Privacy Policy
Effective Date: February 18, 2026
HZ Chat operates as a non-persistent, session-based messaging service designed for temporary group communication. Messages are relayed in real time and are not stored permanently once a session ends. This Privacy Policy explains what limited information is processed, how sessions function, and how we apply strict data minimization principles across the Service.
We follow a Data Minimization philosophy. Beyond the essential information required for optional account authentication and service integrity, we do not collect or retain personal data. Chat messages are transmitted in real time and are not archived, indexed, or used for profiling.
1. Data Minimization and Account Information
We operate on a Data Minimization basis to ensure only the absolute minimum information required for service delivery is processed. We commit to not integrating any third-party advertising, marketing, or behavioral tracking SDKs.
1.1 Guest Users
If you participate in a Chat as a guest, we do not collect or store any of your Personally Identifiable Information (PII). No real identity is required to access core features.
1.2 Account Holders (Registered Users)
To provide basic account management and authentication, we only process the following information upon account creation:
Account Credentials: A unique username and a cryptographically hashed password. We cannot access or recover your actual plain-text password.
Optional Email: Collected only if you choose to provide it. This email is used exclusively for account recovery purposes, such as password reset or account access assistance. We do not use this email for marketing, promotional messages, or non-essential communications.
Activity Metadata: We record your last login timestamp. This data is used solely for analyzing user activity trends, optimizing server resource allocation, and maintaining account security.
2. Temporary Data Handling and Local Storage
This section outlines the core security mechanism of HZ Chat. All data follows a strict lifecycle management process to ensure that information is not retained or stored persistently after real-time delivery.
2.1 Conversation Content (Text Messages)
All text messages transmitted and shared through HZ Chat are processed solely via real-time server relay.
Lifecycle: Text message content is not stored or retained in server memory; it is only used as a payload for real-time communication to the recipient(s). Server memory is strictly limited to maintaining basic Chat status and active client connections.
Data Purge: A session is automatically terminated and all associated data is cleared when either of the following conditions is met: all members leave the Chat for more than 3 minutes, or the Chat remains inactive for 30 minutes. All associated memory traces are cleared, and no persistent record of the conversation is created or maintained.
2.2 Authentication, Local Storage, and Cookies
We strive to minimize reliance on traditional Cookies by utilizing privacy-centric technical alternatives for our core services:
Local Storage (JWT & Guest ID): We primarily utilize JWT (JSON Web Token) and Local Storage technology. Your authentication token, guest identifier, and UI preferences (such as themes) are stored exclusively in your local browser and are never used for advertising or cross-site tracking.
Strictly Necessary Cookies: While our core business logic does not utilize tracking Cookies, certain Strictly Necessary Cookies may be deployed for the following purposes:
Security & Defense: To prevent malicious attacks, ensure server stability, and implement rate limiting.
Payment and Subscriptions: HZ Chat is currently provided as a free service and does not utilize any third-party payment or subscription-related Cookies. If paid features are introduced in the future, this policy will be updated to reflect the necessary data practices of the chosen payment provider.
User Control: You may clear all local storage and Cookie data at any time through your browser settings. Please note that clearing these data will require you to re-authenticate upon your next visit.
2.3 IP Address
- Internal Usage: Your IP address is briefly retained in server memory (typically for less than 5 minutes) exclusively for Rate Limiting or other anti-abuse security checks. It is strictly prohibited from being logged into any file or database.
2.4 File Uploads and Attachments (Images, Audio, Video, Documents, etc.)
When you upload multi-format files (such as images, videos, PDFs, etc.) as attachments, they undergo controlled temporary storage.
Isolated Storage: Files are stored in an encrypted object storage space associated with a specific Chat path, and the transmission is secured via TLS/SSL protocols.
Access Control: Access to file links is restricted to active participants within the current Chat session. Once a user leaves the room or the session expires, the temporary access authorization invalidates immediately.
Mandatory Purge: All uploaded files are automatically and permanently deleted within 24 hours after a successful upload. This process is irreversible; once deleted, files cannot be recovered by anyone.
3. Limitation of Liability and Third-Party Services
3.1 No-Tracking Commitment
We commit that HZ Chat neither integrates nor plans to integrate any third-party advertising services. We do not use any behavioral tracking SDKs or marketing analytics tools (such as Google Analytics or Facebook Pixel) to monitor, profile, or track your usage behavior.
3.2 Service Availability and Future Monetization
HZ Chat is currently in its Beta stage and all features are accessible free of charge. We do not currently collect any billing information or process financial transactions. We may introduce monetization or premium tiers in the future via industry-standard payment processors (such as Stripe); in such an event, we will update this policy to ensure transparency regarding how your financial metadata is handled.
3.3 Data Security and User Rights (GDPR/CCPA)
All data transmission is secured via TLS/SSL (HTTPS/WSS) protocols.
Chat Data Rights: Our service is built on a “Non-persistent” architecture for messages and a “24-Hour Temporary Storage” policy for files. Because these data types are either transient in memory or automatically cleared within a short window, they typically do not exist by the time a data access or portability request is made. Therefore, the right to access or export such data is not applicable as the data is no longer held in our systems.
Account Data Rights: HZ Chat respects and protects your GDPR/CCPA rights regarding your account information. You have the right to request access, portability, or rectification of your personal account data (such as your username and associated recovery email) in a structured format. You may also exercise your “Right to be Forgotten” by requesting the permanent deletion of your account credentials from our database via email. Upon verification, we will fulfill such requests within the legally mandated 30-day window.
Infrastructure: While the file storage and processing logic are controlled and managed by the HZ Chat, the Service relies on industry-standard secure infrastructure provided by enterprise-grade partners to host these encrypted temporary assets.
4. Policy Revisions and Contact
4.1 Policy Updates
We may revise this Privacy Policy periodically to reflect changes in our technology or legal requirements. Any updates will be posted directly on this page with an updated “Last Updated” date. Continued use of HZ Chat after such changes constitutes your acknowledgment and acceptance of the revised policy.
4.2 Contact Us
If you have any questions or wish to exercise your data rights, please contact the HZ Chat via our dedicated privacy email:
We strive to address all inquiries promptly. For formal data rights requests, we typically provide an initial response within 7 business days, and ensure all matters are fully resolved within the legally mandated 30-day window.