Privacy Policy

Last Updated: September 1, 2025

1. Introduction and Scope

HexaHacks, Inc. ("HexaHacks," "we," "our," or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, disclose, and safeguard your personal information when you:

  • Visit our website at hexahacks.com (the "Website")
  • Use our enterprise AI automation platform, Delight
  • Participate in our educational programs through Prodicity
  • Engage with our community events and resources
  • Communicate with us through any channel

This Privacy Policy applies to all services, applications, features, and content we provide (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy and our Terms of Service.

Important: If you do not agree with the practices described in this Privacy Policy, please do not access or use our Services or provide us with your personal information.

2. Data Controller and Contact Information

For the purposes of applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), HexaHacks, Inc. is the data controller responsible for your personal information.

HexaHacks, Inc.
415 Mission Street
San Francisco, CA 94105
United States of America
Email: ask@hexahacks.com
Privacy Inquiries: privacy@hexahacks.com
Data Protection Officer: dpo@hexahacks.com

3. Information We Collect

We collect several types of information from and about users of our Services, including:

3.1 Information You Provide Directly

We collect information that you voluntarily provide when you:

  • Create an Account: Name, email address, company name, job title, phone number, billing information, and password
  • Apply to Programs: Educational background, professional experience, resume/CV, portfolio, references, and application essays
  • Use Our Services: Content you upload, data you input, project information, configurations, preferences, and settings
  • Contact Us: Name, email, phone number, message content, and any information you choose to provide in communications
  • Subscribe to Communications: Email address, communication preferences, and areas of interest
  • Participate in Surveys or Research: Responses to surveys, feedback, testimonials, and research participation data
  • Attend Events: Registration information, dietary preferences, accessibility needs, and event participation data
  • Make Payments: Billing address, payment method information (processed securely through third-party payment processors), and transaction history

3.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information, including:

  • Device Information: Device type, operating system, browser type and version, unique device identifiers, mobile network information, and device settings
  • Log Data: IP address, access times, pages viewed, page interaction information, the pages or features you accessed before and after using our Services, and other system activity
  • Usage Information: Features used, actions taken, time spent on pages, navigation paths, search queries, click data, and interaction patterns
  • Location Data: General geographic location based on IP address or precise location (only if you grant permission)
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, and similar tracking technologies (see Section 7 for details)

3.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

  • Authentication Services: If you log in using third-party services (e.g., Google, LinkedIn), we receive information as authorized by you and permitted by the service
  • Business Partners: Information from partners who help us deliver services, including event co-hosts and program collaborators
  • Publicly Available Sources: Information from public databases, professional networks, and social media platforms (where permitted)
  • Analytics Providers: Aggregated and anonymized data about your interactions with our Services
  • Marketing Partners: Contact information and professional details for business development purposes

3.4 Sensitive Personal Information

We generally do not collect sensitive personal information (such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) unless specifically required for a legitimate purpose (e.g., accessibility accommodations) and with your explicit consent.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information only when we have a valid legal basis, including:

  • Contract Performance: Processing necessary to perform our contract with you (e.g., providing Services you requested)
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving Services, security, fraud prevention, and direct marketing (balanced against your rights and interests)
  • Legal Obligation: Processing necessary to comply with legal obligations, such as tax and accounting requirements
  • Consent: Where you have given explicit consent for specific processing activities (which you may withdraw at any time)
  • Vital Interests: Processing necessary to protect your vital interests or those of another person

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Service Delivery and Management

  • Provide, operate, maintain, and improve our Services
  • Process registrations, applications, and enrollments
  • Authenticate users and maintain account security
  • Process transactions and send transactional communications
  • Provide customer support and respond to inquiries
  • Deliver personalized content, features, and recommendations
  • Enable collaboration features and community interactions

5.2 Communication and Marketing

  • Send administrative information, updates, and service notifications
  • Deliver marketing communications about our programs, events, and services (with opt-out options)
  • Send newsletters, educational content, and thought leadership materials
  • Conduct surveys and gather feedback
  • Inform you about changes to our Services or policies

5.3 Analytics and Improvement

  • Analyze usage patterns and trends to improve Services
  • Conduct research and development for new features and services
  • Measure the effectiveness of our programs and initiatives
  • Perform data analytics and generate statistical insights
  • Monitor and analyze user behavior to enhance user experience

5.4 Security and Compliance

  • Detect, prevent, and address fraud, security threats, and illegal activities
  • Enforce our Terms of Service and other policies
  • Comply with legal obligations and regulatory requirements
  • Protect the rights, property, and safety of HexaHacks, our users, and others
  • Verify identity and conduct background checks where necessary

5.5 Business Operations

  • Manage corporate transactions (mergers, acquisitions, restructuring)
  • Maintain business records and accounting
  • Conduct internal audits and quality assurance
  • Manage vendor and partner relationships

6. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, tags, scripts, and similar tracking technologies to collect information about your browsing activities and provide a better user experience. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Preferences page.

