Version · 2026-04-21

Privacy Policy

This is a historical version

The text below is an archived version of this document, kept for reference and comparison. The version currently in force applies to all interactions with HakoSpace servers.

View current version All historical versions

Effective Date

2026-04-21

HakoSpace Privacy Policy

Copyright © 2026 HakoSpace Effective: 2026-04-21

1. Introduction

HakoSpace is self-hosted software. This Privacy Policy describes how the HakoSpace software itself handles data. It does not govern any specific hosted instance, because we don't run one.

When you deploy HakoSpace, you are the one in control. The HakoSpace development team has no visibility into your server, your users, or your data.

2. Self-Hosted Architecture

This is the most important thing to understand about HakoSpace:

We cannot access your data. Not because of policy, but because of architecture.

  • HakoSpace runs entirely on infrastructure you control
  • The HakoSpace development team has no access to any data stored on self-hosted instances
  • We cannot read, monitor, or retrieve messages, files, user accounts, or any other data from your server
  • Each server instance is fully independent and isolated from every other instance
  • There is no central HakoSpace cloud, no shared database, no telemetry pipeline

Your server is yours. We have no way in.

3. Data Stored by the Software

HakoSpace stores the following data locally on the server operator's infrastructure:

  • User accounts: username, display name, password hash (bcrypt), avatar image
  • Messages and attachments: all chat messages and uploaded files sent by users
  • Voice/video metadata: call records (who called whom, when, and for how long) stored in the local database. This metadata includes participant user IDs, session start/end timestamps, and channel identifiers — it does not include any audio, video, or screen-share content.
  • Server configuration: settings, roles, permissions, channel structure
  • Audit logs: moderation actions and administrative events

3.1 Real-Time Media Data Flow (Camera, Microphone, Screen Share)

When a user activates their camera, microphone, or screen share, the corresponding media stream follows a relay-only path through the server:

  1. Capture: The browser or desktop client captures frames from the device (via getUserMedia or getDisplayMedia). Capture occurs entirely on the participant's device; no frames leave the device until transmission begins.
  2. Encoding & Transmission: Frames are encoded (VP8 / VP9 / H.264) and transmitted over an encrypted WebRTC connection (DTLS-SRTP) to the HakoSpace server instance.
  3. Relay (SFU): The server acts as a Selective Forwarding Unit. Incoming media packets are forwarded to other participants who have subscribed to the stream. The server does not decode, transcode, inspect the contents of, or persist media packets. Packets reside in in-memory buffers only for the milliseconds required to forward them.
  4. Playback: Receiving participants decode the stream client-side and render it for display.
  5. Termination: When the broadcaster toggles off the camera/microphone/screen, the underlying media track is explicitly stopped (track.stop()), which releases the hardware and extinguishes the operating-system camera / microphone indicator. No frames captured during the session are retained by the software.

The unmodified HakoSpace software writes zero camera, microphone, or screen-share frames to disk. The SFU is a stateless relay with respect to media content.

What is persisted: call metadata (who joined, when, duration) and privacy-chip signal logs for abuse-response purposes; these contain no media frames. What is not persisted: audio samples, video frames, screen-share content, or any derivative (thumbnail, still, transcript) of them.

Device-level permission: The software respects the operating system and browser permission model. Camera and microphone access require an explicit user grant (browser prompt, or OS-level TCC on macOS, or Windows Privacy Settings). Denying or revoking permission at the OS or browser level disables the corresponding feature in the software; no workaround is present in the software.

HakoSpace does not and will not introduce in-product recording capabilities within the current major release line. This commitment mirrors EULA §11.2 and reflects HakoSpace's architectural and product intent: the software exists as a relay for ephemeral communication, not as a retention platform for user media.

Operator-enabled recording, if any: A server operator may, at their own legal risk and responsibility, install or configure external recording infrastructure that captures relayed media outside the unmodified HakoSpace software. Such recording is not part of the software, requires affirmative operator configuration of third-party tooling, and obligates the operator (not HakoSpace) to comply with applicable recording-consent laws for every participant. See the EULA §11.2 for the corresponding licence terms.

All of this data lives in a local SQLite database file and local file storage on the operator's machine. None of it is transmitted to HakoSpace.

