Legal

Privacy Policy

Last updated June 8, 2026

Your privacy is the entire point of PolarHQ. This policy explains what the software does and does not do with your data, and how the project handles information on its own website. It is written to be read, not to hide behind.

The short version: PolarHQ is end-to-end encrypted and self-hosted. On a properly configured instance, the server stores only ciphertext — it cannot read your photos, files, or documents, and neither can the project.

1. Who is responsible for your data

PolarHQ is software you run yourself. When you host it, you are the data controller for the content stored on your instance. The PolarHQ project does not operate your instance, cannot access it, and never receives your content.

This policy covers two things:

  1. How the software handles your data (the same for everyone who runs it).
  2. What limited data the project website collects.

2. What the software encrypts

PolarHQ uses a Proton-style, single-password encryption model built on libsodium. Before anything leaves your device, the following are encrypted with keys derived from your password:

  • Photo and video originals and every generated thumbnail.
  • Filenames and folder names.
  • Document, spreadsheet, and presentation snapshots, plus the real-time collaboration frames.
  • EXIF metadata, captions, and search embeddings.

The server only ever stores and relays this ciphertext. Your private key is unwrapped in memory on your device and never transmitted.

3. What the server can necessarily see

End-to-end encryption protects content, not the existence of activity. To function, a server inevitably processes some metadata:

  • Account identifiers and authentication tokens.
  • The size and timing of stored objects and requests.
  • IP addresses in transient connection logs (as configured by the operator).

Operators can minimise and rotate these. The project's own demo instance keeps such logs short-lived.

4. On-device processing

Features that would normally require server access are pushed to your device instead:

  • Semantic photo search runs a CLIP model locally; embeddings are encrypted and ranked in your browser.
  • EXIF parsing, thumbnail decryption, and document rendering happen client-side.

This is slower than letting a server do it — and that's the trade we make on purpose.

5. The project website

The marketing website (the pages you're reading) aims to collect as little as possible:

  • We do not sell your data, ever.
  • We avoid invasive tracking and third-party advertising cookies.
  • If we use privacy-respecting, aggregate analytics, it is to count visits, not to profile you.
  • If you join a waitlist or contact us, we use the details you provide only to respond.

6. Data retention

On your instance, retention is your choice — including trash behaviour and backups. For the project website, we keep contact and waitlist information only as long as needed for the purpose you gave it, then delete it.

7. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete personal data. Because your content is end-to-end encrypted and under your control, you can already export or delete most of it directly. For data held by the project website, contact us and we'll help.

8. Children

PolarHQ is not directed to children under 13 (or the minimum age in your jurisdiction), and the project does not knowingly collect their data through its website.

9. Changes to this policy

We may update this policy as the software evolves. The "last updated" date at the top reflects the latest version. Material changes will be announced on the website.

10. Contact

For privacy questions about the project website, reach us through the repository or the contact details published on the site. For data on a specific instance, contact that instance's operator.

This document is a template for a self-hosted, open-source project and is not legal advice. Operators should adapt it to the laws that apply to them.