Last updated: 16 July 2026
This page contains two privacy policies: one for the Night Eye browser extension and one for the Night Eye websites, accounts, purchases, support services and cookies. The shared sections at the end apply to both policies.
Table of contents
- Night Eye Browser Extension Privacy Policy
- Privacy and Cookie Policy for nighteye.app and billing.nighteye.app
- Information applying to both policies
Who we are
The controller responsible for the processing described in the policies on this page is:
PROMOTINO OOD, also referred to in English as Promotino Ltd.
UIC/EIK: 203755878
VAT number: BG203755878
Registered office and business address: Mladost 1 A District, Block No. 537, Floor 1, Apartment 2A, Sofia 1729, Bulgaria
Website: https://nighteye.app
Email: [email protected]
Telephone: +359 88 684 8570
In these Policies, “Promotino,” “we,” “us” and “our” mean PROMOTINO OOD.
Promotino has not appointed a data protection officer. Questions and requests concerning personal data are handled at [email protected].
Part I — Night Eye Browser Extension Privacy Policy
This part applies specifically to the Night Eye browser extension available for supported browsers. It explains the browser permissions used by Night Eye, information processed locally, and the limited functional data transmitted for authentication and licence verification.
A.1 Webpage conversion is local
Night Eye needs browser permission to access and modify the appearance of webpages so that it can convert their colours and visual elements. That conversion is performed locally on the user’s device.
Promotino does not receive the URLs or domains of webpages visited, webpage content or the user’s browsing history when Night Eye converts a webpage.
The Night Eye extension does not use Google Analytics, Microsoft Clarity or any other analytics, advertising trackers, telemetry or crash-reporting tools. No extension-usage data is sent to Google Analytics or Microsoft Clarity, and Promotino does not monitor how a person browses the web through the extension.
A.2 Limited functional data is transmitted
Although webpage conversion remains local, the extension communicates with Night Eye servers for essential authentication and licence verification. All installations, including Lite installations, may transmit an internal Night Eye user ID and/or authentication token, subscription status, extension and browser version, device or browser information and the IP address from which the request is made.
This functional communication does not include webpage URLs, domains, webpage content or browsing history.
A.3 Night Eye settings
Per-website settings, such as colour preferences, brightness, contrast and saturation, are stored or synchronised through the synchronisation functionality provided by the user’s browser, such as Chrome Sync or Firefox Sync. Promotino does not receive those per-website settings through the browser synchronisation service.
The relevant browser provider controls its own synchronisation service and processes synchronised data under its own privacy terms. Users can manage browser synchronisation through their browser or browser-account settings.
A.4 Scope of the Extension Privacy Policy
This Extension Privacy Policy applies to personal data processed by Promotino through:
- the Night Eye browser extension, including Lite, Pro, Pro Max and Ultimate;
- essential extension authentication and licence-verification requests; and
- browser permissions and browser-provided storage or synchronisation used by the extension.
This Extension Privacy Policy does not govern third-party websites that users visit while using Night Eye. Night Eye changes their appearance locally, but Promotino does not control those websites or their privacy practices.
Night Eye accounts, purchases, support and the Night Eye websites are covered by Part II below. The shared sections in Part III also apply to the extension.
A.5 Extension authentication and licence data
For authentication, plan recognition, licence verification, fraud prevention and protection against unauthorised licence sharing, we may process:
- an internal Night Eye user ID;
- an authentication or licence token;
- the relevant plan and subscription status;
- extension and browser version;
- browser, device and operating-system information; and
- IP address and the date and time of the request.
Lite can be used without creating a Night Eye account. Essential licence-verification requests may nevertheless be made by the Lite installation.
A.6 Information the extension does not collect
When Night Eye converts a webpage, Promotino does not collect or receive:
- the URL or domain of the webpage;
- the webpage’s text, images or other content;
- the user’s browsing history;
- search terms entered on third-party websites;
- forms or passwords entered on third-party websites; or
- analytics, telemetry, crash reports or advertising identifiers from use of the extension.
This Section concerns webpage conversion and extension analytics. It does not prevent the limited transmission of authentication, licence and technical data described in Section A.5.
A.7 Extension data-use limitations
Promotino uses extension permissions and the limited extension-related data described in Section A.5 only to provide, maintain, support and secure Night Eye’s disclosed user-facing functionality, administer licences, prevent fraud and comply with law.
Extension-related data is not used or transferred for personalised, retargeted or interest-based advertising. Promotino does not sell extension-related personal data. Human access is limited to circumstances where it is necessary for support requested by the user, security or fraud investigation, legal compliance, or internal operations using aggregated or de-identified information.