4. Telemetry & Data Collection

By default, HakoSpace does not phone home. No data leaves your server unless you explicitly opt in.

On first launch, the server administrator is presented with a one-time prompt asking whether to participate in the HakoSpace Improvement Program. This is entirely voluntary.

  • If you decline (or dismiss the prompt): zero outbound telemetry. The software behaves as a fully offline, self-contained system.
  • If you opt in: the server periodically sends anonymized usage statistics and a randomly-generated Instance ID to HakoSpace. You may opt out at any time from the server settings panel.

What is collected (opt-in only)

CollectedNOT Collected
Total registered user countUsernames, emails, passwords
Total channel countChannel names or content
Message volume (daily / total count)Message text or attachments
Peak concurrent voice usersIP addresses or geolocation
Server version, edition, OS, architectureHostnames or domain names
Server uptime (days since first launch)Environment variables or secrets

All collected data is numeric or categorical. No personally identifiable information (PII) is ever transmitted.

Random Instance ID: When telemetry is enabled, the software generates a random UUID (e.g., 123e4567-...) to uniquely identify the installation. This is used strictly to deduplicate metrics (e.g., counting active servers) and track version adoption over time. This ID is mathematically random, contains no hardware signatures, and is not linked to your identity, IP address, or domain name.

Network Logs: While the HakoSpace software does not collect end-user IP addresses, when your server instance communicates with our infrastructure (for opt-in telemetry or license verification), our standard web servers and CDN providers (e.g., Cloudflare) will temporarily log the public IP address of your server for security, DDoS protection, and rate-limiting purposes. We do not correlate these server IP addresses with personal identity.

Other outbound connections

  1. ACME / Let's Encrypt — to obtain TLS certificates, if the operator enables this feature
  2. AI provider APIs (Anthropic, OpenAI, Google, etc.) — only if the operator enables AI features and supplies their own API keys. These connections go directly from your server to the AI provider; HakoSpace is not in the middle.
  3. License verification (PRO / MAX editions only) — periodic key validation with the HakoSpace license server. This transmits only the license key itself and a hashed, anonymous instance ID to prevent license abuse. No user data, metadata, or PII is transmitted during this process.

Data Retention: While you can stop sending future telemetry at any time by opting out, we cannot delete previously collected anonymized aggregate data as it is impossible to isolate individual contributions from the aggregate dataset.

5. Server Operator Responsibility

If you run a HakoSpace instance, you are the data controller for all user data on that instance.

  • You are responsible for your own data protection obligations under applicable law
  • You should inform your users about what data you collect and how you handle it
  • You are responsible for backups, security, and access controls on your server
  • HakoSpace provides the software; compliance is your responsibility
  • Where your instance is likely to be used by minors, you must assess your obligations under child-privacy laws applicable to your users' jurisdictions (e.g., COPPA in the United States, GDPR Article 8 in the European Union, PIPL Article 31 in the People's Republic of China, the Personal Data Protection Act in Taiwan). HakoSpace provides the software; legal-age determination and parental-consent mechanisms, where required, are your responsibility as operator.
  • The software displays, on first camera activation by any user, a one-time in-app notice disclosing (a) that a live camera stream will be transmitted to other participants, (b) that the stream is not recorded by the unmodified software, and (c) that the user remains responsible for the content they broadcast. This notice is intended to reduce surprise; it is not, by itself, sufficient to constitute verifiable parental consent where such consent is legally required.

5.5 Minor Users

The software is general-purpose communication infrastructure and is not specifically directed to children. Nevertheless, because individual server instances may be used by users of any age, each operator must assess obligations under applicable child-privacy laws (COPPA in the US, GDPR Article 8 in the EU, PIPL Article 31 in PRC, Personal Data Protection Act in Taiwan, etc.) for their user population.

By accepting this Privacy Policy, you represent that you are at or above the age of digital consent in your jurisdiction (commonly 13–16), or that a parent or legal guardian with lawful authority has reviewed and accepted on your behalf. Server operators whose instances are used by minors in jurisdictions requiring verifiable parental consent must implement additional operator-level controls (e.g., age gating at registration, operator-initiated parental consent workflow); the software does not substitute for these.

