Privacy Policy

What we collect

• Account data: Google email, display name, country, language preference.
• Device fingerprint: 10 dimensions (Canvas, WebGL, AudioContext, fonts, screen, timezone, language, user-agent, hardware concurrency, device memory) hashed to detect multi-account abuse. We do not store the raw values.
• Screenshots & feedback: attached to your daily task submissions. We strip EXIF metadata (including GPS) on upload.
• Network metadata: IP address, ASN, and country code per request, for rate-limiting and anti-fraud only.
• Wallet ledger: T-Coin / Karma transaction history, append-only.

What we do not collect

• Your raw PayPal credentials — we only store the recipient email after you submit a withdrawal.
• Your full browser cookies — only TestHive session cookies.
• The contents of other websites you visit.

GDPR rights (EEA users)

You have the right to access, correct, port, and erase your personal data. Visit /account/privacy to:

• Download my data — exports a JSON of everything we hold about you; emailed within 30 days.
• Delete my account — 30-day grace period, then erasure. Financial records are retained for 7 years per accounting law (anonymized).
• Opt out of profiling — disables risk-scoring analytics; fingerprinting remains essential for service.

DSR requests are acknowledged within 72 hours via email.

Cookies

We use a small set of essential cookies for authentication. Analytics cookies are optional — see the cookie banner. For details, see our Cookies Policy.

Data location & sharing

Data is stored in Supabase (Postgres) and Cloudflare R2 (object storage). We do not sell or share personal data with third parties for advertising. Sub-processors include Google (OAuth), PayPal (payouts), Cloudflare (network), and Resend (transactional email).

Children

TestHive is not intended for users under 18.

Contact

Data Protection contact: testhive@elolin.com.