Terms & Privacy

How we handle your data and the terms governing use of our services.

Last updated: December 28, 2025

Contents

Privacy Policy

Observer ("we", "us", or "our") operates the observersoftware.io website. This page informs you of our policies regarding the collection, use, and disclosure of personal information when you use our Service.

Privacy First: We do not use any third-party analytics, tracking pixels, or advertising networks. Your browsing activity on our site is not monitored or shared with any external parties.

Data We Collect

Contact Form Submissions

When you submit our contact form, we collect:

Data Purpose Required
Name To address you in our response Yes
Email address To respond to your inquiry Yes
Subject To categorize your message No
Message content To understand and respond to your inquiry Yes

Contact form submissions are rate-limited to 3 messages per 15 minutes to prevent spam.

Administrator Accounts

For site administrators only, we store:

  • Username: For authentication purposes
  • Password: Securely hashed using bcrypt (we never store plaintext passwords)
  • Passkey credentials: WebAuthn public keys for passwordless authentication (optional)

What We Do NOT Collect

  • IP addresses for tracking purposes
  • Browser fingerprints
  • Location data
  • Demographic information
  • Browsing behavior or page views
  • Third-party cookies or tracking pixels

Cookies & Sessions

We use minimal, essential cookies only:

Cookie Purpose Duration
Session cookie Maintains admin login state and CSRF protection 24 hours

Our session cookies are:

  • HttpOnly: Not accessible to JavaScript (prevents XSS attacks)
  • Secure: Only transmitted over HTTPS in production
  • SameSite=Strict: Not sent with cross-site requests (prevents CSRF)

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

Security Measures

We implement enterprise-grade security measures to protect your data:

Authentication Security

  • Password hashing: All passwords are hashed using bcrypt with salt
  • Account lockout: Accounts are temporarily locked after 5 failed login attempts
  • CSRF protection: All state-changing requests require valid CSRF tokens
  • Rate limiting: Login attempts are limited to 5 per 15 minutes
  • WebAuthn/Passkeys: Support for phishing-resistant passwordless authentication

Transport Security

  • HTTPS only: All connections use TLS encryption in production
  • HSTS: HTTP Strict Transport Security with 1-year max-age
  • Secure cookies: Session cookies only transmitted over HTTPS

Content Security

  • Content Security Policy: Strict CSP headers prevent XSS attacks
  • Input validation: All user input is validated and sanitized
  • Markdown sanitization: User-generated content is sanitized before display
  • Clickjacking protection: X-Frame-Options and frame-ancestors prevent embedding

Third-Party Services

We use minimal third-party services, none of which receive your personal data:

Service Purpose Data Shared
Google Fonts Typography (Source Serif 4, DM Sans) None (CSS files only)
jsDelivr CDN JavaScript libraries (Three.js, Lottie) None (static files only)
No Analytics: We do not use Google Analytics, Mixpanel, Segment, or any other analytics or tracking service. Your visit is not tracked or logged beyond essential server operations.

Data Retention

  • Contact messages: Retained until manually deleted by an administrator
  • Session data: Automatically expires after 24 hours of inactivity
  • Failed login attempts: Cleared after 15 minutes (in-memory only, not persisted)

We do not have automated data retention policies. If you wish to have your contact form submission deleted, please contact us.

Your Rights

You have the right to:

  • Access: Request a copy of any personal data we hold about you
  • Rectification: Request correction of inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Restriction: Request restriction of processing of your personal data

To exercise any of these rights, please contact us.

Terms of Service

Acceptance of Terms

By accessing and using this website, you accept and agree to be bound by the terms and provisions of this agreement.

Use of Service

You agree to use this website only for lawful purposes and in a way that does not infringe the rights of, restrict, or inhibit anyone else's use and enjoyment of the website.

Intellectual Property

All content on this website, including but not limited to text, graphics, logos, images, and software, is the property of Observer or its content suppliers and is protected by intellectual property laws.

Limitation of Liability

Observer shall not be liable for any indirect, incidental, special, consequential, or punitive damages resulting from your access to or use of, or inability to access or use, the website or any content on the website.

Changes to Terms

We reserve the right to modify these terms at any time. We will notify users of any material changes by updating the "Last updated" date at the top of this page.

Contact

If you have any questions about these Terms or our Privacy Policy, please contact us.