Privacy Policy

Last updated · April 27, 2026

This Privacy Policy explains how Blurward (the "Service") handles personal data. Most of what Blurward does happens on your device — the masking engine never sends the content of your screen anywhere. This page describes the few things we do collect and why.

1. Who we are

The Service is operated by the company identified on our legal notice page. For any privacy question you can email info@blurward.com.

2. What we collect

  • Account data — your email, used to send your licence and account-related notifications.
  • Subscription & billing data — handled by our payment provider (see Section 5). We never see or store full card numbers.
  • Anonymous diagnostic data — extension version, browser version, OS, and crash reports. Nothing identifying.

What we do not collect: the text you mask, the websites you visit, your custom rules, the content of your screen, or anything typed in fields the extension watches. Masking happens locally; nothing leaves your browser for that.

3. Why we use it (legal basis)

  • To provide the Service — Article 6(1)(b) GDPR (performance of contract).
  • To meet tax and accounting obligations — Article 6(1)(c) GDPR.
  • To improve the Service — Article 6(1)(f) GDPR (legitimate interest).

4. How long we keep it

  • Account and billing data: as long as you have an active subscription, plus 7 years for tax records.
  • Anonymous diagnostic data: up to 12 months.

5. Who we share it with

We do not sell or rent your data. We share it only with these processors:

  • Polar.sh — payments and subscriptions.
  • Stripe, Inc. — Polar's underlying payment processor.
  • Cloudflare, Inc. — CDN and DDoS protection.

These third parties act as data processors and only handle data on our instructions. Where data is transferred outside the European Economic Area, we rely on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses approved by the European Commission.

6. Cookies

We use only strictly-necessary cookies (sign-in session, payment session). No analytics, no advertising, no third-party tracking cookies. Because none of the cookies we set require consent under Estonian or EU law, no consent banner is shown.

7. Your rights under the GDPR

You have the right to:

  • access the data we hold about you;
  • have inaccurate data corrected;
  • have your data erased ("right to be forgotten");
  • restrict or object to processing;
  • data portability;
  • lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

To exercise any of these rights, email info@blurward.com.

8. Security

We use industry-standard measures: encryption in transit (TLS 1.3), role-based access controls, and audit logs. No system is perfect — if something goes wrong we will notify affected users without undue delay.

9. Changes

If we change this Policy we will post the updated version here and, if the change is material, notify you by email at least 30 days before it takes effect.