Privacy Policy

Effective and Last Reviewed: August 8th, 2025

Previous Version of Privacy Policy

Hackersjack offers a cloud-based online learning platform that provides a knowledge hub for kids to learn to respect cyber security in a fun and safe environment. We partner with schools to provide the opportunity to incorporate these critical life skills into a school curriculum. Our platform also includes basic AI education components designed to help students develop digital literacy and understand how artificial intelligence technologies work in age-appropriate ways, including how AI systems make decisions, the importance of human oversight in automated processes, and ethical considerations in AI development and deployment. Through interactive lessons and activities, students learn to identify AI-powered tools, understand data privacy implications in AI systems, and develop critical thinking skills about technology use, preparing them to be informed digital citizens in an increasingly AI-integrated world. This comprehensive approach to technology education ensures students not only learn cybersecurity fundamentals but also gain essential knowledge about emerging technologies that will shape their digital futures.

This privacy policy explains what information we may collect about you when you visit our website hackersjack.com (our "Website") or when you use our platform (our "Platform") (together our "Services"). We reserve the right to change this privacy policy. When we do so, we will update the "Effective and Last Reviewed Date" listed above. Your continued use of our Services after that date indicates your consent to those changes.

If you utilize our student-facing features or products, such as the Student Dashboard, we encourage you to review our comprehensive Student Data Policy for detailed information regarding our processing practices for Student Data. For teachers, schools, school districts, or other educational institutions ("Educational Institutions") that deploy our student-facing Services, including the Student Dashboard ("Student-Facing Services"), for legitimate educational purposes, the operation and use of these Student-Facing Services is governed by our Student Data Privacy Policy, which establishes the framework for responsible data stewardship in educational contexts. Regarding all Student-Facing Services, our Student Data Policy is expressly incorporated into this Privacy Policy by reference and constitutes binding terms of service, unless your Educational Institution has executed a separate written agreement with Hackersjack that provides reasonably equivalent or superior protections with respect to the collection, use, disclosure, and safeguarding of student data in accordance with applicable educational privacy laws.

1. What Data We Collect

Hackersjack collects the following types of personal data when you visit our Websites or use our Services. We implement data minimization principles to collect only the information necessary to provide our educational services effectively.

1.1. Information Collected via Technological Means

Our servers, hosted by third-party service providers, automatically collect certain technical data about your device and software environment, including: Browser type and version, Operating system specifications, IP address (automatically assigned numerical identifier that may vary between sessions and indicates general geographic location), Domain name information, Timestamp records of website visits and platform access.

This technical data is automatically gathered and stored in secure log files during each website visit or platform account access. Unless you have provided personally identifiable information (PII) through account creation or service registration, this technical data cannot be used to determine your identity or contact information.

Analytics Data Collection: We may directly collect analytics data or utilize third-party analytics tools to measure traffic patterns, user engagement, and usage trends across our Services. All analytics information is processed in aggregate form to ensure individual users cannot be reasonably identified from the collected data.

1.2. Cookies, Web Beacons, and Tracking Technologies

We employ various technical mechanisms including cookies, web beacons, and similar tracking technologies to monitor and enhance user experience across our Services.

Definitions:

Cookies: Small data files transmitted from websites to your device's storage while browsing

Web beacons: Tracking technologies used to verify content access and user engagement

Cookie Categories and Purposes:

Performance Cookies: Enable measurement of website traffic, visit counting, and performance optimization. These cookies help identify popular content areas and user navigation patterns. All data collected through performance cookies is aggregated and anonymized. Blocking these cookies prevents us from tracking your website visits.

Functional Cookies: Support enhanced website functionality and personalization features, including embedded videos and interactive content. These may be implemented by Hackersjack or authorized third-party service providers. Disabling functional cookies may impair website feature availability.

Strictly Necessary Cookies: Essential for core website functionality and cannot be disabled within our systems. These cookies activate only in response to user-initiated actions such as privacy preference configuration, account authentication, or form submission. Browser-level cookie blocking may impact website functionality.

Cookie Management: We may correlate cookie-stored information with PII submitted during Service usage. Our implementation includes both session cookies (expire upon browser closure) and persistent cookies (remain until manual deletion) to provide personalized, interactive user experiences. Users can manage cookies through browser "Help" sections or disable all cookies, though this may limit Service functionality.

Third-Party Restrictions: We prohibit third parties from using user data for automated profiling or data enhancement for personalized advertising purposes. Third-party analytics and tracking tools are utilized solely to enhance Service delivery and performance, with contractual restrictions preventing service providers from using personal information for independent purposes.

