Privacy Policy

Last updated: April 2025

What we collect

When you create an account we collect your email address, username, password (stored as a bcrypt hash — we never store your password in plain text), and the IP address used at the time of registration. Your timezone preference is stored to display the correct local time on your device.

When you use an ello8 device, the device's hardware ID and last connection time are stored so you can see which devices are paired to your account.

Messages left by visitors on your contact links are stored until you delete them. We store the visitor's IP address with each message to help with abuse prevention.

What we don't collect

We do not sell your data. We do not use third-party advertising or tracking scripts. We do not share your personal information with anyone except where required by law.

How we use your data

• Email address — to send account-related emails (password reset, welcome message) and, if you opt in, occasional product updates.
• Device hardware IDs — to route messages to the correct hardware.
• IP addresses — collected at account registration and when messages are posted; retained for abuse prevention and rate-limiting.

Data retention

Your data is retained for as long as your account is active. You can delete your account at any time from the Account Settings page, which permanently removes all your data from our systems.

Cookies

We use a single session cookie to keep you signed in, and a CSRF token cookie to protect forms. We do not use tracking or advertising cookies.

Security

All traffic is encrypted over HTTPS. Passwords are hashed with bcrypt. We take reasonable precautions to protect your data but cannot guarantee absolute security.

Your rights

You have the right to access, correct, and delete the data we hold about you. To exercise these rights, delete your account from Account Settings or email us at hello@ello8.com.

Contact

Questions about this policy? Email us at hello@ello8.com.