Privacy policy
The short version: PassRadar has no analytics, no tracking cookies, and no ad tech — deliberately. You can use everything the site shows without telling us who you are. We only store personal data you actively give us: a waitlist email, or an account with a subscription. We never sell data and we don't profile anyone.
Last updated 3 July 2026
Who is responsible
The data controller for PassRadar (passradar.app) is StringCode OÜ, registered in Estonia under registry code 14588008. For anything in this policy, write to hello@passradar.app.
What we process and why
Each item shows its legal basis in plain words: "consent" means you opted in and can opt out; "contract" means we need it to provide what you signed up for; "legitimate interest" means we need it to keep the service running and secure. Items about accounts and alerts apply once those features launch.
Preferences on your device
stays on your deviceYour watchlist, selected home city, and dismissed hints live in your browser's localStorage. They never leave your device, we can't see them, and clearing your browser data removes them completely.
Waitlist email
consentIf you join the premium waitlist we store your email address, when you signed up, and which page the form was on. We use it for one launch announcement — nothing else. You can ask us to delete it at any time, and joining the waitlist is entirely optional.
Account data
contractWhen accounts launch: your email address, a hashed password (never the password itself) or your OAuth sign-in identity, and your subscription status. We need these to run your account and your subscription — that's the contract between us. Signing in will set one strictly-necessary session cookie; it identifies your login and nothing more.
Payment details
contractPayments go through Stripe. We store only your Stripe customer reference and subscription status — your card number never touches our servers. Stripe processes your payment data under its own terms as a payment provider.
Alerts and push subscriptions
contractIf you set up premium alerts we store your alert configurations (which routes, which thresholds) and the push subscription endpoint your browser gives us, so we can deliver the notifications you asked for.
Server logs
legitimate interestOur hosting provider keeps standard technical request logs (IP address, timestamp, requested URL) for a short period. We use them only to keep the service secure and debug problems — never to profile visitors.
No tracking, no analytics, no ads
This is a design decision, not an oversight. PassRadar runs no analytics scripts, sets no tracking or advertising cookies, embeds no social media widgets, and uses no fingerprinting. Today the site sets no cookies at all; once accounts launch, signing in will set exactly one strictly-necessary session cookie — which is why you won't find a cookie consent banner here: there's nothing to consent to. We also never sell personal data and never make automated decisions about you.
Who helps us run this
A few companies process data on our behalf, under data processing agreements. That's the complete list — no one else sees your data:
| Processor | What for | Where |
|---|---|---|
| Google Cloud / Firebase | Hosting and infrastructure | EU region |
| Turso | Database | EU region |
| Stripe | Payment processing | EU/US, EU-approved safeguards |
| [EMAIL PROVIDER — TBD] | Transactional email (launch + alert emails) | TBD — will be listed here |
How long we keep data
- Waitlist emails — until the launch announcement is sent, then deleted within 3 months; deleted immediately on request.
- Account data, alert configurations, and push subscriptions — while your account exists, deleted within 30 days of you deleting the account.
- Payment records — Stripe transaction records are kept as long as accounting law requires (typically 7 years), then deleted.
- Server logs — kept by our host for a short rolling window (no longer than 30 days), then deleted automatically.
- localStorage preferences — on your device only; delete them anytime by clearing your browser data.
Your rights
Under the GDPR you can, at any time and free of charge:
- Access — ask what data we hold about you and get a copy
- Rectification — have wrong data corrected
- Erasure — have your data deleted ("right to be forgotten")
- Restriction — limit how we use your data while something is disputed
- Portability — get your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — for anything consent-based (like the waitlist), anytime
To exercise any of these, email hello@passradar.app— we answer within a month. If you think we're handling your data wrongly, you also have the right to complain to a supervisory authority: either the data protection authority of Estonia or the one in the country where you live.
Changes to this policy
If what we process changes — for example when accounts and alerts launch, or when the email provider is chosen — we update this page and the date at the top. For changes that matter (new data, new purposes), account holders get an email first.
Contact
Privacy questions and requests: hello@passradar.app. For the rules of using the service, see the terms of service.