HardStop: Privacy Policy

Summary

This is the short version. The full policy follows below, but here is what you actually need to know.

We do not sell your data. Full stop. We never have and never will.
We cannot see what you do online. We have disabled all activity logging across our filtering infrastructure. We cannot see the websites you visit, your browsing history, your search terms, or anything else you do on your device. We are not watching you.
What we do hold is limited. We hold your name, email address, and subscription details. If you are a Mac or Windows user, certain technical device identifiers are visible to us through our filtering infrastructure as explained below and in the Terms of Service. We are transparent about this because we think you deserve to know.
We use a small number of trusted third parties to run our business — Stripe for payments, Cloudflare for Mac and Windows filtering infrastructure, Shopify for e-commerce, and Google and Meta for website analytics. We have named them all in this policy.
You have real rights over your data. Depending on where you live, you can ask us what we hold, ask us to delete it, and opt out of marketing at any time. The details are in Section 8.

1. Who We Are

HardStop LLC is a Delaware limited liability company and the data controller responsible for your personal information. We operate the HardStop service, a voluntary content-blocking and digital accountability service available at tryhardstop.com.

For users in the United Kingdom and European Union, HardStop LLC acts as the data controller within the meaning of the UK GDPR and EU GDPR respectively. For users in Australia, HardStop LLC is an organisation bound by the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.

2. What Data We Collect and Why

2.1 Account Data

When you sign up for HardStop, we collect your name and email address. We use this to manage your account, deliver removal credentials when your wait time expires, send renewal reminders, and communicate with you about your service. We cannot operate HardStop without this information.

Legal basis (UK/EU GDPR): performance of a contract.

2.2 Payment Data

When you subscribe to HardStop, your payment is processed by Stripe, Inc. Stripe collects and holds your payment card details. HardStop does not store your full card number, CVV, or banking credentials. We receive from Stripe only a transaction confirmation, the last four digits of your card for reference, and your billing country. We retain payment transaction records as required by applicable financial and tax law.

Legal basis (UK/EU GDPR): performance of a contract; legal obligation.

2.3 Wait Time Preference

We hold your chosen wait time duration. This is necessary to honour the commitment you made to yourself when you signed up.

Legal basis (UK/EU GDPR): performance of a contract.

2.4 Device Enrollment Data — Mac and Windows Users Only

Because Mac and Windows devices are enrolled in HardStop's filtering infrastructure, certain technical device information is visible to HardStop within our infrastructure provider's administrative dashboard. This is a necessary technical consequence of how the service works and is disclosed in full in Section 3.4 of the Terms of Service.

The information visible to HardStop includes: your email address; your device name; a system-assigned device identifier; your device's MAC address; your device's serial number; your device model and operating system version; connection status and last-seen timestamps; and approximate geographic location at city level.

We treat all of this information as personal data. We do not use it for any purpose other than confirming your enrollment status and administering your removal from the service. We do not profile, analyse, or commercialise this data in any way.

Legal basis (UK/EU GDPR): performance of a contract; legitimate interests (service administration).

2.5 Support Communications

When you email us at [email protected], we receive and retain the content of that communication, including your email address and anything you choose to share with us. We use this solely to respond to and resolve your support request. Our inbox is operated via Google Workspace (Gmail). Support emails are retained for up to two years from the date of the communication, after which they are deleted.

Legal basis (UK/EU GDPR): legitimate interests (providing customer support).

2.6 Website Analytics

Our website at tryhardstop.com uses analytics tools to help us understand how visitors find and use our site. These tools collect data including your IP address, browser type, device type, pages visited, and referring URLs. We use two analytics providers:

Google: We use Google Analytics and Google Tag Manager. Google collects data about your visit to our website in accordance with Google's Privacy Policy at policies.google.com/privacy. You can opt out of Google Analytics tracking at tools.google.com/dlpage/gaoptout.
Meta: We use the Meta Pixel on our website. This allows us to measure the effectiveness of our advertising and understand how people interact with our site. Meta collects data in accordance with Meta's Privacy Policy at facebook.com/policy. You can manage your Meta ad preferences at facebook.com/ads/preferences.

