Privacy Statement

Effective date: December 20, 2019

Thanks for entrusting Hack42, LLC (“Hack42”, “we”) with your personal information and your contributions to our crowdsourced platform. Holding on to your private information is a serious responsibility, and we want you to know how we’re handling it.

The controller responsible for the processing of your personal information in connection with the Service is Hack42, LLC, 901 Lake St #3511, Oak Park IL 60301, privacy@hack42labs.com.

All capitalized terms have their definition in Hack42’s Subscription Agreement, unless otherwise noted here.

The short version

As described below: We use your personal information as this Privacy Statement describes. No matter where you are, where you live, or what your citizenship is, we provide a high standard of privacy protection to all our users around the world, regardless of their country of origin or location.

Of course, the short version and the Summary below don’t tell you everything, so please read on for more details.

Summary

Section What can you find there?
What information Hack42 collects Hack42 collects information directly from you for your registration, payment, transactions, and user profile. We also automatically collect from you your usage information, cookies and similar technologies, and device information, subject, where necessary, to your consent. Hack42 may also collect User Personal Information from third parties. We only collect the minimum amount of personal information necessary from you, unless you choose to provide more.
What information Hack42 does not collect We don’t knowingly collect information from children under 13, and we don’t collect Sensitive Personal Information.
How Hack42 uses your information In this section, we describe the ways in which we use your information, including to provide you the Service, to communicate with you, for security purposes, and to improve our Service. We also describe the legal basis upon which we process your information, where legally required.
How we share the information we collect We may share your information with third parties under one of the following circumstances: with your consent, with our service providers, for security purposes, to comply with our legal obligations, or when there is a change of control or sale of corporate entities or business units. We do not sell your personal information and we do not host advertising on Hack42. You can see a list of the service providers that access your information.
Other important information We provide additional information specific to contributed content, public information, and Organizations on Hack42.
Additional services We provide information about additional service offerings Hack42 applications.
How you can access and control the information we collect We provide ways for you to access, alter, or delete your personal information.
Our use of cookies and tracking We use cookies for the overall functionality of our Website, and we use a small number of tracking and analytics services on a few parts of our site. We offer a page that makes this very transparent. Please see this section for more information.
How Hack42 secures your information We take all measures reasonably necessary to protect the confidentiality, integrity, and availability of your personal information on Hack42 and to protect the resilience of our servers.
Hack42’s global privacy practices We provide a high standard of privacy protection to all our users around the world.
How we communicate with you We communicate with you by email. You can control the way we contact you by contacting us.
Resolving complaints In the unlikely event that we are unable to resolve a privacy concern quickly and thoroughly, we provide a path of dispute resolution through external arbiters.
Changes to our Privacy Statement We notify you of material changes to this Privacy Statement 30 days before any such changes become effective. You may also track changes in our Site Policy repository.
License This Privacy Statement is licensed under the Creative Commons Zero license.
Contacting Hack42 Please feel free to contact us if you have questions about our Privacy Statement.

Hack42 Privacy Statement

What information Hack42 collects

User Personal Information” is any information about one of our Users which could, alone or together with other information, personally identify them or otherwise be reasonably linked or connected with them. Information such as a username and password, an email address, a real name, an Internet protocol (IP) address, and a photograph are examples of “User Personal Information.”

User Personal Information does not include aggregated, non-personally identifying information that does not identify a User or cannot otherwise be reasonably linked or connected with them. We may use such aggregated, non-personally identifying information for research purposes and to operate, analyze, improve, and optimize our Website and Service.

Information users provide directly to Hack42

Registration Information

We require some basic information at the time of account creation. When you create your own username and password, we ask you for a valid email address.

Payment Information

If you sign on to a paid Account with us, we collect your full name, address, and credit card information or PayPal information. Please note, Hack42 does not process or store your credit card information or PayPal information, but our third-party payment processor does.

Profile Information

You may choose to give us more information for your Account profile, such as your full name, an avatar which may include a photograph, your biography, your location, and your company. This information may include User Personal Information. Please note that your profile information may be visible to other Users of our Service.