Part II — Privacy and Cookie Policy for nighteye.app and billing.nighteye.app
This part applies to nighteye.app, billing.nighteye.app, Night Eye accounts, purchases, subscriptions, support and related communications. It also explains the cookies and similar technologies used on the two websites.
B.1 Account and authentication data
When a Night Eye account is created or used, we may process:
- name and email address;
- billing address and country;
- company name and VAT or tax information, where supplied;
- an internal Night Eye user ID;
- a cryptographic password hash for accounts using email and password;
- account creation date;
- IP address and browser or device information; and
- login history or last-login date.
Promotino does not store readable account passwords. Passwords are stored only as cryptographic password hashes.
B.2 Google Sign-In
If a user chooses Google Sign-In, Google provides Promotino with the user’s Google user ID, name, email address and profile picture. We use this information to create, identify and authenticate the Night Eye account. Use of Google Sign-In is optional where email-and-password login is available.
Google separately processes information relating to the Google account and the authentication request under the Google Privacy Policy. A user can manage connections to third-party applications through the relevant Google Account settings.
B.3 Direct purchases through Stripe
Stripe processes payments made through billing.nighteye.app. Promotino may receive and store the following payment and subscription records:
- Stripe customer ID and transaction ID;
- name, email address, billing address and country;
- company and tax or VAT number, where supplied;
- purchased plan;
- price, currency and payment status; and
- subscription start, renewal, cancellation and expiry dates.
Payment-card details are submitted directly to Stripe. Promotino does not receive or store full card details, the card brand or the final four digits of the card number. Stripe processes payment information under its own terms and Privacy Policy.
B.4 Purchases through Apple
For purchases administered through Apple’s App Store, Promotino may process:
- an internal Night Eye user ID created by Promotino and sent to and returned by Apple, for example as an app account token;
- Apple transaction ID;
- purchased plan and subscription status; and
- purchase, renewal and expiry dates.
Apple processes the payment and related App Store information under Apple’s terms and Privacy Policy. Promotino does not receive the payment-card details submitted to Apple.
B.5 Website, billing portal and security data
When a person visits nighteye.app or billing.nighteye.app, or uses an account, we may process:
- IP address;
- browser, device and operating-system information;
- request date and time;
- security, routing and diagnostic information;
- account creation and login information; and
- subscription start, renewal, cancellation and expiry information.
Cloudflare proxies and protects both domains and may process IP addresses, traffic-routing data, HTTP request information, system configuration information and security information for content delivery, abuse prevention and network protection.
B.6 Website analytics
Google Analytics and Microsoft Clarity are used only on nighteye.app and billing.nighteye.app, and only with the website visitor’s consent.
Google Analytics may process online identifiers and information about website visits, page interactions, approximate location derived from IP address, and browser or device characteristics to produce website-usage statistics.
Microsoft Clarity may process online identifiers, browser or device information and website interaction information, including clicks, scrolling, navigation and rendered page interactions, to produce heatmaps, behavioural metrics and session replays.
Google Analytics and Microsoft Clarity are blocked until the visitor selects “Accept” in the consent banner. Selecting “Reject optional” keeps them blocked. A visitor can later withdraw consent through the cookie settings control.
Neither Google Analytics nor Microsoft Clarity operates inside the Night Eye extension, and no extension-usage data is sent to either service. Promotino does not separately export or store Google Analytics or Microsoft Clarity data outside those services.
B.7 Support data
Night Eye’s private support system is developed and hosted by Promotino. When a person contacts support, we may process:
- name and email address;
- support messages and correspondence;
- images or screenshots voluntarily uploaded by the user;
- IP address;
- browser, operating system, extension version and device information; and
- information reasonably required to investigate the support request.
Support records are accessible only to authorised Promotino support personnel and service providers where technically necessary to operate the hosting infrastructure. Support messages and images are not public.
Users should remove passwords, authentication codes, full payment-card information, health information and unrelated personal information before submitting an image or message.
B.8 Transactional and service emails
Promotino uses Mailgun’s US region to send transactional and service communications, such as account verification, password-reset, purchase, subscription, renewal, cancellation, security and support messages. Mailgun may process the recipient’s email address, message content, delivery status, IP address and related delivery or security logs as necessary to deliver and protect those communications.
Promotino does not use Mailgun to send marketing newsletters under the processing described in these Policies.