1.3. Information Provided During Website Interaction

Anonymous Browsing: You may visit our Websites without account creation or personal information disclosure.

Service Registration Data: When utilizing specific Services, we may request information necessary for service provision, including:

Individual Account Registration:

Full name (first and last), School or organizational affiliation, Professional role or job title, Email address, Phone number, Geographic location (state/province and country), User-generated account password, Optional profile image and additional account information.

Educational Institution Setup: For school teachers establishing Hackersjack classroom accounts: Instructor name and contact information, Platform access credentials and username, School name and institutional affiliation, Grade level(s) taught, Class size information.

Student Account Configuration: School or district officials must provide the following student information for platform access: Student full name, School-assigned identification number, Grade level and class assignment information, Institutional email address, Demographic information to ensure inclusive platform accessibility across school communities.

Learning Progress Tracking: We collect educational data including Lesson completion status and progress indicators, Assessment results and performance metrics, Optional students experience surveys and feedback.

Communication and Feedback: When you contact us via email, provide feedback, or respond to employment or program applications, we collect your name, email address, and all content included in or attached to your communications to facilitate appropriate responses.

Payment Processing: For fee-based Services, we collect billing and payment information processed through secure third-party payment processors in compliance with industry security standards.

Data Integration: We may combine directly collected information with data obtained from public sources, authorized partners, and third-party providers, using such combined information in accordance with this Privacy Policy.

1.4. Automatic Website Data Collection

When you visit our website, we automatically collect certain information through cookies and other tracking technologies, including Internet Protocol (IP) address, Website pages visited and navigation patterns, Browser type and version information, Operating system specifications, Access dates, times, and session duration. This automatically collected information is used to improve, monitor, analyze, and administer our website functionality and user experience.

Data Minimization and Purpose Limitation

All data collection practices are designed to support legitimate educational purposes and service provision. We implement technical and administrative measures to ensure collected information is limited to what is necessary, relevant, and proportionate to the educational services we provide.

2. How We Use the Data We Collect

In summary, we use your personal data to respond to your requests, to provide, secure, and enhance the Services, and to comply with our legal obligations. In particular, Hackersjack uses your PII for the following purposes as necessary and as permitted by applicable law:

1. Identify you as a user or visitor of our Services;
2. Facilitate the creation of and secure your account for use of our Services;
3. Provide and administer your use of the Services;
4. Personalize and improve the quality of your experience when you interact with our Services;
5. Send you a welcome e-mail to verify ownership of an e-mail address provided when your account was created;
6. Send you administrative e-mail notifications, such as security or support and maintenance messages;
7. Respond to your inquiries and requests;
8. Provide you with newsletters you request or surveys;
9. Send you information about upgrades and special offers related to our Services;
10. Comply with applicable laws and regulatory requirements;
11. Respond to lawful requests, court orders and legal process; and
12. Protect our legal interests or those with whom we do business.

We may also compile statistical or anonymized, non-personally identifiable information and use or transfer such information for any purposes; provided, however, that such data has been fully de-identified and cannot in any way be traced back to the customer or user and does not contain any personally identifiable information.

Third-Party Online Analytics Services

In connection with our Website and emails, we may use third-party online analytics services, such as those of Google Analytics. These analytics services use automated technologies to collect information (such as email address, IP address, and device identifiers) to evaluate, for example, use of our products and services and to diagnose technical issues. To learn about how Google Analytics collects and processes data, you may visit https://policies.google.com/technologies/partner-sites.

Other Third-Party Services

It's important to us that we keep your information safe and secure. In order to help Hackersjack provide, maintain, protect and improve our services, Hackersjack shares information with other partners, vendors and trusted organizations to process it on our behalf in accordance with our instructions, Privacy Policy, and any other appropriate confidentiality, security or other requirements we deem appropriate. These companies will only have access to the information they need to provide the Hackersjack service.

We do not share your personal data with third parties for their own marketing purposes, including direct marketing. We do not permit contextual advertisements, marketing, or other third-party advertising and promotion in our services. This policy applies to all users, regardless of location. Your personal data will only be shared with third-party service providers in order to fulfill the specific services you have requested from Hackersjack and in compliance with this Privacy Policy.

