Haloceteki Studio
enfr

Privacy

How we handle your data.

A short, honest note about what we collect when you visit this site — and what we don't.

Last updated · 29 May 2026

What we collect

Each time you load a page on this site we record one row in our database: the path you visited (e.g. /work), the root domain that referred you (e.g. google.com — never the full URL with its query parameters), your browser's reported language, a coarse device class (mobile / tablet / desktop), and a short fingerprint computed from your IP address and browser. The fingerprint is hashed with a daily-rotating secret salt, so we can count unique visitors within a day but cannot link visits across days or back to a specific person.

What we don't

We set no cookies. We use no localStorage, IndexedDB, or any other client-side storage. We embed no third-party scripts, no social-share widgets, no advertising, no profiling. We do not record what you type into form fields beyond what you submit. We do not track you across other sites. If your browser sends a Do Not Track header, the tracker doesn't fire at all.

Why

To know roughly how many people find the site, which pages they read, and where they come from. That's the only purpose — there is no advertising or monetisation tied to this data. The lawful basis is our legitimate interest in understanding usage of our own site (GDPR Article 6(1)(f)); the daily salt rotation and lack of cross-day correlation keep the impact on you minimal.

How long we keep it

Page-view rows are kept indefinitely at the moment. We plan to add an automatic deletion of rows older than 24 months and will update this notice once it's in place. Contact-form submissions are kept for as long as the conversation they started is active, then archived for our records.

Who sees it

Only us. The data lives in a Postgres database on our own server, never sent to a third party for analytics. The server logs (nginx, application) are accessible to the technical team for operating the platform — same legal basis, same retention plan.

Your rights

You can ask for a copy of the data we hold about you, or for its deletion. Email haloceteki@hotmail.com. Realistically: because the fingerprint rotates daily and isn't reversibly linked to you, we may not be able to identify which rows belong to your visits — but we'll do our best with whatever identifier you can provide (the IP you used, the approximate time of your visit, etc.).

Contact form

When you submit the contact form, we collect your name, email, optional company, and message. We use this to reply to you, and only to reply to you. The email lands in our inbox via our own mail relay — no third-party transactional-mail provider has the content. We don't sign you up for anything.

Bot protection

The contact form is protected by Cloudflare Turnstile, which runs a brief invisible challenge to filter out automated submissions. Turnstile sets a short-lived storage token in your browser for that purpose, which Cloudflare classes as strictly-necessary anti-abuse technology and not subject to consent. Cloudflare publishes its own privacy notice at cloudflare.com/privacypolicy.

Invite requests

If you use the self-service form at auth.haloceteki.eu/Request to ask for an invite, we collect your email, your name (if you provided one), the app you requested access to, and your message. We also store your IP and user-agent briefly — both are cleared as soon as the request is decided. The confirmation link we send you contains a token stored only as a SHA-256 hash; the live token is sent in the email and never written to disk. Declined requests are kept for 30 days as anti-abuse history, approved requests link to the resulting invite code, and spam-marked requests are deleted after 90 days.

Changes to this notice

If we change how we handle data, we'll update this page and note the change in the date at the top. There's no separate notification — checking back here from time to time is on you.