hearthe

Privacy Policy

Last updated: May 2026

1. Who we are

Hearthe is a pre-launch product. The legal entity that will operate the service ("we", "us", "our") is currently in formation. Until incorporation is complete, the data controller responsible for your personal data is Anton Shakirov, the project founder.

For any privacy-related questions or to exercise your rights, contact us at hello@hearthe.io.

2. What we collect

While the product is in waitlist phase, we collect the minimum data needed to email you and to keep the site running:

  • Email address: provided by you when you join the waitlist. Stored encrypted at rest.
  • Marketing consent flag: whether you opted in to product updates.
  • Hashed IP address and User-Agent: for anti-abuse and rate-limiting only. We do not store raw IP addresses.
  • Analytics data: only if you accept analytics cookies. Collected via Google Analytics 4 with IP anonymization.

3. Why we collect it

  • Waitlist communication: to send you invitations and product updates you opted into.
  • Service operation: to provide the website and prevent abuse.
  • Analytics: to understand how the site performs and improve it.

4. Legal basis

We rely on the following legal bases under the GDPR:

  • Consent (Article 6(1)(a)). for waitlist signup, marketing emails, and analytics cookies.
  • Legitimate interest (Article 6(1)(f)). for anti-abuse measures and essential site operation.

5. How long we keep it

  • Waitlist email: until product launch plus 30 days, or until you ask us to delete it.
  • Hashed IPs in rate-limit table: 7 days, then automatically purged.
  • Analytics data: 14 months in Google Analytics, then aggregated.

6. Who we share with

We share your data only with infrastructure providers needed to run the service:

  • Cloudflare (USA, GDPR-compliant DPA). hosting, CDN, DDoS protection, edge functions, edge SQL database.
  • Resend (USA, GDPR-compliant DPA). transactional email delivery.
  • Google Analytics 4 (USA). Only if you accept analytics cookies. IP-anonymized.

We never sell your data. Ever.

7. Your rights

Under the GDPR you have the right to:

  • Access: request a copy of your personal data.
  • Rectification: ask us to correct inaccurate data.
  • Erasure: ask us to delete your data ("right to be forgotten").
  • Restriction: limit how we process your data.
  • Portability: receive your data in a machine-readable format.
  • Object: to processing based on legitimate interest or for direct marketing.
  • Withdraw consent: at any time, with no penalty.
  • Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email hello@hearthe.io. We respond within 30 days.

8. Data residency

Our edge infrastructure (Cloudflare D1) replicates data across global data centers. Email is encrypted at rest with a key we control. International transfers occur under standard contractual clauses (SCCs) with our processors.

9. Cookies

See our Cookie Policy.

10. Changes to this policy

We will post any changes here and update the "Last updated" date. Material changes that affect your rights will be communicated by email if you are on the waitlist.