We do not use or disclose Student Data for targeted advertising purposes. Specifically, personalized advertising (ads based on a user's personal information) is not used or displayed in Hackersjack products. We are committed to protecting the privacy and data of our students. We do not share student data with third-party advertisers or use it to create profiles for advertising purposes. Hackersjack does not use in connection with the Services automated decision-making, including profiling, in a way that produces legal effects concerning you or which significantly affects you.

Hackersjack use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

3. Information Sharing and Disclosure

To the extent permitted by applicable law, Hackersjack may disclose your PII in the following circumstances:

1. Service Providers.

   We may engage our affiliates or third-party organizations or individuals to support us in connection with the purposes listed above, such hosting providers, subcontractors, and third-party payment processors.

2. Law Enforcement.

   It may be necessary - by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence - for Hackersjack to disclose your PII. We may also disclose your PII if we determine disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.

3. Business Transfer.

   We may share your PII if Hackersjack engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Hackersjack's assets, financing acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g., due diligence).

4. Prior Consent.

   We may also disclose your PII in other circumstances with your prior informed consent. Service providers acting on our behalf are obliged to adhere to confidentiality requirements no less protective than those set forth herein and will only receive access to your PII as necessary to perform their functions.

4. How We Protect Your Data -- Security

We are committed to protecting the security of information received via the Services, including PII. If we collect PII from you, we provide reasonable and appropriate administrative, technical, and physical security controls designed to protect your PII from unauthorized access, use, or disclosure. Despite our efforts, no security controls are 100% risk-free, and Hackersjack does not warrant or guarantee that your PII will be secure in all circumstances. If you create an account, you are responsible for keeping your account credentials and passwords secure and not allowing others to use your account.

5. Student Data

When an Educational Institution makes our student-facing services such as Dashboard available to students, Hackersjack may collect, and process personal information related to identifiable students (“Student Data”). Hackersjack collects and uses Student Data for educational purposes only as authorized by the Educational Institution and subject to its control. Hackersjack enters into student data privacy agreements with individual Educational Institutions which govern our use and responsibilities for Student Data. We process Student Data solely as directed by the applicable Educational Institution under these agreements. For more information about the principles that guide our collection, use and disclosure of Student Data, please refer to our Student Data Policy. You can also contact an Educational Institution directly if you would like to learn more about its privacy practices.

No student profile or student work is made available or visible to the public or to any other students directly from the service. Educators may allow their students to share their work with other students, educators, school administrators in their school, but no mechanisms exist to allow students to publicize or "post" directly from the service.

6. Your Data, Your Choice

Please note if you are a California resident, please see Section 8 "Additional Information for California Residents" below for more information about your privacy rights under California law.

1. Opt-Out.

   We offer you choices regarding the collection, use, and sharing of your PII. Where permitted by applicable law, we may periodically send you free newsletters and e-mails that directly promote the use of our products or services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to "opt-out" by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly. Despite your indicated e-mail preferences for other matters, we may send you administrative notices such as updates to our Terms of Use or Privacy Policy and similar account notices.

2. Your Rights to Access, Correct, or Delete Your Personal Information.

   You may edit any of your PII in your account on the Services, including contact information and/or notification settings, by editing your account profile. You may have the right to make other requests under applicable law related to your personal data in our possession, and depending on applicable law, you may have the right to appeal our decision regarding your request. Contact us at support@hackersjack.com if you have questions or a request regarding your personal data. Your rights may include a right to access your personal data that we process and transfer it, correct it, delete it (erasure), restrict it or object to its sale or use for direct marketing purposes, and to not be retaliated against for exercising your rights. We will do our best to honor your requests.

   If we deny a request and you have a right to appeal, we will provide information about how to exercise that right in our response.

   You may request that we delete your account information by sending an email to support@hackersjack.com, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). Hackersjack will respond to such requests within thirty (30) days or sooner if required by applicable law. When we delete account information, it will be deleted from the active database, but may remain in our archives for a limited amount of time. We will otherwise retain your information for as long as your account is active, as needed to provide you with the Services you have requested, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

3. Information Processed Under the Direction of Customers.

   If a school or other organization has registered for the Services (a "Customer") and your PII has been collected by Hackersjack as a result of such organization's use of the Services, Hackersjack collects and processes any such PII of yours under the directions of the relevant Customer. If these circumstances apply to you and you wish to access, edit, delete, or exercise any rights you may have under applicable data protection laws with respect to any PII that we have collected about you, please direct your query to the relevant Customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to data subject rights as appropriate and required by applicable laws.

