Privacy Policy.
This Privacy Policy describes how Hardseal collects, uses, and protects information when you visit hardseal.ai or interact with us by email. Hardseal's design philosophy is to collect as little data as possible. This page reflects that.
1. Information We Collect
| Source | Data | Why |
|---|---|---|
| Email correspondence (rico@hardseal.ai) | Name, email, organization, message contents | Respond to your inquiry, schedule calls, scope engagements |
| Browser verifier (verify.html) | Nothing leaves your browser. Verification runs entirely client-side. | By design — independence is the product |
| Static page hosting (GitHub Pages) | Standard server logs (IP, user agent, request path) maintained by GitHub per their privacy policy | Required by the hosting provider for security and abuse prevention |
| Downloads (trophy case bundle, verifier) | Same standard server logs as above. We do not register or track downloaders. | Hosting provider operational logs only |
| Paid Services (Hardseal Core / Edge) | Customer contact info, billing info via Stripe (we do not store full card numbers), Customer Data per executed SOW | Deliver the contracted Services; governed by the MSA and DPA |
2. What We Use Information For
We use the limited information we collect to:
- Respond to your emails and schedule calls;
- Deliver Services you have purchased under an executed MSA / SOW;
- Process payments via Stripe (Stripe's privacy policy applies to payment information);
- Maintain security and prevent abuse of the Site and Services;
- Comply with legal obligations.
3. Browser Verifier — Zero Data Transmission
The verifier at hardseal.ai/verify.html performs all computation in your browser. The packet you paste into the verifier is never transmitted to Hardseal, GitHub Pages logs do not capture it (it is not sent over the network), and no analytics script observes it. This is an architectural property, not a policy promise — the JavaScript source is readable from the page.
4. Cookies and Tracking
The Site does not set first-party tracking cookies. We do not use Google Analytics, Mixpanel, Segment, Amplitude, Hotjar, FullStory, or similar analytics platforms. The Site may set strictly necessary cookies if Hardseal later adds login or self-serve checkout functionality; if and when that happens, this Policy will be updated and a cookie banner will be shown.
5. Customer Data (Paid Services)
When you engage Hardseal under an MSA / SOW, the handling of Customer Data — including any Controlled Unclassified Information (CUI) — is governed by the executed agreement and the Data Processing Addendum (DPA). Customer Data remains your property. Hardseal Edge and Hardseal Core are designed to operate entirely on your enclave; no Customer Data transmits outside your environment unless you expressly authorize it.
6. Sharing
We share information only with:
- Service providers performing operational functions on our behalf (e.g., GitHub for hosting, Stripe for payments). These providers are bound by their own privacy obligations.
- Legal authorities when required by law or court order. We will provide notice where legally permitted.
- Successor entities in connection with a merger, acquisition, or sale of substantially all assets, subject to equivalent privacy protections.
We do not sell, rent, or trade personal information to third parties.
7. Data Retention
We retain email correspondence and prospect-engagement records for up to 24 months after the last interaction, after which we delete or anonymize them, except where longer retention is required by law or by an active or recently terminated MSA. Customer Data retention is governed by the applicable SOW and DPA.
8. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. To exercise these rights, email rico@hardseal.ai with the subject line "Privacy request."
9. Children
The Site and Services are not directed to children under 16. We do not knowingly collect personal information from children.
10. International Users
The Site is operated from the United States. By using the Site, you consent to the processing of your information in the U.S. We do not currently offer Services to or from EU/UK markets; if and when we do, this Policy will be updated to address GDPR/UK-GDPR terms.
11. Security
We apply reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. No internet transmission or storage is 100% secure; we encourage you to use strong passwords and to be cautious about the information you share by email.
12. Changes
We may update this Privacy Policy. Material changes will be posted on this page with an updated "Last Updated" date.
13. Contact
Privacy questions: rico@hardseal.ai · subject "Privacy."