What we don't do.

The privacy notice most companies should write but don't.

Summary in five lines

1. We do not sell or rent your personal data. Ever. This is in our Terms of Service as a binding commitment.
2. We do not run ads, and we will not introduce an ad-supported tier. Also binding.
3. We do not use third-party analytics that track users across the web (no Google Analytics, no Meta Pixel, nothing of that kind).
4. Your logbook data is stored locally for offline use and backed up server-side for account recovery in production.
5. You can export everything you've given us and delete your account at any time.

What data we collect

Free tier accounts

The production Free tier requires an account. We collect the email address needed to identify and recover the account, passkey metadata needed to authenticate your device, and the logbook records needed to provide backup and recovery. The app also keeps a local IndexedDB working copy so you can log hours and service while offline.

When you visit enginehourslog.com, our hosting provider (Netlify) logs ordinary HTTP request metadata — IP address, user agent, page requested, timestamp — for a short period for operational purposes (debugging, DDoS protection). This is standard web-server logging, not analytics. We do not build user profiles from it.

Free tier — optional waitlists

If you submit your email to the paid-tier launch waitlist or the community-translation waitlist, we store that email address and (for translations) the language you asked for. That's it. We use it only to email you once or twice, on the topic you signed up for. You may request deletion at any time — email privacy@enginehourslog.com.

Paid tiers — when they launch

Paid tiers add active multi-device sync, mechanic sharing, ownership transfer, email reminders, and higher engine limits. They use the same account-backed storage model as the Free tier. When paid features launch, this section will describe exactly what additional data is stored, where, for how long, and who can access it. The binding commitments from our Terms of Service apply: no sale, no ads, no cross-site tracking.

Speech-to-text (Dictation)

The app offers two ways to dictate text into note and description fields:

• Your phone's keyboard microphone. This is a feature of your operating system (iOS, Android). Speech is processed by your phone's vendor (Apple, Google, Samsung) under their respective privacy policies. We never see the audio. We only see the resulting text, which we treat as text you typed.
• Our in-app microphone button. Uses the browser's Web Speech API. On modern iOS (16+) and Android, this runs on-device — audio never leaves your phone. On some desktop browsers it may send audio to the browser vendor's recognition service. In either case, we do not record, store, or receive the audio; we only receive the text the recognizer produces, and only while you are actively pressing the dictate button.

Third-party processors

We use a small number of external services to operate EngineHoursLog. Each is listed below with what it does for us and what data it touches.

Processor	Purpose	Data they see
Netlify	Static-site hosting and forms	HTTP request metadata; waitlist form submissions
Namecheap	Domain registrar and email forwarding for *@enginehourslog.com	Inbound email destined for our addresses, forwarded to the operator's inbox
Google Fonts	Serves the web fonts used on the site	IP address and user agent of font requests

We do not use Google Analytics, Meta Pixel, LinkedIn Insight Tag, TikTok Pixel, Hotjar, Mixpanel, Segment, or any similar tracker. None.

When the paid tier launches, additional processors will appear in this table — expected additions: an email-delivery provider (Resend or Amazon SES) and a payment processor (Stripe). Each will be listed here with the data they see before they start handling real user data.

Cookies and local storage

We do not set tracking cookies. The app uses browser storage (IndexedDB, localStorage) to store your offline working copy and interface preferences (theme, locale). Production logbook records also sync to your account's server recovery copy when connectivity is available.

Your rights

You can, at any time:

• Export everything you've entered — see the Export all data button in the app or /export-specs.
• Delete all local app data from your browser's settings, or reinstall the app fresh. Production account data requires account deletion as well.
• Request deletion of any email addresses or waitlist entries we hold — email privacy@enginehourslog.com.
• Request a copy of any personal data we hold about you.

We aim to respond within 30 days. If you're in a jurisdiction with statutory privacy rights (GDPR, CCPA, etc.), those rights apply and we will honor them.

Children

EngineHoursLog is not directed to children under 18. We do not knowingly collect data from children. If you believe a child has given us information, email privacy@enginehourslog.com and we will delete it.

Security

We take reasonable technical and organizational measures to protect data entrusted to us. Production account data will be encrypted in transit (TLS) and at rest where the underlying storage supports it, with server backups designed for recovery after device loss. No system is perfectly secure; we do not claim otherwise.

If you believe you've found a security issue, please report it to security@enginehourslog.com. We will acknowledge within 72 hours.

Changes to this Notice

We may update this Notice as the Service changes. Material changes (new processors, a new data category being collected) will be announced on this page and — for account holders, when accounts exist — by email at least 30 days before taking effect.

Contact

Privacy questions: privacy@enginehourslog.com. General contact: hello@enginehourslog.com.