Information Hack42 automatically collects from your use of the Service

Usage Information

If you’re accessing our Service or Website, we automatically collect the same basic information that most services collect, subject, where necessary, to your consent. This includes information about how you use the Service, such as the pages you view, the referring site, your IP address and session information, and the date and time of each request. This is information we collect from every visitor to the Website, whether they have an Account or not. This information may include User Personal information.

Cookies and Similar Technologies Information

As further described below, and subject, where applicable, to your consent, we automatically collect information from cookies and similar technologies (such as cookie ID and settings) to keep you logged in, to remember your preferences, and to identify you and your device.

Device Information

We may collect certain information about your device, such as its IP address, browser or client application information, language preference, operating system and application version, device type and ID, and device model and manufacturer. This information may include User Personal information.

Forensic Metadata

Some Hack42 tools collect forensic metadata, such as file name, hash signature and file structure. While we strive to not collect or to filter out any personally identifying information, certain file metadata may inadvertently contain such data.

Information we collect from third parties

Hack42 may collect User Personal Information from third parties. For example, this may happen if you sign up for training or to receive information about Hack42 from one of our vendors, partners, or affiliates. Hack42 does not purchase User Personal Information from third-party data brokers.

What information Hack42 does not collect

We do not intentionally collect “Sensitive Personal Information”, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If you choose to store any Sensitive Personal Information on our servers, you are responsible for complying with any regulatory controls regarding that data.

If you are a child under the age of 13, you may not have an Account on Hack42. Hack42 does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a User who is under the age of 13, we will have to close your Account. Different countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not have an Account on Hack42.

How Hack42 uses your information

  • We may use your information for the following purposes:
  • We use your Registration Information to create your account, and to provide you the Service.
  • We use your Payment Information to provide you with the Paid Account service or any other Hack42 paid service you request.
  • We use your User Personal Information, specifically your username, to identify you on Hack42.
  • We use your Profile Information to fill out your Account profile, to determine your license type and to share profile with other users if you ask us to.
  • We use your email address to communicate with you, if you’ve said that’s okay, and only for the reasons you’ve said that’s okay. Please see our section on email communication for more information.
  • We use User Personal Information to respond to support requests.
  • We may use User Personal Information and other data to make recommendations for you.
  • We may use User Personal Information to invite you to take part in surveys, beta programs, or other research projects, subject, where necessary, to your consent .
  • We use Usage Information and Device Information for support, to better understand how our Users use Hack42 and to improve our Website and Service.
  • We incorporate Forensic Metadata created through your use of our Service into our Service.
  • We may use your User Personal Information if it is necessary for security purposes or to investigate possible fraud or attempts to harm Hack42 or our Users.
  • We may use your User Personal Information to comply with our legal obligations, protect our intellectual property, and enforce our Terms of Service.
  • We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first.

To the extent that our processing of your User Personal Information is subject to certain international laws (including, but not limited to, the European Union’s General Data Protection Regulation (GDPR)), Hack42 is required to notify you about the legal basis on which we process User Personal Information. Hack42 processes User Personal Information on the following legal bases:

  • Contract Performance:
    • When you create a Hack42 Account, you provide your Registration Information. We require this information for you to enter into the Terms of Service agreement with us, and we process that information on the basis of performing that contract. We also process your username and email address on other legal bases, as described below.
    • If you have a paid Account with us, we collect and process additional Payment Information on the basis of performing that contract.
  • Consent:
    • We rely on your consent to use your User Personal Information under the following circumstances: when you fill out the information in your user profile; when you decide to participate in a Hack42 training, research project, beta program, or survey; and for marketing purposes, where applicable. All of this User Personal Information is entirely optional, and you have the ability to access, modify, and delete it at any time. While you are not able to delete your email address entirely, you can make it private. You may withdraw your consent at any time.
  • Legitimate Interests:
    • Generally, the remainder of the processing of User Personal Information we perform is necessary for the purposes of our legitimate interest, for example, for legal compliance purposes, security purposes, or to maintain ongoing confidentiality, integrity, availability, and resilience of Hack42’s systems, Website, and Service.
  • If you would like to request deletion of data we process on the basis of consent or if you object to our processing of personal information, please use our contact form.

