top of page

Privacy Policy

1. Controller

Haruto (in formation)
Sanjay Gill
Hortensienstr. 28
12203 Berlin
Germany
Email: sg@haruto.io
Website: www.haruto.io

Note: As the incorporation of the UG (haftungsbeschränkt) is still in preparation, processing is currently carried out by the natural person named above. This policy will be updated after registration.

2. General information

We process personal data only to the extent necessary to operate the website and provide our services, or where you have given consent.

Legal bases include:

  • Art. 6(1)(a) GDPR (consent)

  • Art. 6(1)(b) GDPR (contract / pre‑contractual steps)

  • Art. 6(1)(f) GDPR (legitimate interests)

3. Website access / server log files

When you visit our website, certain information is automatically transmitted to our server and stored in log files, such as:

  • IP address (shortened where technically possible)

  • date and time of access

  • requested page/file

  • referrer URL

  • browser / operating system

  • possibly provider/device information

Purpose: operation, security, troubleshooting, abuse prevention.
Legal basis: Art. 6(1)(f) GDPR.
Retention: typically short; we delete/anonymise log data once no longer required (usually days to a few weeks), unless longer retention is needed for security reasons

4. Registration / waitlist (email collection)

You can register or join our waitlist by providing your email address. Optional additional data (e.g., name, interests) may be collected if included in the form.

Purpose:

  • managing your registration/waitlist entry

  • sending updates about Haruto (e.g., launch news, early access, product updates) where you have consented

Legal basis:

  • consent under Art. 6(1)(a) GDPR (waitlist/marketing updates)

  • where applicable Art. 6(1)(b) GDPR for pre‑contractual requests or registration related to a future contract

Retention:

  • until you unsubscribe or the waitlist is closed

  • if you do not confirm your email (see double opt‑in), we delete the data after a reasonable period (commonly 14–30 days), unless retention is needed for evidence.

5. Double opt‑in (email confirmation)

To prevent misuse of email addresses, we (recommended) use a double opt‑in procedure:

  • after signup you receive a confirmation email with a confirmation link

  • your registration becomes active only after clicking the link

Proof of consent:
For evidence, we may process log data such as signup/confirmation timestamp, IP address, and list/form identifiers.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in proving valid consent and preventing misuse) and Art. 6(1)(a) GDPR (consent for sending updates after confirmation).

6. Contact

If you contact us by email, we process the data you provide (e.g., email address, message content) to respond.

Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.
Retention: as long as needed to handle your request, then deletion unless statutory retention applies.

7. Cookies and similar technologies

We may use cookies/similar technologies:

  • Strictly necessary cookies for operation/security/functionality (Art. 6(1)(f) GDPR)

  • Non‑essential cookies (e.g., analytics/marketing) only with your consent via a cookie banner (Art. 6(1)(a) GDPR)

Details will be provided in the cookie banner / cookie list once enabled.

8. Service providers (processors)

We may use service providers (e.g., hosting, email delivery/newsletter tools) acting as processors under Art. 28 GDPR, with appropriate data processing agreements in place.

Once the specific providers are selected, this policy should be updated to include provider details, purposes, data categories, and any third‑country transfers.

9. Transfers to third countries

If we use services involving transfers outside the EU/EEA, we ensure safeguards under Art. 44 et seq. GDPR (e.g., adequacy decision or Standard Contractual Clauses). Provider‑specific details will be added where applicable.

10. Your rights

You have the right to access, rectification, erasure, restriction, data portability, objection, and to withdraw consent at any time with future effect.

Contact: sg@haruto.io

11. Right to lodge a complaint

You may lodge a complaint with a supervisory authority (Art. 77 GDPR).

12. Security

We implement appropriate technical and organisational measures to protect your data.

13. Updates

Last updated: 12.12.2025

 We may update this privacy policy as our website or services evolve.

bottom of page