Both tools use cookies. See Section 7 for more information about cookies and how to manage them.

Legal basis (UK/EU GDPR): consent, obtained via our cookie notice on first visit.

2.7 Marketing Communications

If you are a HardStop subscriber, we may occasionally send you emails beyond transactional service communications. These include check-in messages, feedback requests, and occasional updates about the service. These are sent to your registered email address. You can opt out of non-transactional emails at any time by emailing [email protected] or using the unsubscribe link in any marketing email. Opting out of marketing emails does not affect your ability to receive service-critical communications such as renewal reminders and removal credentials.

Legal basis (UK/EU GDPR): legitimate interests (existing customer relationship); or consent where required by applicable law.

2.8 What We Do Not Collect

HardStop does not collect: your browsing history or DNS query logs on any platform; the websites you visit or attempt to visit; your search terms or online behaviour; your files, messages, photos, contacts, or any content stored on your device; your precise GPS location; or any data through the HardStop Enforcer application, which has no data collection capability of any kind.

3. How We Use Your Data

We use personal data only for the following purposes: delivering and administering your HardStop subscription; processing payments via Stripe; communicating with you about your account, wait time, and removal; responding to your support requests; sending service-critical communications including renewal reminders and removal credentials; sending non-transactional communications where you have not opted out; understanding how our website is used so we can improve it; detecting and preventing fraud or misuse of the service; and complying with our legal obligations.

We do not use your personal data to make automated decisions that affect you in a legal or similarly significant way.

4. Who We Share Your Data With

HardStop does not sell, rent, or trade your personal data. We share data only with the following trusted third-party providers, and only to the extent necessary to deliver our service.

Stripe, Inc. — Payment processing. Stripe receives your payment card details and billing information directly. Stripe is PCI-DSS compliant. Stripe's privacy policy is available at stripe.com/privacy.

Cloudflare, Inc. — Network filtering infrastructure for Mac and Windows users. Cloudflare processes network traffic through its own infrastructure. Device enrollment data is visible within Cloudflare's administrative dashboard as described in Section 2.4. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.

Shopify Inc. — E-commerce platform and store checkout framework. Shopify acts as an essential transactional data infrastructure system to execute order requests cleanly. Shopify's privacy policy is available at shopify.com/legal/privacy.

Google LLC — Website analytics and tag management via Google Analytics and Google Tag Manager. Google's privacy policy is available at policies.google.com/privacy.

Meta Platforms, Inc. — Website analytics via the Meta Pixel. Meta's privacy policy is available at facebook.com/policy.

Google Workspace (Gmail) — Support communications via our inbox at [email protected]. Google Workspace's data processing terms apply to emails processed through this service.

We may also disclose personal data if required to do so by law, regulation, or court order; in connection with a merger, acquisition, or asset sale, in which case we will notify users as described in Section 10; or to protect the rights, property, or safety of HardStop, our users, or others.

5. International Data Transfers

HardStop LLC is based in the United States. All third-party providers named in Section 4 are also US-based. If you are located in the United Kingdom, European Union, or Australia, your personal data is transferred to and processed in the United States.

For UK and EU users, we rely on Standard Contractual Clauses approved by the European Commission and UK Information Commissioner's Office as the legal mechanism for international data transfers where applicable. Each of our named third-party providers maintains appropriate transfer mechanisms under applicable data protection law. Details are available in the respective privacy policies linked in Section 4.

For Australian users, we handle your personal data in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth), including APP 8 regarding cross-border disclosure.

6. How Long We Keep Your Data

We retain your personal data only for as long as necessary for the purposes for which it was collected.

Account data (name, email, wait time preference) is retained for the duration of your active subscription and for 30 days after cancellation or account deletion, after which it is permanently deleted.

Payment transaction records are retained for seven years as required by applicable financial and tax law.

Device enrollment data visible through our filtering infrastructure is removed upon confirmed device uninstallation or account deletion.

Support communications are retained for up to two years from the date of the communication.

Website analytics data is retained in accordance with the retention settings of Google Analytics and Meta Pixel respectively.

When we no longer need personal data, we delete it securely.

7. Cookies

Our website at tryhardstop.com uses cookies. Cookies are small text files placed on your device when you visit a website.

We use the following types of cookies: strictly necessary cookies, which are required for the website to function and cannot be switched off; analytics cookies placed by Google Analytics and Google Tag Manager to help us understand how our website is used; and advertising and measurement cookies placed by the Meta Pixel.

On your first visit to our website, you will be shown a cookie notice. Strictly necessary cookies are applied automatically. Analytics and advertising cookies are only applied with your consent. You can withdraw your consent or manage your cookie preferences at any time by adjusting your browser settings or using a cookie management tool. Note that disabling certain cookies may affect the functionality of our website.

8. Your Rights

All users

You can ask us what personal data we hold about you; you can ask us to correct inaccurate data; you can ask us to delete your data, subject to our legal retention obligations; and you can opt out of non-transactional marketing emails at any time.

UK and EU users (UK GDPR / EU GDPR)

In addition to the above, you have the right to restrict our processing of your data in certain circumstances; the right to data portability for data you have provided to us; the right to object to processing based on legitimate interests; and the right to withdraw consent for any processing based on consent, including analytics cookies. You also have the right to lodge a complaint with your supervisory authority — the UK Information Commissioner's Office at ico.org.uk, or your relevant EU data protection authority.

Australian users (Privacy Act 1988)

You have the right to access personal information we hold about you and to request correction of that information under the Australian Privacy Principles. If you believe we have handled your personal information in a way that does not comply with the Australian Privacy Principles, you may complain to us first, and if unresolved, to the Office of the Australian Information Commissioner at oaic.gov.au.

California users (CCPA/CPRA)

You have the right to know what personal information we collect, use, and share; the right to delete personal information we hold about you, subject to certain exceptions; the right to correct inaccurate personal information; and the right to opt out of the sale or sharing of personal information. HardStop does not sell or share personal information as defined under the CCPA. To exercise any of these rights, contact us at [email protected]. We will respond within 45 days.

To exercise any of the rights listed above, email us at [email protected]. We will respond within 30 days for UK and EU requests, within 30 days for Australian requests, and within 45 days for California requests. We may ask you to verify your identity before processing your request.

9. Data Security

HardStop maintains reasonable and appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include access controls limiting who within HardStop can access personal data, use of trusted and security-certified third-party providers, and secure handling of removal credentials.

No method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we take our obligation to protect your data seriously.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, HardStop will notify affected users and relevant supervisory authorities in accordance with applicable law.

10. Business Transfers

If HardStop LLC is acquired, merges with another entity, or transfers substantially all of its assets, your personal data may be transferred to the acquiring entity as part of that transaction. We will notify you by email and post a notice on our website before your personal data is transferred and becomes subject to a different privacy policy. If the acquiring entity does not continue the HardStop service, your removal credentials will be released to you as described in Section 18 of the Terms of Service.

11. Children

HardStop is not intended for individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected personal data from a minor, please contact us at [email protected] and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our service, or applicable law. When we make material changes, we will notify you by email at least 10 days before the changes take effect and post the updated policy at tryhardstop.com/privacy with a new effective date. Continued use of HardStop after the effective date of any update constitutes acceptance of the updated policy.

13. Contact and Complaints

For any questions about this Privacy Policy or how we handle your personal data, contact us at:

Email: [email protected]
Address: HardStop LLC, 131 Continental Dr Suite 305, Newark, DE 19713, United States

If you are a UK or EU user and are not satisfied with our response to a privacy concern, you have the right to complain to your local data protection supervisory authority. If you are an Australian user and are not satisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner at oaic.gov.au.