Effective date: April 11, 2026 · Governing law: United Arab Emirates
hackr.gg is a cybersecurity education platform. This Privacy Policy explains what personal data we collect, why we collect it, and how we handle it. By using the Platform you agree to this policy.
Our data contact is: privacy@hackr.gg
Account data: Email address and username, collected at registration. Required to operate your account.
Usage data: Which courses and labs you access, tasks you complete, and progress state. Used to deliver the product (progress tracking, completion badges).
Technical data: IP address, browser type, device type, timestamps. Collected automatically for security, abuse prevention, and rate limiting.
Payment data: If you subscribe to Pro, billing is handled entirely by Stripe. We receive a customer ID and subscription status from Stripe. We never see or store card numbers, CVV, or full payment details.
Lab session data: Terminal commands entered within lab environments may be logged for abuse detection, security monitoring, and compliance. This data may be disclosed to law enforcement if required.
We do not sell your personal data. We do not use your data for advertising.
Because hackr.gg operates in a sensitive domain (cybersecurity training), we reserve the right to monitor terminal activity within lab environments for the purpose of detecting misuse, attempted container escapes, and other abuse.
If we detect or suspect illegal activity — including but not limited to attacks on external systems, attempts to weaponise lab environments, or circumventing access controls — we will preserve relevant session data and cooperate with law enforcement. This is a condition of using the Platform.
We use authentication cookies to keep you logged in. These are strictly necessary and cannot be opted out of while using the Platform.
We do not use advertising cookies, cross-site tracking, or third-party analytics beyond what is described in this policy.
We use trusted third-party service providers to operate the Platform. These providers only receive data necessary for their specific function and are contractually bound to handle it securely. Categories of providers we use include:
We do not sell or share your data with any third party for advertising or marketing purposes.
Your account data is retained for as long as your account is active. Lab session logs are retained for up to 90 days for security purposes.
You may request deletion of your account and personal data at any time by emailing privacy@hackr.gg. Deletion is completed within 30 days, except where we are legally required to retain data longer.
We implement industry-standard technical and organisational measures to protect your data, including encrypted storage, TLS in transit, access controls, and infrastructure-level isolation.
No system is perfectly secure. In the event of a data breach that affects your personal data, we will notify you via email within 72 hours of becoming aware of it.
You have the right to:
To exercise any of these rights, contact privacy@hackr.gg.
The Platform is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, contact us immediately and we will delete it.
We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the Platform after changes take effect constitutes acceptance.