If you are a parent or guardian and believe a minor under your care has accepted this Privacy Policy without your authorisation, please contact the server operator to request deletion of the minor's account data under §7.

Protection against recording: As stated in §3.1 and EULA §11.2, HakoSpace does not and will not introduce in-product recording capabilities within the current major release line. This reduces the privacy exposure surface for all users, and is particularly relevant for minor users whose transmitted likeness must not be retained by the platform.

A. Legal Consent Enforcement

HakoSpace uses a server-side legal consent gate to ensure that every user of a HakoSpace server instance has actively accepted the current version of the EULA and this Privacy Policy before using any feature that processes personal data.

A.1 Versioning

Each of the EULA and this Privacy Policy is identified by an independent effective date in ISO format (YYYY-MM-DD), displayed in the document header (e.g., Privacy Policy effective 2026-04-21). A new effective date is issued upon any material change: expansion of collected data categories, change of retention period, introduction of new third-party processors, new feature categories (noting that, per §3.1 and EULA §11.2, HakoSpace commits not to introduce in-product recording within the current major release line), or any other change that would, in HakoSpace's good-faith assessment, affect a reasonable user's decision to use the service.

Editorial changes (typo fix, phrasing cleanup, link corrections) do not trigger a new effective date; they are applied in-place and the commit history of the published document serves as audit trail. In the rare event that a critical correction must be issued on the same day as an effective-date release, a suffix (e.g., 2026-04-21-a) may be used; HakoSpace prefers bumping to the next day where circumstances permit.

A.2 Account-Level Acceptance Record

Your account on a given server instance stores four values: the EULA version you last accepted, the Privacy Policy version you last accepted, and the UTC timestamps of each acceptance. These values constitute personal data and are processed solely for the purpose of operating the consent gate and providing evidence of your acceptance.

A.3 Server-Side Gate

At each session start (HTTP API request or WebSocket HELLO), the server compares your recorded acceptance versions against the server's current versions. If either recorded version is lower than the current version, or is empty, the server refuses the request with an error (LEGAL_CONSENT_REQUIRED) and returns the list of documents requiring re-acceptance together with the current version strings.

The client, upon receiving this error, must display a blocking modal containing the full text of each document requiring re-acceptance. The modal has no dismissal path other than accepting or leaving the service. Scrolling through the full text is recommended but not strictly enforced; two independent checkboxes ("I have read and agree to the EULA" / "I have read and agree to the Privacy Policy") must be checked before the Accept button is enabled. Upon acceptance, the client POSTs the accepted version strings to the server, which updates the four account fields and grants access.

A.4 Applies to All Users, Not Only New Ones

On the release day that introduces a new EULA or Privacy Policy version, all existing users (not only newly-registered ones) will see their next connection intercepted by the re-consent modal. This design reflects that (i) a material change in collected data categories or processing purposes affects existing users equally, and (ii) GDPR and equivalent frameworks require affirmative, informed consent for the new purpose — passive continuation of use does not constitute such consent.

Server operators migrating to a new version therefore must expect temporary access friction for their users on release day; this is a feature of the consent framework, not a bug.

A.5 Decline Consequences

If you decline the new version, you will be unable to use that server instance until you accept. Your existing account data is not deleted by the decline; you may return and accept at any later time. You retain the right to request deletion of your personal data under §7 / §8 below, independently of the consent decision.

A.6 Historical Versions

Each published version of this Privacy Policy and the EULA remains accessible at a stable archive URL (typically /legal/archive/<YYYY-MM-DD>/privacy and /legal/archive/<YYYY-MM-DD>/eula), so that you may always review the exact text you accepted.

6. Desktop Application

The HakoSpace desktop application (Electron) connects only to server addresses you configure.

  • Authentication tokens are stored locally using platform-native encryption (safeStorage API)
  • No data is sent to HakoSpace servers
  • The app has no built-in telemetry or crash reporting

7. Contact

For questions about this policy: [email protected]

For questions about data on a specific HakoSpace instance, contact the operator of that instance.

8. Website and Communications

When you visit hakospace.com to download our software or read documentation, we may collect standard web server logs and use essential cookies necessary for website functionality. If you contact us via email (e.g., support requests), we will retain your email address and the content of your message solely for the purpose of resolving your inquiry. We do not sell or share this information with third parties.