Privacy Policy

Hawser is a Windows desktop application built and operated by Cook Impact Software LLC ("we," "us," "our") that helps you stay focused by quietly observing what you're doing on your computer and gently reminding you when you drift off-task. This policy explains what we collect, why we collect it, and how it's stored.

Plain-English summary: Almost everything Hawser knows about you stays on your own computer. We collect the minimum needed to run your account and your subscription. Screenshots never leave your machine unless you explicitly opt in. We do not sell your data and we do not run ad tracking.

1. What we collect

1a. Information you give us directly

• Account email and password. Required to create an account. Your password is stored as a one-way PBKDF2 hash with a per-user random salt - we cannot see or recover your original password.
• Daily missions, chat messages, profile facts. When you talk to the in-app AI companion or set a daily mission, that content is processed to generate responses and may be retained locally in your app's database to provide context across sessions.
• Partner program application data. If you apply for the Partner Program, the information you submit (name, email, optional URL, why-you-want-to-join text) is stored so we can review your application.
• Support and feedback. When you send feedback or contact support, we receive whatever you choose to include.

1b. Information collected automatically

• App usage telemetry. Active window titles, app names, and approximate focus/distraction durations - kept locally in a SQLite database on your machine to power your daily summary. This data is not transmitted off your computer in normal operation.
• Screenshots (optional, opt-in). By default Hawser analyzes your screen entirely on your local machine. If you enable cloud AI mode, screenshots may be sent to Anthropic for analysis as part of an API request. They are not retained beyond the duration of the request.
• Crash and error reports. If Hawser crashes, a minimal error report (stack trace, app version, OS version) may be sent to help us diagnose the bug. We do not include screenshots or window titles in error reports.
• Session metadata. When you sign in on the website or in the app, we store a session token plus the approximate sign-in time so that we can keep you signed in and recognize unusual activity.

1c. Information collected by Stripe (payments)

Payment card data is collected directly by Stripe on Stripe-hosted pages. We never see your full card number. We receive only the Stripe customer ID, subscription status, last-four digits of the card on file, and billing email, which we use to manage your subscription.

2. Where your data lives

• On your computer: activity logs, screenshots (unless you opt in to cloud mode), chat history, daily missions, profile facts. All in a SQLite database under your local Windows user profile.
• Cloudflare Workers KV (United States): account record (email + hashed password + metadata), active sessions, Stripe customer ID, license token, partner program applications.
• Stripe (United States): payment details, billing history, subscription status.
• Resend (United States): outbound transactional emails (sign-in confirmations, magic links, partner approval notices).
• Anthropic (United States): chat messages and (if you opt in) screenshots, processed at the time of each API call. We do not opt into Anthropic's training data use; per Anthropic's commercial terms your data is not used to train their models.

3. Why we collect what we collect

• To run your account and subscription (email, password hash, Stripe customer ID, license token, session tokens).
• To give Hawser the context it needs to actually help you (daily missions, chat history, profile facts - kept locally on your machine).
• To respond to your messages (chat content sent to Anthropic in cloud mode).
• To fix bugs (crash reports).
• To review partner program applications (application data).

We do not sell personal data. We do not use it for advertising. We do not run ad-network tracking pixels on this website.

4. Third-party services

We rely on a small number of vendors to operate Hawser. Each has its own privacy practices:

• Stripe - payment processing
• Cloudflare - account storage (Workers KV), website hosting (Pages)
• Resend - transactional email delivery
• Anthropic - AI inference (cloud mode only)

5. How long we keep your data

• Account records: retained for as long as your account exists, plus a short retention window after deletion for legal and accounting purposes.
• Sessions: automatically expire (typically 30 days) and are deleted from our storage.
• Magic-link tokens: 15-minute expiry, deleted on use.
• Local SQLite data: stays on your computer until you delete it (in-app "Wipe all data" or by uninstalling Hawser).
• Partner program applications: kept indefinitely for record-keeping unless you request deletion.

6. Your rights

You can, at any time:

• See what's on your computer: open Hawser → Settings → Data & Privacy.
• Wipe local data: Settings → Data & Privacy → "Wipe all data."
• Cancel your subscription: Account → Manage Subscription.
• Request account deletion: email [email protected]. We will delete your account record, any active session, and your partner application (if any) within 30 days. Anonymized records that we are legally required to keep (for example, tax records for completed Stripe payments) may be retained as required.
• Request a copy of your data: email support and we will provide what we hold about you within 30 days.

If you are in the European Economic Area, the United Kingdom, or California, you have additional rights under GDPR and CCPA, including the right to object to processing, the right to data portability, and the right to lodge a complaint with your local data protection authority. Email support to exercise any of these.

7. Security

Passwords are hashed with PBKDF2 (salted, many iterations) before storage - we cannot read your password. All connections between Hawser and our backend use HTTPS. Session tokens are stored in Windows Credential Manager on your device. Despite this, no system is perfectly secure. If we ever become aware of a breach affecting your account, we will notify you by email without undue delay.

8. Children

Hawser is not directed at and is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child, contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. If the changes are material, we will additionally notify you by email. Continuing to use Hawser after changes take effect means you accept the updated policy.

10. Contact

Questions about this policy, or to exercise any of your rights, email [email protected].