Privacy Policy
Last updated 29 June 2026
Hasp is built so that your files never reach us in a form we could read. This policy explains what little personal data Sanct OÜ does handle, why, and the rights you have over it.
Who we are
Hasp is a product of Sanct OÜ, a private limited company registered in Estonia (the “Company”, “we”, “us”). For anything about this policy or your personal data, write to privacy@hasp.sh. Sanct OÜ is the data controller for the processing described here.
The short version
The Hasp software runs on your own machines. Your folders are encrypted on your device with a key that never leaves it, file and folder names included. We do not run an account system that holds your files, and we cannot read them. We collect only the limited data needed to run this website and the optional relay that helps your devices reach each other.
Data the Hasp software handles
Hasp is local first. Your files, the encryption keys, and the names of your files and folders stay on the devices you control. They are never sent to Sanct OÜ, and there is no copy on our servers. Setting up Hasp does not require you to create an account with us or give us your email address.
The relay service
When your devices cannot reach each other directly, they can pass encrypted data through a relay so they stay in step. A relay only ever sees sealed bytes, never your files or their names. To move that data it briefly handles technical connection details, such as IP addresses and the random identifiers your devices use to find one another. This is processed only to deliver the sync and is not used to profile you. You can run your own relay instead of ours.
Data this website collects
When you visit hasp.sh, our hosting provider keeps standard server logs, such as your IP address, browser type, and the pages you request, to keep the site secure and working. If you email us, we keep that correspondence so we can reply. We do not show ads and do not sell your data.
Why we are allowed to process this
Under the EU General Data Protection Regulation, we rely on our legitimate interest in running a secure website and relay and in answering the messages you send us. Where the law requires your consent, for example for any non-essential cookies, we ask for it first and you can withdraw it at any time.
How long we keep it
Server and relay logs are kept only as long as needed to run and secure the service, then deleted or anonymised. Email you send us is kept for as long as needed to handle your request and meet our legal obligations.
Who we share it with
We share personal data only with the providers that host this website and the relay, acting on our instructions under contract, and with authorities where the law requires it. Some of these providers may process data outside the European Economic Area; when they do, we rely on the safeguards permitted under the GDPR, such as the European Commission’s standard contractual clauses.
Your rights
If you are in the European Economic Area or the United Kingdom, you can ask us to give you a copy of your personal data, correct it, delete it, restrict or object to how we use it, or receive it in a portable form. Email privacy@hasp.sh and we will respond within the time the law allows. You can also complain to the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local supervisory authority.
Children
Hasp is not directed at children, and we do not knowingly collect personal data from anyone under the age of 16.
Changes to this policy
We may update this policy as Hasp changes or the law requires. When we do, we will revise the date at the top of this page, and significant changes will be made clear on the site.
Contact
Questions about this policy or your data can go to privacy@hasp.sh. See also our Terms of Service.