azaro
Sign inSign up

Privacy Policy

Last updated: 9 May 2026

This policy explains what data Azaro ("we") collects when you use azaro.cc (the "Service"), why we collect it, and what choices you have. We try to keep this short and plain. If anything's unclear, email us.

1. What we collect

Account data (when you sign up or sign in):

  • Email address
  • A salted hash of your password (we never see your plaintext password)
  • Account creation date and last sign-in time

Membership data (when you buy Premium):

  • Whether you currently have Premium and the date it expires
  • The internal invoice ID and an attribution tag identifying which CTA on the site led to your purchase (e.g. upsell_card, nav)
  • We do not store your wallet address, transaction hash, or any crypto-payment data on our servers — that lives only in our BTCPay instance, which is a self-hosted payment processor

Operational data (automatically, when you use the Service):

  • HTTP method, status code, and request path (in our access log)
  • Request timing and rough error counters for debugging and abuse mitigation
  • For requests that result in errors (4xx/5xx): your IP address, kept on a short rotation (7 days) and used only for security tooling such as rate-limiting and blocking abuse

We do not log your User-Agent, Referer header, or IP address on successful requests. We don't run third-party analytics scripts, advertising trackers, or social-media pixels on azaro.cc.

Third-party redirect data:

When a free user clicks "Get script", we redirect to a Linkvertise URL. Anything that happens on Linkvertise's site is governed by Linkvertise's privacy policy.

2. Why we collect it

  • Account data — to give you a way to sign in and to deliver Premium benefits.
  • Membership data — to provide Premium and to understand which parts of the site lead to signups, so we can improve them.
  • Operational data — to keep the site online and stop abuse.

3. Legal basis (UK/EU GDPR)

  • Performance of contract (your account, Premium).
  • Legitimate interests (running the Service, preventing abuse).
  • Consent (where you've actively chosen something — e.g. opting into emails, if we ever add that).

4. Cookies

We use a small number of strictly-necessary cookies:

  • azaro_session — stores your sign-in token. HttpOnly, SameSite=Lax. Required for authentication.
  • azaro_kind — a non-secret marker (user oradmin) used so the UI can render the correct nav before contacting the server. Not used for tracking.

We don't set advertising cookies, third-party trackers, or fingerprinting scripts. No cookie banner is required when only strictly-necessary cookies are used, but we'll add one if that ever changes.

5. Sharing

We don't sell your data. We share it only with:

  • Our hosting provider (server infrastructure for the Service).
  • BTCPay Server (our self-hosted payment processor) and the cryptocurrency networks themselves when you make a payment.
  • Law enforcement when required by a valid legal process binding on us. We will push back on overbroad requests.

6. Retention

  • Account + membership data: kept while your account is open. Deleted within 30 days of account deletion.
  • Operational logs (access log, no PII): up to 30 days.
  • Security logs (IP-bearing, error responses only): up to 7 days.
  • Backups: encrypted at rest, retention as set out in our backup policy (typically 7 daily / 4 weekly / 6 monthly snapshots, then deleted).

7. Your rights

Under UK/EU GDPR (and similar laws elsewhere), you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected
  • Have your data deleted (subject to limited exceptions, e.g. fraud-prevention records)
  • Object to processing or restrict it
  • Receive a portable copy of your data
  • Lodge a complaint with your local data-protection authority (UK: the ICO at ico.org.uk)

To exercise any of these, email support@azaro.cc from the address on your account.

8. Data transfers

Our infrastructure may be located outside your country of residence. Where data is transferred internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses) where required.

9. Security

We use TLS 1.3 for all traffic, store passwords as salted hashes, encrypt sensitive payloads at rest with AES-256-GCM, and run rate-limiting and intrusion-prevention tooling. No system is perfect; if you find a security issue, please email us at support@azaro.cc.

10. Changes to this policy

We'll update this page when the policy changes. The "Last updated" date at the top reflects the latest version. Significant changes will be highlighted on the site.

11. Contact

Privacy questions or rights requests: support@azaro.cc.