Privacy policy
Last updated [set HAZYDO_LEGAL_LAST_UPDATED].
This page explains what information Angels' Ware
("we") keeps about you when you use the hosted Hazydo service at
https://hazy.r8.rs, and what we do (and don't do) with
it.
If you're using a self-hosted Hazydo install (someone else running Hazydo on their own server), the person running that install handles your data — not us. Ask them about their privacy practices.
1. What we keep about you
- Your account: your email address, and your password stored in a one-way scrambled form (we can't read it back).
- Your projects and tasks: everything you put into your lists — task names, descriptions, comments, and results. This is yours; we don't look at it except when you ask us to debug something.
- Server logs: a record of which pages each request hit, the response code, the IP and browser it came from, and important account events (sign-ins, password changes). Kept for 90 days, then deleted.
- Cookies: a sign-in cookie and a small anti-tampering cookie. Both are required for the site to work at all — that's why there's no cookie banner; European law only requires one when there are cookies you don't strictly need. We don't use third-party cookies. We don't run analytics or ad trackers.
2. What we don't collect
- No analytics or advertising trackers.
- No browser fingerprinting beyond what a server normally sees.
- No third-party scripts on the marketing pages.
3. Sub-processors
The hosted service runs on:
- Hosting: [set HAZYDO_HOSTING_PROVIDER]
- Email delivery: [set HAZYDO_EMAIL_PROVIDER] (verification and password-reset mail only).
The canonical list, including any future additions and the 30-day change-notice commitment to business customers, is in DPA Annex 3.
4. Your rights
Under Sweden law you have the right to see, correct, download, and delete the data we keep about you. You don't have to email anyone for the common cases — here's how to do each one yourself:
Download a copy: Settings → Your data. You get a JSON file with your profile, sign-in history, sessions, your API keys' details, the projects you're on, and the comments you've written.
Delete your account: Settings → Delete account. Everything you own personally goes with you. Comments you wrote on projects shared with other people stay (so the threads still read), but they're marked as "deleted user."
For anything that those buttons don't cover — getting the full server logs about you, correcting something in our records, anything that involves another person's account — email hazy@r8.rs from the address on your account and we'll get back to you within 30 days.
If you're using Hazydo on behalf of a company or other organisation, the contract that covers that is in our Data Processing Agreement.
5. Retention
- Workspace content: until you delete it or the account.
- Auth audit log: 90 days.
- HTTP access logs: 30 days.
- Backups: encrypted, retained 30 days from snapshot.
6. Security
Passwords are stored in a scrambled form that even we can't read back. If you've turned on two-factor authentication, the codes Hazydo uses to check you are stored encrypted with a key kept separately from the database. The database itself is set up so one user's data is invisible to another, even to our own code. Traffic between your browser and our server is encrypted.
7. Contact
General contact:
hazy@r8.rs
Privacy / data-rights requests:
hazy@r8.rs