⚠️ Draft template — have a lawyer review the rendered text for your jurisdiction before pointing real users at this page. Hide this banner by setting HAZY_LEGAL_REVIEWED=1.

Privacy policy

Last updated [set HAZY_LEGAL_LAST_UPDATED].

This page describes how Angels' Ware ("we") collects and uses information when you use the hosted Hazy service at https://hazy.r8.rs.

If you self-host Hazy on your own infrastructure, the operator of that install is the data controller and these terms don't apply to that deployment — talk to them.

1. What we collect

• Account data: email address and bcrypted password hash.
• Workspace content: projects, tasks, plugin configurations, log output, and webhook delivery records. You own this; we don't read it except to debug an issue you report.
• Operational logs: HTTP request lines (path, status, IP, user-agent), auth events (login OK/fail, password change), and worker connection events. Retained 90 days.
• Cookies: a session cookie (hazy_session, HttpOnly, SameSite=Lax) and a CSRF cookie. No third-party cookies. No analytics trackers.

2. What we don't collect

• No analytics or advertising trackers.
• No fingerprinting beyond standard HTTP headers.
• No third-party scripts on the marketing pages.

3. Sub-processors

The hosted service runs on:

• Hosting: [set HAZY_HOSTING_PROVIDER]
• Email delivery: [set HAZY_EMAIL_PROVIDER] (verification and password-reset mail only).

4. Your rights

Under Sweden law you have the right to access, correct, export, and delete your data. Email info@angelsware.com with the address associated with your account and we'll respond within 30 days.

Account deletion: today, send the request by email — a self-service "delete account" button is on the roadmap.

5. Retention

• Workspace content: until you delete it or the account.
• Auth audit log: 90 days.
• HTTP access logs: 30 days.
• Backups: encrypted, retained 30 days from snapshot.

6. Security

Passwords are bcrypted at the standard work factor. TOTP secrets (when 2FA is enabled) are AES-256-GCM encrypted with a key held outside the database. Postgres row-level security enforces per-user isolation. TLS is provided by a reverse proxy in front of the daemon.

7. Contact

General contact: info@angelsware.com
Privacy / data-rights requests: info@angelsware.com