Privacy

This page explains what HWT collects, where it comes from, and what you can (and cannot) ask us to remove. It covers the website, the web "Submit Signal" flow, and the HWT browser extension.

Last updated: 2025-12-30 GDPR-focused No ads No third-party trackers

TL;DR

No real-world identity required: HWT does not require your real name, email address, or an account to submit signals.
No forced pseudonym: the web submit flow does not require a pseudonym; the Extension requires a handle (used only to distinguish submissions during review), but it can be any pseudonym and does not need to be your identity.
Signals are kept: URLs (and attached tags/notes) are treated as project data and are not deleted on request, except where required by law or for safety/security reasons.
Pseudonyms are removable: if you ask, we will delete or disassociate your analyst pseudonym from stored submissions.
Operational/security logs exist: our infrastructure logs requests (including IP addresses) to keep the service reliable and to prevent abuse.

Key distinctions

Project data Signals

Signals (URLs, tags, and your optional notes) are treated as information about web resources. They are kept as part of an OSINT dataset.

Personal data Pseudonyms and logs

Analyst pseudonyms and IP addresses in logs can be personal data. We handle them as personal data and support removal/disassociation of pseudonyms on request.

Website visits

Operational / security

When you access hwt.lv, our infrastructure logs requests for reliability, abuse prevention, and incident response.

IP address: recorded by the server (or partial IP, depending on configuration).
Request data: time, requested path, response status code.
Client data: User-Agent and basic headers.
Referrer: only if your browser sends it (HWT sets a strict referrer policy).

We also retain broader infrastructure logs (e.g., firewall/reverse-proxy/rate-limiting logs). These are not used for advertising or behavioral tracking.

These operational logs are not linked to submitted signals or analyst pseudonyms in normal operation, except where required for security/abuse investigations or by law.

Submit Signal (web)

Submission

When you submit a signal via the website, you send a URL and optional context.

Required Signal URL
Optional Tags
Optional Notes

The web submission also creates standard operational logs (including IP address) as described under "Website visits".

Browser extension

Submission

When you submit a signal via the Extension, it sends the page URL plus the metadata needed to operate the workflow.

Required Signal URL
Pseudonym Analyst pseudonym (the Extension UI requires a pseudonym, but it can be any handle and does not need to be your identity).
Optional Annotations (tags, note, selected text)
Operational Client metadata (User-Agent, extension version), page title, submission timestamp

The Extension stores its settings locally in your browser. HWT receives those values only when you submit.

Signals and personal data

Signals (URLs, tags, and notes)

A signal is a URL plus optional context (tags and notes). We treat signals as facts about the web and as part of an OSINT dataset. Signals are not treated as personal data about the person submitting them. HWT does not delete submitted URLs, tags, or notes on request, except where required by law or where removal is necessary for safety/security (for example, during abuse investigations).

Free-text fields are user-supplied: if you include personal data in notes or selected text, you are choosing to submit that content. Do not submit secrets. If a signal contains clearly unnecessary personal data in free text, HWT may redact it where feasible.

Analyst pseudonyms

An analyst pseudonym can be personal data if it identifies (or could be linked to) a natural person. HWT treats pseudonyms as personal data. If you request removal, HWT will delete or disassociate your pseudonym from stored submissions while retaining the underlying signals.

Legal bases (GDPR)

Performance of a requested service (Art. 6(1)(b)): processing what you submit to perform the "submit signal" function.
Legitimate interests (Art. 6(1)(f)): operating and securing HWT; preventing abuse; maintaining reliability; running an OSINT collection/review workflow.
Legal obligation (Art. 6(1)(c)): where we must comply with applicable law or binding requests.

Retention

Signals and event data: retained for the lifetime of the HWT project (the dataset is the purpose of the service).
Pseudonyms: retained while linked to submissions, until removed/disassociated on request.
Security/access logs: retained for a limited operational period (typically days to weeks), and longer where needed for security/abuse investigations or legal obligations.

Your rights and requests

If GDPR applies to you, you may have rights to access, rectification, restriction, objection, portability, and erasure regarding your personal data.

We honor Personal data requests

Pseudonym removal/disassociation
Access/clarification about what personal data we hold about your pseudonym

We generally decline Signal erasure requests

Requests to delete signals (submitted URLs, tags, notes) are generally declined because signals are treated as project data (an OSINT dataset), not as personal data about the submitter.

Edge cases Legal and security

Legal obligations: we may remove or restrict content where required by law.
Abuse/security investigations: we may retain relevant logs or records to protect the service and its users.
User-supplied personal data: if a signal contains personal data in free text, we may consider targeted redaction where feasible.

Contact

privacy@hwt.lv mailto

You may use any email address. HWT does not require you to identify yourself beyond what is necessary to handle your request.

If your request is about a pseudonym, include the pseudonym string so we can locate it.