B.9 Sources of personal data
Promotino obtains personal data:
- directly from the user, for example during registration, purchase or support;
- automatically from the user’s browser, device and network when a login, account or website request is made;
- from Google when the user chooses Google Sign-In;
- from Stripe or Apple in connection with a purchase or subscription; and
- from Cloudflare, Google Analytics or Microsoft Clarity in connection with website security or consented website analytics.
B.10 Required and optional information
Authentication, licence-verification and technical request data are necessary to provide and protect the relevant Night Eye functionality. If those requests are blocked, Night Eye may be unable to verify a plan or provide account-based paid access.
Information identified as required at checkout is necessary to process the purchase, administer the subscription and meet legal requirements. A purchase cannot be completed without the information required by the relevant payment channel.
Google Sign-In is optional where email-and-password login is available. Support images are optional. Website analytics consent is optional, and rejecting it does not prevent access to Night Eye or the essential functions of the websites.
Part III — Information applying to both policies
Except where a section expressly applies only to the websites, the following sections apply to the extension processing described in Part I and to the website, account, purchase, support and cookie processing described in Part II.
C.1 Why we process personal data and our legal bases
| Purpose | Categories of data | Legal basis under the GDPR |
|---|---|---|
| Provide Night Eye accounts, authentication, plan access and licence verification | Account, identifier, token, plan, subscription and technical data | Performance of a contract or steps requested before entering a contract, together with our legitimate interest in protecting Night Eye, its licences and the requested functionality |
| Process purchases, subscriptions, renewals, cancellations and account restoration | Account, billing, transaction and subscription data | Performance of a contract and compliance with legal obligations |
| Provide support and investigate technical problems | Account, contact, technical, message and uploaded-image data | Performance of a contract and our legitimate interest in supporting and improving Night Eye |
| Send transactional and service communications | Email address, account, transaction, subscription, security and message-delivery data | Performance of a contract, compliance with legal obligations and our legitimate interest in communicating about requested services |
| Protect accounts, websites, infrastructure and licences; detect fraud, abuse and security incidents | IP address, identifiers, login, request, device, browser, security and transaction data | Our legitimate interests in security, fraud prevention, service integrity and the establishment, exercise or defence of legal claims |
| Meet accounting, tax, consumer-protection and other legal requirements and respond to lawful requests | Account, billing, transaction, subscription, communication and legal-claim data | Compliance with legal obligations and, where relevant, our legitimate interest in legal compliance and claims |
| Measure and improve nighteye.app and billing.nighteye.app through Google Analytics and Microsoft Clarity; this processing does not apply to the extension | Cookie identifiers, website interaction and device or browser information | Consent |
Where we rely on legitimate interests, we consider the necessity and proportionality of the processing and the effect on the individual. A person may object to processing based on legitimate interests as described in Section C.8.
C.2 Cookies and similar technologies
This Section C.2 applies only to nighteye.app and billing.nighteye.app. It does not apply to use of the Night Eye browser extension. The extension does not use cookies or similar technologies for analytics or advertising.
C.2.1 What cookies are
Cookies and similar storage technologies are small identifiers or data files stored or accessed on a browser or device. They may be necessary to operate a requested service or, with consent, may be used to understand how a website is used.
C.2.2 Strictly necessary technologies
Strictly necessary technologies may be used on nighteye.app and billing.nighteye.app to:
- maintain a login or account session;
- authenticate users and protect accounts;
- remember cookie-consent choices;
- process a requested purchase or subscription;
- balance network traffic; and
- detect bots, fraud, abuse and malicious requests through Cloudflare.
These technologies are used because they are necessary to provide a service requested by the user or to secure that service. They are not used for optional website analytics.
C.2.3 Optional analytics technologies
| Provider | Purpose | When activated | Retention criterion |
|---|---|---|---|
| Google Analytics | Website audience measurement, page-use statistics and service improvement | Only after the visitor selects “Accept” | Until consent is withdrawn and according to the configured Google Analytics retention and cookie-expiration rules |
| Microsoft Clarity | Heatmaps, interaction metrics and session replays used to understand and improve the websites | Only after the visitor selects “Accept” | Until consent is withdrawn and according to Microsoft Clarity’s applicable retention and cookie-expiration rules |
Microsoft documents that Clarity may use identifiers including _clck, _clsk, CLID, ANONCHK, MR, MUID and SM. The identifiers actually set can depend on browser restrictions, consent signals and Microsoft’s current implementation. More information is available in the Microsoft Clarity cookie documentation.