7. Links to Third-Party Sites

Our provision of a link to any website or location outside of the Services is for your convenience and does not signify our endorsement of such other website or location or its contents. When you click on such a link, you will leave our site and go to another site. During this process, a third party may collect data, including PII, from you. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of data after you click on a link to a third party. We encourage you to carefully read the privacy statement of any other website you visit.

8. Additional Information for California Residents

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your "personal information" (as defined in the California Consumer Privacy Act ("CCPA")).

1. How We Source, Use, and Disclose Information for Business Purposes.

   The chart below details the categories of personal information we collect, the sources of such personal information, and how we use and share such information for business purposes.

   Categories of Personal Information Collected	Sources of Personal Information	Purposes for Use of Personal Information	Disclosures of Personal Information for Business Purposes
   Contact Information (e.g., name, email address, organization, role, phone number, mailing address including state/province, country)	You	Provide the services requested and customer service Communicate with you Analyze use of and personalize the services Improve the services Provide security, prevent fraud, and for de-bugging Comply with legal requirements	Service providers Law enforcement in the event of a lawful request With entities in the event of a business transaction With your consent
   Financial and Transactional Information (e.g., payment account information and donation history)	You Payment processors	Process service fees Communicate with you Comply with legal requirements	Payment processors Law enforcement in the event of a lawful request With entities in the event of a business transaction With your consent
   Login Information (e.g., your account name and password)	You	Provide the services and customer service Provide security, prevent fraud, and for de-bugging Comply with legal requirements	Service providers Law enforcement in the event of a lawful request With entities in the event of a business transaction With your consent
   Device and Online Identifier Information (e.g., IP address, browser type, operating system, general location inferred from IP address, and similar information)	You, through your device	Provide the services and customer service Analyze use of and personalize the services Improve the services Provide security, prevent fraud, and for de-bugging Comply with legal requirements	Service providers Law enforcement in the event of a lawful request With entities in the event of a business transaction With your consent
   Service Usage Information (e.g., the dates and times you use the services, how you use the services, and the content you interact with on the services)	You, through your device	Provide the services and customer service Analyze use of and personalize the services Improve the services Provide security, prevent fraud, and for de-bugging Comply with legal requirements	Service providers Law enforcement in the event of a lawful request With entities in the event of a business transaction With your consent

2. Please note that the above chart does not describe the Student Data that we process. For more information about our privacy practices with regard to Student Data, please refer to our Student Data Policy. In short - Student Data are processed solely on behalf of specific Educational Institutions under a student data privacy agreement. If you have questions about an Educational Institution's privacy practices, you should contact the Educational Institution directly.

3. Your California Privacy Rights.

   If you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:

   1. Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information.

   2. Provide access to and/or a copy of certain personal information we hold about you.

   3. Delete certain personal information we have about you.

   4. Provide you with information about the financial incentives that we offer to you, if any.

The CCPA further provides you with the right not to be discriminated (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide our services to you. We also will take reasonable steps to verify your identity before responding to a request. In doing so, we may ask you for verification information so that we can match at least two verification points with information we maintain in our files about you. If we are unable to verify you through this method, we shall have the right, but not the obligation, to request additional information from you.

Please also note that if your personal information has been collected by Hackersjack as a result of a Customer's (as defined above) use of our services, Hackersjack collects and maintains your personal information under the directions of the relevant Customer. If these circumstances apply to you and you wish to access or delete any personal information that we have collected about you, please direct your query to the relevant Customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to consumer choices as appropriate and required by applicable laws.

If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer's behalf, please contact us at support@hackersjack.com.

The CCPA provides certain rights if a company "sells" personal information, as such term is defined under the CCPA. We do not engage in activities that would be considered "sales" of personal information under the CCPA.

Shine the Light Disclosure: The California "Shine the Light" law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

Do Not Track Signals: Hackersjack does not track users over time and across third-party websites and therefore does not respond to Do Not Track ("DNT") signals from web browsers. Further, because there currently is no industry standard concerning what, if anything, a service should do when they receive such signals, we currently do not take action in response to these signals.

9. Other State Laws

Data protection laws change and update frequently, and we endeavor to always comply with applicable laws where we operate. If you have any questions, concerns, or requests regarding the handling of your personal information, contact us at support@hackersjack.com. Please note we may take reasonable steps to verify your identity and the authenticity of the request.

10. Changes to Our Privacy Policy

Hackersjack reserves the right to change this Privacy Policy. Hackersjack will provide notification of the material changes to this Privacy Statement through our Website and, where appropriate, when you login to your account or by email to any email address of yours we may have on file, at least thirty (30) days prior to the change taking effect.

