Privacy

What we collect: your account email and the builds you save. That's it.

This page is the long version of the same sentence. If anything below ever stops being true, we'll update the page and surface the change at the top.

What we collect

Two categories of data, both essential to running an account-based PC-build site:

  • Your account email. Stored when you sign up, used as your sign-in identifier and as the destination for verification and password-reset emails. Authentication is handled by Better Auth; the email lives in the user table inside our self-hosted Postgres database, alongside session, account, and verification tables that Better Auth manages.
  • The builds you save and your settings. When you save a build to your account, the build configuration (parts, slot order, name, public/private flag) is stored against your user ID. Settings preferences (default tier, mobile/desktop layout) are stored the same way. Saved builds are private by default — if you flip a build to public, the build (without your email) becomes visible at a /b/[slug] URL.

Categories of data we don't collect in v1:

  • No third-party analytics. Google Analytics, Plausible, Fathom, PostHog, Mixpanel — none of them are wired into the site at launch (per OPS-05 deferral).
  • No advertising pixels. Meta Pixel, Twitter conversion tag, Google Ads remarketing tag, TikTok pixel — none.
  • No retargeting cookies. Visiting a part page does not trigger a tracking cookie that follows you to another site.
  • No session-replay tooling. We do not record your scrolls, clicks, or keystrokes.

v1.1 backlog note. We may add Vercel Analytics + Speed Insights later for first-party anonymous page-view and performance data. Anonymous means no IP storage, no user identification, no profile-building. If we add it, this page will be updated before the toggle flips, and the disclosure will list exactly what's collected.

What we do with it

Three uses of the data we collect, each tied to a specific feature:

  • Show your saved builds when you sign in. When you arrive on /builds while signed in, we look up your user ID and render the builds attached to it.
  • Send authentication emails. When you sign up, request a password reset, or trigger an email verification, the email is delivered through Resend (transactional email provider). The Resend account is configured to retain delivery logs only for the minimum required to debug deliverability issues.
  • Honor account deletion. When you ask us to delete your account, we delete your user row and the saved builds attached to it.

We do not sell your data. We do not share it with third parties for advertising or marketing purposes. We do not rent it. We do not run "data partnerships" with retailers or manufacturers. Affiliate tracking is at the retailer end after a buy-button click — SpecHawk does not hand the retailer your email, your build history, or any other personal data.

Cookies and tracking

The site uses one category of cookie: an authentication session cookie. It is set when you sign in, identifies your session to the server, and is cleared when you sign out or when the session expires.

The session cookie is HttpOnly, Secure, and SameSite=Lax. A continuous-integration check fails the build if the cookie is ever served as SameSite=None outside of an explicitly-allowed cross-origin path.

No other cookies are set by SpecHawk. No third-party trackers are loaded. The retailers you click through to may set their own cookies on their own sites — that's between you and them, governed by their privacy policies, not ours.

Account deletion

You can delete your account in two ways:

  • From your account page once the deletion flow ships in Phase 4 — sign out and request deletion will queue your account for purge.
  • By emailing us at hello@spechawk.io from the email associated with your account.

Either way, we manually purge your user row and all attached saved builds within 7 days. We don't keep "deleted but recoverable" copies. After the purge, the only retained reference is the affiliate-click logs at the retailer end, which we have no control over and which contain no personally identifying data we provided.

Changes

If the data we collect or how we use it ever changes, we update this page first. Material changes — new categories of data, new third-party processors, any switch to analytics tooling — will also be flagged at the top of the page for at least 30 days after the change.

Questions or requests: hello@spechawk.io.