Cloudflare may set strictly necessary security or traffic-management cookies when the corresponding protection feature is triggered. The exact cookie depends on the Cloudflare feature used. Current examples and durations are described in Cloudflare’s cookie documentation.
C.2.4 Consent choices
The consent banner on the websites provides “Accept” and “Reject optional” choices. Google Analytics and Microsoft Clarity remain blocked unless “Accept” is selected. Rejecting optional technologies does not prevent access to essential website functions or use of the Night Eye extension.
A visitor can withdraw or change consent later through the cookie settings control. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. A visitor may also remove stored cookies through browser settings, although blocking strictly necessary cookies may affect account or website functionality.
C.2.5 No analytics in the extension
The cookie and website-analytics disclosures in this Section apply exclusively to nighteye.app and billing.nighteye.app. Google Analytics, Microsoft Clarity and advertising trackers do not operate inside the Night Eye extension, and no extension-usage data is transmitted to them.
C.3 Service providers and other recipients
Promotino discloses personal data only where necessary for the purposes described in these Policies. Recipients may include:
- Amazon Web Services (AWS), for hosting, databases, logs, files and backups in the
us-east-1region in the United States; - Cloudflare, for proxying, content delivery, traffic management and security protection for nighteye.app and billing.nighteye.app;
- Mailgun Technologies, part of Sinch, using its US region for transactional and service emails;
- Google, for Google Sign-In and, after website consent, Google Analytics on nighteye.app and billing.nighteye.app only;
- Microsoft, after website consent, for Microsoft Clarity on nighteye.app and billing.nighteye.app only;
- Stripe, for direct payment processing;
- Apple, for App Store purchases and related transaction administration;
- browser and browser-account providers, such as Google, Mozilla, Microsoft or Apple, where a user enables the provider’s browser-synchronisation service;
- professional advisers, auditors, insurers and legal representatives where reasonably necessary; and
- courts, regulators, law-enforcement bodies or other public authorities where disclosure is legally required or necessary to protect legal rights.
Promotino does not sell personal data. Promotino does not disclose extension browsing history, webpage URLs, domains or webpage content because it does not receive that information through Night Eye’s webpage-conversion process.
C.4 International data transfers
Promotino is established in Bulgaria, but some service providers process personal data outside the European Economic Area.
In particular:
- Night Eye account, billing, subscription, support, log and backup data are hosted in AWS
us-east-1in the United States; - Mailgun’s US region is used for transactional and service emails;
- Cloudflare operates a global network and may process security and traffic data in the United States and other countries; and
- Google, Microsoft, Stripe and Apple may process data internationally under their applicable service arrangements.
Where personal data is transferred outside the EEA, Promotino uses the transfer mechanism applicable to the relevant provider and service. Depending on the recipient and circumstances, this may include an adequacy decision of the European Commission, including the EU–US Data Privacy Framework for a participating and certified US recipient, or European Commission Standard Contractual Clauses together with supplementary measures where required.
A person may contact [email protected] to request information about the safeguard relevant to a particular transfer.
C.5 How long we retain personal data
We use the following retention periods or criteria:
- Active accounts: account, authentication, subscription, security, login and support data are kept while the account remains active and as needed to provide Night Eye.
- Ordinary account closure: account/profile, IP, browser/device, login, subscription and support data may be retained for up to 24 months after account closure. During this period, an ordinarily closed account may be restored. The period also supports security, fraud prevention, dispute handling and legal claims.
- Specific erasure requests: if a person specifically exercises a right to erasure, eligible data is deleted earlier unless retention remains necessary for a legal obligation, transaction record, fraud or security matter, dispute, legal claim, or another lawful exception.
- Payment, accounting and tax records: retained for the periods required by applicable Bulgarian accounting, tax and other laws.
- Transactional emails and delivery logs: retained for as long as needed to deliver and document the relevant service communication, subject to Mailgun’s operational retention rules and applicable legal requirements.
- Website analytics from Google Analytics and Microsoft Clarity: this concerns nighteye.app and billing.nighteye.app only and is retained within those services according to the configured provider settings and provider retention rules. Promotino does not separately export or store this analytics data outside those services. Withdrawing consent prevents future optional collection but does not necessarily delete data already lawfully processed; a person may request deletion where applicable.
- Security and network information processed by Cloudflare: retained according to the security feature involved, Promotino’s configuration and Cloudflare’s applicable retention criteria.
- Browser-synchronised settings: retained by the browser provider according to the user’s browser-account settings and the provider’s terms, not by Promotino.
