Heavstal Tech™ is committed to protecting your privacy. This Privacy Policy explains our practices regarding the collection, use, and disclosure of your information through our digital services.
1. Information Collection
Account Information
When you register or authenticate via Heavstal Accounts, we collect:
- Display Name and Email Address.
- Profile Avatar URL.
- Authentication tokens and session identifiers.
Usage Data
To ensure system stability and security, we automatically log:
- IP Addresses (hashed for anonymity where possible).
- API endpoint request volume and latency metrics.
- Browser User-Agent strings.
2. Zero-Knowledge Architecture (Vault Data)
The Heavstal Password Manager utilizes client-side AES-256 encryption. This architecture ensures strict data privacy:
- No Knowledge of Master Password: Your Master Password is never transmitted to or stored on our servers. It remains exclusively on your local device.
- Encrypted Storage: We store only the encrypted binary data (blobs). We do not have the cryptographic keys required to decrypt or view your stored credentials.
3. Third-Party Service Providers
We engage trusted third-party companies to facilitate our service provision. These third parties have access to your Personal Data only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.
| Provider | Function | Data Scope |
|---|---|---|
| Supabase | Database & Authentication | User profiles, encrypted data |
| Vercel KV (Redis) | Caching & Rate Limiting | Session IDs, IP hashes |
| Paystack | Payment Processing | Email, Transaction Metadata |
| Brevo | Transactional Email | Email address, First name |
4. Cookies & Local Storage
We use cookies and local storage technologies for essential operational purposes:
- Authentication: Cookies such as
heavstal_sessionare used to maintain your secure login state. - Security: Anti-forgery tokens (CSRF) are stored to prevent unauthorized actions.
- Preferences: Local storage is used to save your UI theme preference (Dark/Light mode).
5. Data Retention & Deletion
We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. You have the right to request the deletion of your account and all associated data at any time via the account settings or by contacting support. Upon account deletion, all personally identifiable information is permanently purged from our active databases.
6. Contact Information
If you have any questions about this Privacy Policy, please contact our Data Protection Officer: