Hardings

Privacy Policy

Last updated: April 1, 2026

This page explains what information is collected, how it is used, and the choices you have when you create an account or use the site. This version is written to match the current application rather than a generic template.

What we collect

When you create or use an account, we may collect the information you submit directly and a limited amount of operational data created by the site.

Account details such as username and email address.
Password data stored as a one-way hash rather than in plain text.
Email verification and password reset tokens while those flows are active.
Basic request and security metadata such as IP address, browser details, timestamps, and related logs used to operate and protect the service.
Visitor and usage information generated by analytics or fraud-prevention features used by the application.

How we use information

To create, authenticate, and maintain user accounts.
To send account-related emails such as verification links, password reset emails, and important service notices.
To review approvals, manage account access, and administer the platform.
To monitor abuse, investigate suspicious activity, and keep the site reliable.
To understand site usage and improve the product over time.

Hardings does not sell personal information collected through this site.

Cookies and authentication

Hardings uses cookies that are necessary for sign-in and account security. Authentication is handled with secure, httpOnly cookies so that session credentials are not exposed to front-end JavaScript.

If you block required cookies, parts of the login and account experience may not work correctly.

Sharing and service providers

Information may be processed by providers that help deliver the service, such as infrastructure, DNS, edge security, and email delivery partners. Information may also be disclosed where required by law or where reasonably necessary to protect the service, users, or Hardings.

Retention

Account information is retained while an account remains active and for a reasonable period afterward when needed for security, compliance, dispute handling, or operational recovery.

Verification and reset tokens are temporary and expire automatically.
Security and application logs may be retained for operational and abuse-prevention purposes.
Backups may persist for a limited period before rotation.

Your choices

You can request updates or deletion of account information by contacting us. Some data may need to be retained where required for legal, security, or operational reasons.

If you no longer want to use the service, contact the team before creating duplicate accounts so the existing records can be handled cleanly.

Security note

We uses measures such as HTTPS, password hashing, token expiration, and rate limiting to reduce risk, but no service can promise absolute security. Use a unique password and protect access to your email account because email is part of the account recovery flow.

Contact

For privacy questions or requests, contact [email protected].