Haders AI ("Haders", "we", "us", or "our") operates the haders.site platform and related subdomains. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.
By creating an account or using any part of the Haders platform, you agree to the practices described in this policy. If you do not agree, please do not use the service.
Conversation data.Messages you send to the AI and its responses. These are stored to power conversation history and context features.
Usage data.Model selection, token counts, daily message counts, and session timestamps — used for billing, rate limiting, and platform analytics.
Device & session data.Browser user-agent, trusted device tokens (stored locally), and session identifiers (httpOnly cookies). We do not store raw IP addresses beyond transient log entries.
Payment data.Payment processing is handled entirely by Stripe. Haders never stores full card numbers, CVVs, or raw payment credentials. We receive only billing status, subscription metadata, and the last 4 digits of your card from Stripe.
Memory & agents.Any user-defined memory notes or custom agent configurations you create within the platform.
3. How We Use Your Information
Service delivery.To authenticate your account, route your messages to AI models, and return responses.
Billing.To enforce tier limits, process subscription payments via Stripe, and send payment receipts.
Security.To detect abuse, enforce rate limits, investigate policy violations, and protect the platform and its users.
Improvement.Aggregate, anonymised usage patterns may inform product decisions. We do not sell individual usage data to third parties.
Communications.Transactional emails (OTP codes, login alerts, payment confirmations). Marketing emails only if you have opted in.
4. Data Retention
Conversation history is retained for as long as your account is active. You can delete individual conversations or your entire account at any time from the Settings page.
Account data is deleted within 30 days of account deletion. Aggregated, anonymised analytics data may persist indefinitely as it cannot be linked to any individual. Backup snapshots containing your data are purged within 90 days of account deletion.
Blocked-request logs (used for content policy enforcement) store only a cryptographic hash of the content — never the raw text — and are retained for 12 months.
5. Third-Party Services
Stripe.Payment processing. Data subject to Stripe's Privacy Policy.
Resend.Transactional email delivery. Only your email address is shared.
Cloudflare.DDoS protection, DNS, and CDN. Traffic passes through Cloudflare's network. Data subject to Cloudflare's Privacy Policy.
RunPod.AI inference infrastructure. Conversation content is passed to inference endpoints to generate responses. RunPod does not retain inference data beyond the duration of a single request.
ipapi.co.Used exclusively for the login-alert email to indicate the approximate geographic region of a new sign-in. No data is stored by us from this lookup.
6. Cookies
We use a single authentication cookie named haders-session — an httpOnly, Secure, SameSite=Lax cookie containing a signed session token. It has a 30-day TTL and is scoped to .haders.site.
We also use localStorage to store a trusted-device token (haders-trusted-device) to avoid repeated OTP prompts on trusted devices. No advertising or analytics cookies are set.
See our Cookie Policy for full details.
7. Your Rights
Access.You may request a copy of the personal data we hold about you.
Deletion.You may delete your account and all associated data from Settings → Account → Delete Account.
Correction.You may update your email address and account details from the Settings page.
Portability.Conversation exports are available on request. Contact us at privacy@haders.site.
Objection.You may opt out of non-essential communications from Settings → Notifications.
8. Children
Haders is restricted to users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, please contact us immediately at privacy@haders.site and we will delete it.
9. Security
Passwords are stored as bcrypt hashes (12 rounds). Session tokens are cryptographically signed. All traffic is encrypted in transit via TLS 1.2+. The database is stored on an encrypted volume. Admin access is restricted by IP whitelist. We perform regular dependency audits and apply security patches promptly.
10. Changes to This Policy
We may update this policy as the platform evolves. Material changes will be communicated via email and a notice on the platform. Continued use of Haders after the effective date of a change constitutes acceptance of the updated policy.
11. Contact
For privacy-related questions, data requests, or complaints:
Email: privacy@haders.site
Discord: discord.gg/X8sdEVHchA
We aim to respond to all privacy requests within 5 business days.