How we share the information we collect

We may share your User Personal Information with third parties under one of the following circumstances:

With service providers

We share User Personal Information with a limited number of service providers who process it on our behalf to provide or improve our Service, and who have agreed to privacy restrictions similar to the ones in our Privacy Statement by signing data protection agreements or making similar commitments. Our service providers perform payment processing, customer support ticketing, network data transmission, security, and other similar services. While Hack42 processes all User Personal Information in the United States, our service providers may process data outside of the United States or the European Union. If you would like to know who our service providers are, please see our page on Subprocessors.

Hack42 strives for transparency in complying with legal process and legal obligations. Unless prevented from doing so by law or court order, or in rare, exigent circumstances, we make a reasonable effort to notify users of any legally compelled or required disclosure of their information. Hack42 may disclose User Personal Information or other information we collect about you to law enforcement if required in response to a valid subpoena, court order, search warrant, a similar government order, or when we believe in good faith that disclosure is necessary to comply with our legal obligations, to protect our property or rights, or those of third parties or the public at large.

Change in control or sale

We may share User Personal Information if we are involved in a merger, sale, or acquisition of corporate entities or business units. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our Website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we made in our Privacy Statement or Terms of Service.

Aggregate, non-personally identifying information

We share certain aggregated, non-personally identifying information with others about how our users, collectively, use Hack42, or how our users respond to our other offerings, such as our conferences or events. For example, we may compile statistics on the crowdsourced activity across Hack42.

We do not sell your User Personal Information for monetary or other consideration.

Please note: The California Consumer Privacy Act of 2018 (“CCPA”) requires businesses to state in their privacy policy whether or not they disclose personal information in exchange for monetary or other valuable consideration. While CCPA only covers California residents, when it goes into effect we will voluntarily extend its core rights for people to control their data to all of our users in the United States, not just those who live in California. You can learn more about the CCPA and how we comply with it here.

Other important information

Public information on Hack42

Many of Hack42 services and features are public-facing. If your Content is public-facing, third parties may access and use it in compliance with our Terms of Service, such as by viewing your profile, your contributed data or pulling data via our API. Your User Personal Information associated with your Content could be gathered by third parties in compilations of Hack42 data.

If you would like to compile Hack42 data, you must comply with our Terms of Service regarding scraping and privacy, and you may only use any public-facing User Personal Information you gather for the purpose for which our user authorized it. For example, where a Hack42 user has made an email address public-facing for the purpose of identification and attribution, do not use that email address for commercial advertising. We expect you to reasonably secure any User Personal Information you have gathered from Hack42, and to respond promptly to complaints, removal requests, and “do not contact” requests from Hack42 or Hack42 users.

Similarly, contributions on Hack42 may include publicly available User Personal Information collected as part of the collaborative process. If you have a complaint about any User Personal Information on Hack42, please see our section on resolving complaints.

Additional services

Hack42 applications

You can also connect applications from Hack42, such as our free forensic tools or other application and account features, to your Account. These applications may each have their own terms and may collect different kinds of User Personal Information; however, all Hack42 applications are subject to this Privacy Statement, and we collect the amount of User Personal Information necessary, and use it only for the purpose for which you have given it to us

How you can access and control the information we collect

You may access, update, or alter, your basic user profile information by editing your user profile. To update your email or user name to to delete your account, contact Hack42 Support. You can control the information we collect about you by limiting what information is in your profile, by keeping your information current, or by contacting Hack42 Support.

Data retention and deletion of data

Generally, Hack42 retains User Personal Information for as long as your account is active or as needed to provide you services.

If you would like to cancel your account or delete your User Personal Information, you may contact Hack42 Support. We retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days of your request.

After an account has been deleted, certain data, such as contributed Content, will remain. However, we will delete or de-identify your User Personal Information, including your username and email address, from the author field of s by associating them with a ghost user.

Our use of cookies and tracking

Cookies

Hack42 uses cookies to make interactions with our service easy and meaningful. Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors. We use cookies (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for future development of Hack42. For security purposes, we use cookies to identify a device. By using our Website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept these cookies, you will not be able to log in or use Hack42’s services.

