This policy explains what data HCKConnect collects, why, and your choices. HCKConnect lets you remotely view and control computers you own or are authorized to access.
| Data | Why |
|---|---|
| Account: username, email address, password (stored only as an Argon2 hash) | Create and secure your account. |
| Two-factor secret (if you enable 2FA) | Verify TOTP codes at sign-in. |
| Machines: name, operating-system description, last-seen time, online status | Show your computers and route connections. |
| Sessions: which user connected to which machine, start/end times, status | Operate and account for remote sessions. |
| Organizations/Teams: team names, members, and email invitations | Sharing machines with teammates (optional feature). |
| Operational logs: connection metadata and approximate IP address | Security, abuse prevention, and diagnostics. |
The contents of a remote session — your screen video, audio, keystrokes, mouse input, clipboard, and transferred files — are end-to-end encrypted between the controlled computer and the viewing device (X25519 key exchange, AES-256-GCM). Our relay transports this encrypted data to connect the two ends and does not record or store your screen content. Session recordings, if you make them, are saved locally on your own device, not on our servers.
To provide and secure the service, authenticate you, route connections, prevent abuse, and communicate with you about your account. We do not sell your personal data.
We use third parties to operate the service, including [HOSTING PROVIDER, e.g. DigitalOcean] for infrastructure and [PAYMENT PROVIDER, e.g. Stripe] for billing (which processes payment details we do not store). A current list is available on request.
Account and machine records are kept while your account is active. Operational logs are retained for [RETENTION PERIOD, e.g. 30–90 days]. You may request deletion of your account and associated data (see Your Rights).
We use TLS in transit, end-to-end encryption for session media/input, Argon2 password hashing, optional two-factor authentication, and login rate-limiting. See Security.
Depending on your location (e.g. GDPR/UK GDPR, CCPA), you may have rights to access, correct, export, or delete your data, and to object to certain processing. Contact [PRIVACY EMAIL].
Your data may be processed in [COUNTRY/REGION]. Where required, we rely on appropriate safeguards for cross-border transfers.
HCKConnect is not directed to children under [16/13] and we do not knowingly collect their data.
We will post changes here and update the "Last updated" date; material changes will be notified to account holders.
[LEGAL ENTITY NAME], [REGISTERED ADDRESS]. Privacy questions: [PRIVACY EMAIL].