Last updated: May 17, 2026
This Privacy Policy explains how AS Labs ApS ("we", "us", "our") collects and processes personal data when you use 9 Hats ("the Service"), available at https://9hats.app.
We are the data controller for personal data processed through your account.
Contact:
AS Labs ApS Hvedemarksvej 18 2605 Brøndby Denmark hello@9hats.app
The short version of what follows:
When you create an account, we collect:
If you connect Granola, we read meeting notes and transcripts from your Granola account using the access you authorize. This content typically includes:
When you use the Discovery feature, we store:
If you subscribe to a paid plan, billing is handled by Stripe. We do not store your card number. We store a Stripe customer ID, your plan, and the status of your subscription.
When you use 9 Hats we automatically collect:
We do not collect precise location (GPS) data.
We receive:
We do not intentionally collect sensitive personal data (data about health, race, religion, sexual orientation, political opinions, trade union membership, biometric or genetic data).
However, meetings can contain anything participants discussed. If your meeting transcripts contain sensitive personal data, that data will pass through our Service. You are responsible for ensuring you have a legal basis to upload meeting content containing sensitive data about other people.
Meeting transcripts contain personal data about meeting participants, including people who never signed up for 9 Hats. When you upload, connect, or process this content:
If you don't have the right to upload someone's meeting data to a service like 9 Hats, don't connect that meeting. You can disconnect Granola or delete specific notes from your account at any time.
| Purpose | Legal basis | |---|---| | Create and manage your account | Contract (GDPR Art. 6(1)(b)) | | Run the core Service: meeting processing, suggestions, Discovery artifacts | Contract | | Send account, security, and service emails | Contract / Legitimate interest | | Process payments | Contract / Legal obligation | | Keep records required by Danish accounting law | Legal obligation | | Detect, prevent, and respond to abuse, fraud, and security incidents | Legitimate interest | | Improve the Service through aggregate, anonymised usage analysis | Legitimate interest | | Send marketing emails | Consent (you can withdraw any time) | | Comply with legal requests from courts or regulators | Legal obligation |
We do not sell personal data. We do not use it to target ads.
The core of 9 Hats is processing your meeting content and Discovery inputs using a large language model.
What we send: Meeting content (titles, transcripts, notes), Discovery inputs, and surrounding context required for generation.
Who processes it: Anthropic, PBC (United States). We use Anthropic's Claude API on Anthropic's commercial terms.
Anthropic's commitments:
Why we use a US provider: Claude is the model that gives 9 Hats its core value. Equivalent EU-hosted alternatives don't currently match the quality we need for meeting extraction. We transfer data to the US on the basis of the European Commission's Standard Contractual Clauses (SCCs), and we monitor adequacy developments under EU law.
We use the following sub-processors to run 9 Hats:
| Provider | Purpose | Location | Transfer mechanism | |---|---|---|---| | Anthropic, PBC | LLM inference (Claude API) | United States | SCCs | | Convex, Inc. | Application backend and database | United States | SCCs | | Vercel, Inc. | Frontend hosting | United States | SCCs | | Resend, Inc. | Transactional email (magic link, notifications) | United States | SCCs | | Stripe Payments Europe, Ltd. / Stripe, Inc. | Payments and subscription billing | Ireland (EU) / United States | EU processing where possible; SCCs for US | | Google Ireland, Ltd. / Google LLC | Login (OAuth) | Ireland (EU) / United States | EU processing where possible; SCCs for US | | Cloudflare, Inc. | DNS, edge network, email routing | United States (global edge) | SCCs |
We will update this list if we add or change sub-processors. Material changes will be reflected on this page.
You can connect 9 Hats to third-party services so we can read from or write to them on your behalf:
When you authorize an integration, that third-party service operates under its own privacy policy and terms. We pass data to or from it under your direction. We are not responsible for what those services do with your data after you transfer it there, except for our role in the transfer itself.
You can disconnect any integration at any time from Settings.
| Data | Retention | |---|---| | Account profile | While your account is active | | Meeting notes and derived suggestions | While active; deleted within 30 days of account closure | | Discovery artifacts | While active; deleted within 30 days of account closure | | Billing records (invoices, transactions) | 5 years from the end of the relevant accounting year (Danish Bookkeeping Act) | | Logs and security data | Up to 90 days | | Backups containing the above | Purged on the next backup rotation cycle, typically within 35 days |
When you delete your account, we delete your data on the schedule above. We cannot retrieve content from Anthropic, Granola, or other third parties on your behalf – you'll need to handle deletion there directly.
If you are in the EEA or the UK, you have the following rights under GDPR / UK GDPR:
To exercise any of these rights, email hello@9hats.app. We respond within 30 days. We may ask you to verify your identity before we act.
If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the data protection authority in your country of residence.
We protect your data with:
No security is perfect. If we discover a personal data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority within 72 hours and notify affected users without undue delay where required by GDPR.
9 Hats uses essential cookies to keep you logged in and to operate the Service. We do not use advertising cookies or third-party tracking cookies. If we add analytics or marketing cookies in the future, we will update this policy and request your consent before activating them.
9 Hats is not intended for users under 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact hello@9hats.app and we will delete it.
We may update this policy. The "Last updated" date at the top reflects the latest version. If we make material changes, we will notify active users by email or in-app notice.
For any privacy question or to exercise your rights:
hello@9hats.app
AS Labs ApS Hvedemarksvej 18 2605 Brøndby Denmark