We provide a web page on cookies and tracking that describes the cookies we set, the needs we have for those cookies, and the types of cookies they are (temporary or permanent). It also lists our third-party analytics providers and other service providers, and details exactly which parts of our Website we permit them to track.

Tracking and analytics

We use a number of third-party analytics and service providers to help us evaluate our Users’ use of Hack42, compile statistical reports on activity, and improve our content and Website performance.

Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. You can use your browser to prevent your device from accepting cookies, or only block third party cookiesi. There are also good applications that block online tracking, such as Privacy Badger. If you disable cookies, be aware that some features of our Services may not function.

How Hack42 secures your information

Hack42 takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.

Hack42 strives to follow information security best practices so our Website and Service: - aligns with industry recognized frameworks; - includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of our Users’ data; - is appropriate to the nature, size, and complexity of Hack42’s business operations; - includes incident response and data breach notification processes; and - complies with applicable information security-related laws and regulations in the geographic regions where Hack42 does business.

In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected Users without undue delay.

Transmission of data on Hack42 is encrypted using HTTPS (TLS)

No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

Hack42’s global privacy practices

We store and process the information that we collect in the United States in accordance with this Privacy Statement though our service providers may store and process data outside the United States. However, we understand that we have Users from different countries and regions with different privacy expectations, and we try to meet those needs even when the United States does not have the same privacy framework as other countries.

We provide a high standard of privacy protection, as described in this Privacy Statement, to all our users around the world, regardless of their country of origin or location.

In particular:

  • Hack42 provides clear methods of unambiguous, informed, specific, and freely given consent at the time of data collection, when we collect your User Personal Information using consent as a basis.
  • We collect only the minimum amount of User Personal Information necessary for our purposes, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.
  • We offer you simple methods of accessing, altering, or deleting the User Personal Information we have collected, where legally permitted.
  • We provide our Users notice, choice, accountability, security, and access regarding their User Personal Information, and we limit the purpose for processing it. We also provide our Users a method of recourse and enforcement. These are the Privacy Shield Principles, but they are also just good practices.

Cross-border data transfers

Hack42 complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of User Personal Information transferred from the European Union, the UK, and Switzerland to the United States. Hack42 has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.

If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about our Privacy Shield program, visit our Global Privacy Practices page.

How we communicate with you

We use your email address to communicate with you. Hack42 may occasionally send notification emails about contributed content, data you are watching, new features, requests for feedback, important policy changes, or to offer customer support. We also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There’s an “unsubscribe” link located at the bottom of each of the marketing emails we send you. Please note that you cannot opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can unsubscribe to opt out of other communications.

Our emails may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.

Resolving complaints

If you have concerns about the way Hack42 is handling your User Personal Information, please let us know immediately. We want to help. You may contact us by filling out the contact form. You may also email us directly at privacy@hack42.com with the subject line “Privacy Concerns.” We will respond promptly — within 45 days at the latest.

Dispute resolution process

In the unlikely event that a dispute arises between you and Hack42 regarding our handling of your User Personal Information, we will do our best to resolve it. If we cannot, we have selected to cooperate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals, and with the Swiss Federal Data Protection and Information Commissioner (FDPIC) for resolving disputes with Swiss individuals. Please contact us if you’d like us to direct you to your data protection authority contacts.

Additionally, if you are a resident of an EU member state, you have the right to file a complaint with your local supervisory authority.

Independent arbitration

Under certain limited circumstances, EU, European Economic Area (EEA), Swiss, and UK individuals may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please read more about Privacy Shield. Arbitration is not mandatory; it is a tool you can use if you so choose.

We are subject to the jurisdiction of the U.S. Federal Trade Commission (FTC).

Changes to our Privacy Statement

Although most changes are likely to be minor, Hack42 may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your Hack42 account.

Contacting Hack42

Questions regarding Hack42’s Privacy Statement or information practices should be directed to our contact form or email us directly at privacy@hack42.com.

Want to stay updated on our latest tools and HOWTOs?