PassRadar

Privacy policy

The short version: PassRadar has no analytics, no tracking cookies, and no ad tech — deliberately. You can use everything the site shows without telling us who you are. We only store personal data you actively give us: a waitlist email, or an account with a subscription. We never sell data and we don't profile anyone.

Last updated 3 July 2026

Who is responsible

The data controller for PassRadar (passradar.app) is StringCode OÜ, registered in Estonia under registry code 14588008. For anything in this policy, write to hello@passradar.app.

What we process and why

Each item shows its legal basis in plain words: "consent" means you opted in and can opt out; "contract" means we need it to provide what you signed up for; "legitimate interest" means we need it to keep the service running and secure. Items about accounts and alerts apply once those features launch.

  • Preferences on your device

    stays on your device

    Your watchlist, selected home city, and dismissed hints live in your browser's localStorage. They never leave your device, we can't see them, and clearing your browser data removes them completely.

  • Waitlist email

    consent

    If you join the premium waitlist we store your email address, when you signed up, and which page the form was on. We use it for one launch announcement — nothing else. You can ask us to delete it at any time, and joining the waitlist is entirely optional.

  • Account data

    contract

    When accounts launch: your email address, a hashed password (never the password itself) or your OAuth sign-in identity, and your subscription status. We need these to run your account and your subscription — that's the contract between us. Signing in will set one strictly-necessary session cookie; it identifies your login and nothing more.

  • Payment details

    contract

    Payments go through Stripe. We store only your Stripe customer reference and subscription status — your card number never touches our servers. Stripe processes your payment data under its own terms as a payment provider.

  • Alerts and push subscriptions

    contract

    If you set up premium alerts we store your alert configurations (which routes, which thresholds) and the push subscription endpoint your browser gives us, so we can deliver the notifications you asked for.

  • Server logs

    legitimate interest

    Our hosting provider keeps standard technical request logs (IP address, timestamp, requested URL) for a short period. We use them only to keep the service secure and debug problems — never to profile visitors.

No tracking, no analytics, no ads

This is a design decision, not an oversight. PassRadar runs no analytics scripts, sets no tracking or advertising cookies, embeds no social media widgets, and uses no fingerprinting. Today the site sets no cookies at all; once accounts launch, signing in will set exactly one strictly-necessary session cookie — which is why you won't find a cookie consent banner here: there's nothing to consent to. We also never sell personal data and never make automated decisions about you.

Who helps us run this

A few companies process data on our behalf, under data processing agreements. That's the complete list — no one else sees your data:

ProcessorWhat forWhere
Google Cloud / FirebaseHosting and infrastructureEU region
TursoDatabaseEU region
StripePayment processingEU/US, EU-approved safeguards
[EMAIL PROVIDER — TBD]Transactional email (launch + alert emails)TBD — will be listed here

How long we keep data

  • Waitlist emails — until the launch announcement is sent, then deleted within 3 months; deleted immediately on request.
  • Account data, alert configurations, and push subscriptions — while your account exists, deleted within 30 days of you deleting the account.
  • Payment records — Stripe transaction records are kept as long as accounting law requires (typically 7 years), then deleted.
  • Server logs — kept by our host for a short rolling window (no longer than 30 days), then deleted automatically.
  • localStorage preferences — on your device only; delete them anytime by clearing your browser data.

Your rights

Under the GDPR you can, at any time and free of charge:

  • Access ask what data we hold about you and get a copy
  • Rectification have wrong data corrected
  • Erasure have your data deleted ("right to be forgotten")
  • Restriction limit how we use your data while something is disputed
  • Portability get your data in a machine-readable format
  • Objection object to processing based on legitimate interest
  • Withdraw consent for anything consent-based (like the waitlist), anytime

To exercise any of these, email hello@passradar.app— we answer within a month. If you think we're handling your data wrongly, you also have the right to complain to a supervisory authority: either the data protection authority of Estonia or the one in the country where you live.

Changes to this policy

If what we process changes — for example when accounts and alerts launch, or when the email provider is chosen — we update this page and the date at the top. For changes that matter (new data, new purposes), account holders get an email first.

Contact

Privacy questions and requests: hello@passradar.app. For the rules of using the service, see the terms of service.