- Backups: stored in the AWS environment and overwritten or deleted through backup cycles. Access is restricted, and restored backup data remains subject to the retention and deletion rules described above.
We may retain a limited record for longer where necessary to establish, exercise or defend legal claims, comply with law, resolve an ongoing dispute or prevent fraud. When continued identification is no longer necessary, data may be deleted or irreversibly anonymised.
C.6 Security
Promotino uses technical and organisational measures appropriate to the nature of the processing, including access restrictions, cryptographic password hashing, restricted access to support records, service-provider controls and measures intended to protect accounts, infrastructure and communications.
Payment-card details are collected by Stripe or Apple rather than stored by Promotino. No method of storage or transmission is completely secure, and Promotino cannot guarantee absolute security.
Users should use a unique password, protect access to their email and browser account, and notify Promotino promptly if they suspect unauthorised access.
C.7 Data concerning other people and sensitive information
Users should submit to support only information that is necessary to resolve the issue and that they are authorised to provide. Screenshots can unintentionally contain names, messages, account details or other information concerning third parties.
Night Eye does not request health data, payment-card numbers, passwords, authentication codes or other sensitive information through the support system. Users should remove such information before sending a message or image. If unnecessary sensitive information is received, Promotino may delete or redact it.
C.8 Rights under the GDPR and EEA law
Subject to the conditions and exceptions in applicable law, a person may have the right to:
- obtain confirmation whether Promotino processes their personal data and request access to it;
- request correction of inaccurate data and completion of incomplete data;
- request erasure of personal data;
- request restriction of processing;
- receive personal data supplied to Promotino in a structured, commonly used and machine-readable format and, where applicable, transmit it to another controller;
- object to processing based on legitimate interests, including processing for fraud prevention, security or legal claims, taking account of the circumstances;
- withdraw consent at any time where processing is based on consent, including website analytics; and
- lodge a complaint with a competent data-protection supervisory authority.
To exercise a right, contact [email protected]. Please describe the request and identify the account or email address concerned. Promotino may request information reasonably necessary to verify identity and protect the account from unauthorised disclosure.
Withdrawal of consent does not affect the lawfulness of processing performed before withdrawal. The right to erasure is not absolute; for example, Promotino may retain transaction or claim information where required by law or necessary for legal claims, security or fraud prevention.
C.9 Complaints to the Bulgarian supervisory authority
People in the EEA may complain to the supervisory authority in the country of their habitual residence, place of work or the alleged infringement. Promotino’s lead Bulgarian supervisory authority is:
Commission for Personal Data Protection
2 Prof. Tsvetan Lazarov Blvd.
1592 Sofia, Bulgaria
Website: https://www.cpdp.bg/
Email: [email protected]
We encourage users to contact us first so that we can try to resolve the concern, but doing so is not a condition for submitting a complaint.
C.10 Information for users in the United States
Depending on the US state in which a person resides and whether the relevant law applies to Promotino’s processing, the person may have rights to request access, correction, deletion or a portable copy of personal data, or to opt out of certain processing.
Promotino does not sell personal data for money. Optional Google Analytics and Microsoft Clarity technologies operate on the websites only after consent and can be rejected or disabled through the cookie settings control. The Night Eye extension does not contain analytics or advertising trackers.
A US privacy request may be submitted to [email protected]. We may verify the requester’s identity and may deny or limit a request where permitted by applicable law. If applicable law provides a right to appeal a refusal, the response will explain how to appeal.
C.11 Children
Night Eye is a general-purpose browser tool and is not intended to solicit personal data from children. A person who does not have the legal capacity required in their country to create an account or purchase a plan may use Night Eye only with the consent and supervision of a parent or legal guardian.
If a parent or guardian believes that a child has provided personal data without the authorisation required by law, they should contact [email protected].
C.12 Changes to these Policies
Promotino may update these Policies to reflect changes in Night Eye, providers, legal requirements or data-processing practices. The “Last updated” date will be changed when either Policy is revised.
If a change materially affects how personal data is processed, Promotino will provide additional notice where required, for example through the website, account email or extension. Where consent is legally required for new processing, continued use alone will not be treated as consent.
C.13 Contact
Questions, privacy requests and complaints may be sent to:
PROMOTINO OOD (Promotino Ltd.)
UIC/EIK: 203755878
VAT number: BG203755878
Mladost 1 A District, Block No. 537, Floor 1, Apartment 2A
Sofia 1729, Bulgaria
Email: [email protected]
Telephone: +359 88 684 8570
Website: https://nighteye.app

