Legal

Privacy Policy

Last updated: March 2026 · Zerostone Digital

This Privacy Policy explains how Zerostone Digital ("we", "us", "our") collects, uses, and protects your information when you use Hellhound (hellhound.dev).

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and applicable Swedish data protection law.

1. Who We Are

2. What We Collect and Why

We only collect what we need to provide the service.

Account data

What: Your email address and a hashed API key

Why: To identify your account and authenticate API requests

Legal basis: Contract — necessary to provide the service

Retention: Until you delete your account

Automation run metadata

What: For each monitored automation run — start time, end time, duration, output length, exit code, output format, first and last 200 characters of output as a preview, any error messages

Why: To detect anomalies and show you run history

Legal basis: Contract — necessary to provide the service

Retention: 90 days (Pro plan) or 1 year (Agency plan), then automatically deleted

Alert configuration

What: Email addresses, Slack webhook URLs, phone numbers you configure as alert destinations

Why: To send you alerts when anomalies are detected

Legal basis: Contract — necessary to provide the service

Retention: Until you remove the alert configuration

Payment data

What: We do not store your payment card details. Stripe processes all payments. We receive a customer ID and subscription status from Stripe.

Why: To manage your subscription

Legal basis: Contract

Retention: As required by Swedish accounting law (7 years)

Usage logs

What: IP addresses, request timestamps, HTTP method and path

Why: Security monitoring, debugging, abuse prevention

Legal basis: Legitimate interest

Retention: 30 days, then automatically deleted

Session data

What: A session cookie that keeps you logged in

Why: Authentication

Legal basis: Contract — necessary to use the dashboard

Retention: Expires after 7 days or on logout

3. What We Do Not Collect

We deliberately do not collect:

  • Full content of your automation outputs
    We capture only the first and last 200 characters as a preview. The rest is never sent to our servers.
  • Your clients' personal data
    Your automations may process your clients' data. We do not receive, store, or process that data. Only metadata about the run itself is sent to Hellhound.
  • Browsing history or tracking data
    We do not use tracking pixels, third-party analytics, or advertising cookies.

4. Who We Share Data With

We share data with these third-party processors only:

Railway (railway.app)

Role: Infrastructure — hosts our application and database

Data shared: All data stored in our database

Location: United States

Safeguards: Standard Contractual Clauses (SCCs)

Stripe (stripe.com)

Role: Payment processor

Data shared: Email address, subscription information

Location: United States

Safeguards: Standard Contractual Clauses (SCCs)

Twilio (twilio.com)

Role: SMS delivery — only if you configure SMS alerts

Data shared: Phone numbers you add as alert destinations

Location: United States

Safeguards: Standard Contractual Clauses (SCCs)

We do not sell your data to anyone.

We do not share your data with advertisers.

We do not use your data to train AI models.

5. Data Transfers Outside the EU

Our infrastructure providers are based in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for these transfers. You can request a copy of the relevant SCCs by emailing contact@zerostone.digital.

6. Your Rights Under GDPR

As an EU/EEA resident you have the following rights:

Right of access
You can request a copy of all personal data we hold about you.
Right to rectification
You can ask us to correct inaccurate data.
Right to erasure ("right to be forgotten")
You can ask us to delete your account and all associated data. We will do this within 30 days. Some data may be retained where required by law (e.g. payment records for accounting).
Right to restriction
You can ask us to stop processing your data while a dispute is resolved.
Right to data portability
You can request your data in a machine-readable format.
Right to object
You can object to processing based on legitimate interest.
Right to withdraw consent
Where processing is based on consent you can withdraw it at any time.
Right to lodge a complaint
You can complain to the Swedish Authority for Privacy Protection (IMY) at imy.se if you believe we are handling your data unlawfully.

To exercise any of these rights, email contact@zerostone.digital. We will respond within 30 days.

7. Cookies

We use one essential cookie: a session cookie that keeps you logged in to the dashboard. This cookie is necessary for the service to function. It is not used for tracking or advertising.

We do not use Google Analytics, Facebook Pixel, or any third-party tracking cookies.

8. Data Security

We protect your data using:

  • — HTTPS encryption for all data in transit
  • — Hashed storage of API keys (SHA-256)
  • — Rate limiting on all API endpoints
  • — Session tokens stored securely with httpOnly cookies
  • — Access controls — only you can access your account data

No method of transmission over the internet is 100% secure. We take reasonable precautions but cannot guarantee absolute security.

9. Data Retention

We retain data for these periods:

  • — Account data: Until account deletion
  • — Run metadata: 90 days (Pro) or 1 year (Agency)
  • — Payment records: 7 years (Swedish accounting law requirement)
  • — Server access logs: 30 days
  • — Session cookies: 7 days or logout

When retention periods expire, data is automatically deleted.

10. Children

Hellhound is a professional B2B tool not intended for anyone under 18. We do not knowingly collect data from children.

11. Changes to This Policy

We will notify you by email if we make material changes to this policy. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact

For privacy-related questions or to exercise your rights:

Email: contact@zerostone.digital
Company: Zerostone Digital
Country: Sweden

Terms of Service → Questions? Email us