HazraX ToolboxHazraX ToolboxPrivacy-first browser studio

GDPR & CCPA

Your rights, honored by design.

HazraX is built to avoid collecting personal data. If you reach out, we will respect your rights to access, correct, or delete that correspondence, and we do not sell personal information.

No data sellingMinimal collectionLast updated: 27 November 2025

How HazraX handles data

This page explains your privacy rights under the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our local-first architecture means we collect minimal personal data.

  • Tool inputs stay in your browser; we do not upload them to our servers.
  • We store only your theme preference locally under hazrax-theme.
  • If you email us, we receive your email address and message solely to respond.
  • We do not sell or share personal information for advertising or profiling.

Legal basis for processing (GDPR)

Under GDPR Article 6, we process personal data based on the following legal bases:

  • Consent (Article 6(1)(a)): By using our Service and local storage, you consent to storing your theme preference.
  • Legitimate interests (Article 6(1)(f)): We have a legitimate interest in responding to your support inquiries when you email us.
  • No special categories: We do not process special category data (Article 9) or data relating to criminal convictions (Article 10).

Your rights (GDPR)

  • Access (Art. 15): Request the personal data we hold about you (typically only prior emails).
  • Rectification (Art. 16): Ask us to fix incorrect information.
  • Erasure (Art. 17): Request deletion of personal data we hold.
  • Portability (Art. 20): Receive a copy of personal data you provided to us.
  • Object (Art. 21): Object to processing based on legitimate interests.
  • Restrict (Art. 18): Request restriction of processing in certain circumstances.

Your rights (CCPA)

  • Know: Right to know what personal information we collect, use, or share.
  • Delete: Right to request deletion of personal information.
  • Opt-out: Right to opt-out of sale/share (we do not sell or share data).
  • Non-discrimination: We will not discriminate against you for exercising your rights.
  • Authorized agent: You may designate an authorized agent to make requests on your behalf.

How to submit a request

To exercise your rights under GDPR or CCPA:

  • Email subir.hazra.031@gmail.com with the request type (access, correction, deletion, portability, opt-out).
  • Include the email address used so we can verify ownership.
  • We respond promptly; if more than 30 days is needed, we will notify you.
  • We may ask for limited verification info to protect your account and data.
  • There is no fee for submitting a request, but we may charge a reasonable fee for manifestly unfounded or excessive requests.

CCPA specific disclosures

Categories of personal information

In the past 12 months, we have collected the following categories of personal information from California residents:

  • Identifiers: Email address (only if you contact us).
  • Commercial information: None collected.
  • Internet activity: Theme preference stored locally (not transmitted to us).

Sale and sharing of personal information

We do not sell your personal information for monetary value. However, we may share non-personally identifiable information (such as cookie data or IP addresses) with third-party advertising partners to deliver relevant ads. Under CCPA, this sharing may be considered a "sale" or "share" of personal information. You have the right to opt-out of this sharing.

Data breach notification

In the unlikely event of a data breach involving personal data:

  • Under GDPR Article 33, we will notify the relevant supervisory authority within 72 hours if the breach poses a risk.
  • Under GDPR Article 34, we will notify affected individuals if the breach poses a high risk to their rights and freedoms.
  • We will document all breaches, including facts, effects, and remedial actions taken.
  • Given our local-first architecture, the risk of breaches involving tool data is minimal as this data never reaches our servers.

International considerations

HazraX is a browser-based service; processing happens where you run the tool.

  • We do not transfer your files to our servers, so cross-border transfers do not occur for tool inputs.
  • Our website is hosted in [hosting location]. If you are in the EU/EEA or California, accessing our website may constitute a cross-border transfer.
  • Emails you send are stored with our email provider and may be subject to cross-border transfers with appropriate safeguards.
  • For EU/EEA data subjects, transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.

Data protection authority

If you are not satisfied with our response to your data protection request, you have the right to lodge a complaint with a supervisory authority:

  • EU/EEA residents: Contact your local data protection authority or the lead supervisory authority.
  • UK residents: Information Commissioner's Office (ICO) - ico.org.uk
  • California residents: California Attorney General - oag.ca.gov

Need a GDPR/CCPA request handled?

We keep data minimal, so requests are fast to fulfill.

Email subir.hazra.031@gmail.com