service.
8. Data Retention
We retain your data only as long as necessary to provide the Service:
- Active accounts: We retain your data for as long as your account is active
- Deleted accounts: When you delete your account, all your data is permanently removed immediately, including your photos, home information, item records, maintenance history, and authentication record. There is no grace period or soft-delete mechanism
- Operational logs: Our service providers (Supabase, Vercel) may retain operational logs such as request timestamps and error logs for short periods as part of their normal service operation. These logs are subject to the providers' own retention policies
Account deletion is available at any time directly within the Service (Settings → Danger Zone → Delete Account).
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- All data transmitted between the Service and our backend is encrypted using HTTPS/TLS
- Passwords are hashed using industry-standard algorithms and are never stored or logged in plain text
- Access to the production database is restricted to authorized personnel only
- Our service providers (Supabase, Vercel, Anthropic) implement their own security controls, which you can review in their respective privacy and security documentation
- The Service uses row-level security (RLS) at the database level, ensuring that users can only access their own data
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
10. Your Rights Under GDPR
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights regarding your personal data:
- Right of access — You may request a copy of the personal data we hold about you
- Right to rectification — You may request that we correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — You may request that we delete your data. You can exercise this right directly in the Service by deleting your account (Settings → Danger Zone → Delete Account), or by contacting us
- Right to restrict processing — You may request that we limit how we process your data
- Right to data portability — You may request a copy of your data in a machine-readable format
- Right to object — You may object to processing based on legitimate interests
- Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time
- Right to lodge a complaint — You may file a complaint with your local data protection authority. In Norway, this is Datatilsynet (datatilsynet.no)
To exercise any of these rights, contact us at hello@larssonsoftware.com. We will respond within 30 days.
11. Children's Privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hello@larssonsoftware.com and we will delete the information promptly.
12. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- The right to know what personal information we collect about you
- The right to delete personal information we have collected
- The right to opt out of the sale of personal information (we do not sell personal information)
- The right to non-discrimination for exercising your CCPA rights
To exercise these rights, contact us at hello@larssonsoftware.com.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you through the Service or by email before the changes take effect.
We encourage you to review this policy periodically to stay informed about how we protect your data.
14. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Organisation number: 936 751 520
Vestre Hamravei 13B
4314 Sandnes
Norway
Email: hello@larssonsoftware.com
Website: www.larssonsoftware.com