11. Contact Us

Hackersjack welcomes your comments, questions, and concerns regarding our Privacy Policy. Please contact us at support@hackersjack.com or at our mailing address below:

Hackersjack, Inc.
1015 15th Street, NW Suite 600
Washington, DC 20005, USA

12. Supplemental Incident Response Plan Overview

The following section provides a comprehensive overview of Hackersjack's structured incident response framework. For detailed policy documentation and specific procedural guidelines, please contact our Security Operations team at security@hackersjack.com.

Incident Detection and Initial Response: Hackersjack maintains a multi-layered incident response protocol designed to address data breaches and security incidents through systematic risk management. Our IT Security Team serves as the primary detection authority, responsible for identifying potential security incidents and initiating comprehensive documentation procedures upon incident discovery.

Assessment and Impact Analysis: Following initial detection, our Data Protection Officer, in coordination with the IT Security Team, conducts thorough scope and impact assessments within twenty-four (24) hours of incident identification. This evaluation process determines the categories of affected data, the scale of potential exposure, and the number of individuals whose information may have been compromised.

Containment and Immediate Response Measures: The containment phase encompasses immediate protective actions designed to prevent additional data exposure or system compromise. Our IT Security Team and Network Administration personnel implement rapid response measures including system isolation, access privilege revocation, and network segmentation protocols as circumstances require.

Stakeholder Notification and Regulatory Compliance: Internal stakeholder notification procedures are managed by our Legal Department in collaboration with the Data Protection Officer. For incidents involving educator personally identifiable information (PII), we maintain specialized compliance protocols aligned with Education Law 2D requirements, ensuring appropriate notifications to affected individuals, regulatory authorities, and relevant stakeholders within seventy-two (72) hours of impact assessment completion.

Investigation and Forensic Analysis: Our investigation protocol involves comprehensive root cause analysis conducted by the IT Security Team, with provisions for engaging external forensic specialists when circumstances warrant additional expertise. Evidence preservation procedures ensure compliance with potential legal proceedings and regulatory inquiries while maintaining chain of custody standards.

Remediation and System Recovery: Remediation activities, overseen by the IT Department and Data Protection Officer, include vulnerability mitigation, security control enhancement, and policy framework updates. Implementation occurs on an expedited basis with continuous monitoring and effectiveness review protocols.

Documentation and Record Management: Comprehensive documentation standards are maintained throughout the incident lifecycle by our Data Protection Officer and Legal Department. This includes detailed action logs, timeline documentation, decision rationale, and lessons learned analysis to support continuous improvement initiatives.

External Communications Management: Public communications and media relations are coordinated by our Communications Department in partnership with the Legal Department, ensuring consistent messaging that maintains transparency while protecting ongoing investigation integrity.

Post-Incident Review and Continuous Improvement: Senior Management, in collaboration with the IT Security Team and Data Protection Officer, conducts comprehensive post-incident assessments to evaluate response effectiveness and identify enhancement opportunities. Policy adjustments, training program updates, and technical safeguard improvements are implemented within thirty (30) days of incident resolution.

13. Corporate Transactions and Change of Control

In the course of our business development and growth, Hackersjack may undergo organizational changes or corporate transactions. We may share your information, including personal information, with corporate affiliates including parent companies, subsidiaries, joint venture partners, or other entities under our control or common ownership, provided that such entities agree to handle your personal information in accordance with the terms and protections set forth in this Privacy Policy.

In the event of a corporate transaction involving all or substantially all of Hackersjack's assets, including mergers, acquisitions, asset sales, or similar business combinations where personal information constitutes part of the transferred assets, this Privacy Policy shall remain in full force and effect with respect to your information. Any acquiring entity or successor organization shall be bound by the terms of this Privacy Policy and may only process your personal information in accordance with these established protections, unless you provide explicit consent to modified privacy terms.

We will provide written notice of any completed corporate transaction within thirty (30) days of closing through prominent website posting and direct email communication to your registered email address. Following such notification, you retain the right to object to the processing of your personal information by the successor entity and may request deletion of your personal information, subject to applicable legal requirements and legitimate business needs.

In the event of business closure, bankruptcy proceedings, or other cessation of operations, we commit to maintaining the confidentiality and security of your personal information and will not transfer, sell, or otherwise dispose of personal information to third parties for commercial purposes. Any disposition of personal information under such circumstances will be conducted in accordance with applicable privacy laws and with appropriate notice to affected users.