The privacy policy of SourceHut does not mention anything regarding
the data collected about visitors of websites hosted under
<username>.srht.site, nor for visitors of websites with a custom domain
but hosted on sourcehut.
I am not a lawyer, but I think the GDPR impose website administrators
to identify all that stuff properly. I assume that, as for the rest
of the service, only minimal data is collected (IP ?) and for a short
period of time. But this is still something that should be addressed
publicly so it can be easier for website admins to be 100% compliant.
In general, the privacy policy does not really differentiate the
logged-in users with an account and the website visitors. So it is
unclear as well in that aspect (from my understanding, IANAL).
Maybe this could be made a bit clearer as well?