Privacy Policy
Last updated: March 2025
1. Introduction
Welcome to Hasanat (hasanat.dev), a free, open-source community platform that connects people with good ideas to developers who can build them. It is operated by Hasan Abo-Shally from Jerusalem.
This Privacy Policy explains how we collect, use, and protect your personal information when you use our platform. We believe in transparency and are committed to protecting your privacy.
This platform is entirely free, non-commercial, and open source. We do not sell your data or monetize it in any way.
2. Information We Collect
a. Information You Provide Voluntarily
- When submitting an idea: Name, contact information (optional), category, and description.
- When commenting: Name and comment content.
- When registering as a builder: Name, email address, role, skills, and GitHub profile URL.
- When subscribing to our newsletter: Email address.
- When submitting an app: App name, description, URL, and developer information.
- When signing in with GitHub: Your public GitHub profile information (name, email, username, avatar).
b. Information Collected Automatically
- Browser fingerprint: We use an anonymous digital fingerprint solely to prevent duplicate voting on ideas. This fingerprint is not used to track you across websites.
- IP address: May be temporarily logged in server logs for security and abuse prevention purposes.
- Browser information: Browser type and operating system (User Agent) for technical purposes.
c. AI Processing Data
When you use the AI idea enhancement feature, the text of your idea is sent to the OpenAI API for processing. No personal information is sent to OpenAI — only the idea content itself.
3. How We Use Your Information
- Providing the service: Displaying ideas, comments, apps, and builder profiles on the platform.
- Account management: Authenticating GitHub login sessions and managing user sessions.
- Communication: Sending platform-related emails (newsletter, notifications) via Resend.
- AI enhancement: Processing idea text through AI to provide improvement suggestions.
- Abuse prevention: Using browser fingerprints to prevent duplicate voting and detect abusive behavior.
- Platform improvement: Understanding how the platform is used to develop and improve user experience.
4. Cookies & Session Management
We use cookies for the following purposes only:
| Cookie | Purpose | Duration |
|---|---|---|
| session_token | Session authentication (encrypted JWT) | 7 days |
We do not use tracking cookies, advertising cookies, or third-party cookies. The only cookie used is the session cookie, which is essential for the platform to function when you are signed in.
You can delete cookies from your browser settings at any time. Deleting the session cookie will sign you out of the platform.
5. Data Storage & Security
- Your data is stored in a Cloudflare D1 (SQLite) database on Cloudflare's global infrastructure.
- Session cookies are encrypted using JWT and transmitted over secure HTTPS connections.
- GitHub OAuth authentication is handled by a separate authentication worker (auth.hasanat.dev) using the secure OAuth 2.0 protocol.
- We do not store passwords — authentication is handled entirely through GitHub.
- Session cookies are scoped to the
.hasanat.devdomain and protected with HttpOnly, Secure, and SameSite attributes.
While we take reasonable measures to protect your data, no electronic system can guarantee 100% security. We encourage you to use a strong password for your GitHub account.
6. Third-Party Services
We use the following services to operate the platform:
Cloudflare (Hosting & Database)
Hosts the platform and D1 database. Subject to Cloudflare's Privacy Policy.
GitHub OAuth (Authentication)
Used for user authentication. We only access your public profile information. Subject to GitHub's Privacy Statement.
OpenAI API (AI Enhancement)
Used to enhance idea text only. No personal data is sent. Subject to OpenAI's Privacy Policy.
Resend (Email)
Used to send platform-related transactional emails. Subject to Resend's Privacy Policy.
7. Your Rights
Regardless of your location, we grant you the following rights regarding your personal data:
- Right to access: You may request a copy of the personal data we hold about you.
- Right to rectification: You may request correction of any inaccurate or incomplete information.
- Right to erasure: You may request deletion of your personal data from our database.
- Right to data portability: You may request a copy of your data in a machine-readable format.
- Right to object: You may object to the processing of your data in certain circumstances.
- Right to unsubscribe: You can unsubscribe from the newsletter at any time using the unsubscribe link in every email.
To exercise any of these rights, please contact us through the channels listed in the "Contact" section below. We will respond to your request within 30 days.
For EU/EEA residents (GDPR): Our legal basis for processing your data is your consent (when you submit information) and our legitimate interest in operating the platform. You have the right to lodge a complaint with your local data protection authority.
For California residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information.
8. Data Retention
- Ideas, comments, and apps: Remain published on the platform unless deletion is requested or they are removed by moderators.
- Builder account data: Retained as long as the account is active. You may request account deletion at any time.
- Newsletter data: Your email is retained until you unsubscribe.
- Server logs: Automatically deleted within 30 days.
- Voting fingerprints: Stored anonymously and associated only with the vote record.
9. Children's Privacy
This platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it immediately. If you are a parent or guardian and believe your child has submitted personal information on the platform, please contact us to have it removed.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date above. Since the platform is open source, you can review the change history on the project's GitHub repository.
11. Open Source Transparency
Hasanat is a fully open-source platform. You can review the source code and verify for yourself how we handle your data. We welcome your contributions and reviews through the project's GitHub repository.
12. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, you can reach us through:
- Opening an issue on our GitHub repository: github.com/hasanaboshally/hasanat-dev
- Email: hasan@hasanat.dev
Operated by: Hasan Abo-Shally — Jerusalem