Privacy Policy

Verantwortlicher im Sinne der DSGVO:

Roland Kaloczi

Prager Straße 26/3

3580 Horn

Austria

Email: roland.kaloczi@outlook.com

HexBurn is designed with privacy-first principles. We do NOT collect, store, or process:

• Message content (encrypted or unencrypted)
• PDF documents you encrypt
• Personal information (names, email addresses, phone numbers)
• IP addresses
• Browser fingerprints
• Usage patterns or analytics
• Login credentials (we don't have user accounts)
• Location data
• Device information

All encryption and decryption happens entirely in your web browser using client-side JavaScript. When you create an encrypted message:

• Your data never leaves your device
• No information is transmitted to our servers
• Nothing is stored in databases
• Everything is processed locally on your computer

This means we have zero access to the messages you create or the information they contain.

We do not use cookies. We do not use any tracking technologies, including:

• Cookies
• Local storage (except for your preferences if you choose to save them locally)
• Analytics tools (no Google Analytics, no third-party trackers)
• Social media pixels
• Marketing or advertising trackers

Our website may contain links to third-party services. These services have their own privacy policies:

Content Delivery Networks (CDN): We may use Content Delivery Networks (CDNs) such as Cloudflare or similar providers to deliver static assets efficiently. These providers may temporarily process anonymized technical information (such as IP addresses) for caching and security purposes.

External Links: When you click on external links, you will be directed to third-party websites that have their own privacy practices.

We are not responsible for the privacy practices of third-party websites or services.

Our hosting provider may collect basic server logs including IP addresses, timestamps, and requested URLs for security and technical purposes. These logs are automatically deleted after a short retention period and are never used for tracking or analytics.

Our hosting provider acts as a data processor under Article 28 GDPR and processes minimal technical data (such as server logs) solely for security and operational purposes. These logs are not linked to individual users.

Because no data is collected or stored, there is nothing to secure on our side. Nonetheless, we use HTTPS encryption to ensure that all connections between your device and our service are secure.

All encryption and decryption is performed locally within your browser using AES-256-GCM via the Web Crypto API, ensuring full control and privacy. Your data security is guaranteed by the fact that your data never leaves your device.

HexBurn does not knowingly collect information from children under 13 (or applicable age in your jurisdiction). Since we don't collect any personal information at all, our service can be used safely by users of all ages under appropriate supervision.

HexBurn is operated from Austria and complies with:

• GDPR (European Union General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• LGPD (Brazilian General Data Protection Law)
• POPIA (South African Protection of Personal Information Act)

Since we don't collect any personal data, there's no data to transfer, process, or store across borders.

Under various privacy laws, you have rights regarding your personal data. However, since HexBurn doesn't collect any personal data:

• Right to Access: There's no data to access
• Right to Deletion: There's no data to delete
• Right to Portability: There's no data to port
• Right to Correction: There's no data to correct
• Right to Object: There's no processing to object to

Your encrypted messages and data exist only on your device and in the URLs you share. They are under your complete control.

In the event of a merger, acquisition, or sale of assets, since we don't collect user data, there would be no user data to transfer.

HexBurn's code is designed to be transparent. You can verify that all encryption and decryption happens client-side by inspecting your browser's network activity - you'll see that no data is sent to our servers when you generate encrypted messages.

We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting. We will update the "Last Updated" date at the bottom of this page.

Since we don't collect your contact information, we cannot notify you of changes. We encourage you to review this Privacy Policy periodically.

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Email: roland.kaloczi@outlook.com

Postal Address:

Roland Kaloczi

Prager Straße 26/3

3580 Horn

Austria