6.1 Types of Cookies We Use

  • Essential Cookies: Necessary for website functionality and security
  • Performance Cookies: Collect anonymous usage statistics and analytics
  • Functional Cookies: Remember your preferences and enhance user experience
  • Marketing Cookies: Deliver relevant advertisements and measure campaign effectiveness

6.2 Third-Party Analytics

We use third-party analytics services, including Google Analytics, to understand how users interact with our Services. These services may use cookies and similar technologies to collect information about your use of our Services and other websites. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.

7. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

7.1 Service Providers and Business Partners

We share information with trusted third-party service providers who perform services on our behalf, including:

  • Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud)
  • Payment processors and financial institutions
  • Email delivery and communication platforms
  • Analytics and data processing services
  • Customer relationship management (CRM) systems
  • Security and fraud prevention services
  • Marketing and advertising partners
  • Event management and logistics providers

These service providers are contractually obligated to use your information only as necessary to provide services to us and are required to maintain appropriate security measures.

7.2 Business Transfers

If HexaHacks is involved in a merger, acquisition, asset sale, financing, bankruptcy, or similar transaction, your information may be transferred as part of that transaction. We will provide notice and obtain consent as required by law.

7.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to:

  • Subpoenas, court orders, or legal processes
  • Government or law enforcement requests
  • Legal claims or disputes
  • Efforts to prevent fraud, security threats, or illegal activity
  • Protection of rights, property, or safety of HexaHacks, our users, or others

7.4 With Your Consent

We may share your information with third parties when you give us explicit consent to do so, such as when you authorize integration with third-party services or participate in partner programs.

7.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This information may be used for research, analytics, marketing, or other business purposes without restriction.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Criteria

The criteria used to determine retention periods include:

  • The length of time you maintain an active account
  • Whether we have a legal or contractual obligation to retain the data
  • Whether retention is advisable for legal defense purposes
  • Whether retention is necessary for our legitimate business operations
  • The nature and sensitivity of the information

8.2 Specific Retention Periods

  • Account Data: Retained while your account is active, plus up to 7 years after account closure for legal and business purposes
  • Transaction Records: Retained for at least 7 years to comply with tax and accounting requirements
  • Communications: Retained for 3 years unless longer retention is required for legal or business purposes
  • Marketing Data: Retained until you unsubscribe or opt out, plus up to 2 years for suppression purposes
  • Security Logs: Retained for 12 months for security and fraud prevention purposes

8.3 Data Deletion

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data retention and deletion policies. You may request deletion of your data at any time, subject to legal and contractual obligations.

9. Your Privacy Rights

Depending on your location and applicable laws, you may have certain rights regarding your personal information. These rights may include:

9.1 General Rights (All Users)

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to exceptions)
  • Objection: Object to certain types of processing
  • Opt-Out: Opt out of marketing communications at any time
  • Account Closure: Close your account and request data deletion

9.2 European Privacy Rights (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under GDPR:

  • Right to Access: Obtain confirmation of whether we process your personal data and receive a copy of such data
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data in certain circumstances
  • Right to Restriction of Processing: Request that we limit how we use your data
  • Right to Data Portability: Receive your personal data in a structured, commonly used format and transmit it to another controller
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Withdraw consent for processing activities based on consent (without affecting lawfulness of prior processing)
  • Right to Lodge a Complaint: File a complaint with your local supervisory authority

To exercise these rights, contact us at privacy@hexahacks.com or dpo@hexahacks.com. We will respond within one month of receipt (extendable by two additional months for complex requests).

9.3 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information (subject to exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of the sale or sharing of your personal information
  • Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information to purposes necessary for service delivery
  • Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

Important Note: We do not sell your personal information as defined by CCPA. We do not share personal information with third parties for cross-context behavioral advertising purposes.

To exercise your CCPA rights, submit a request to privacy@hexahacks.com or call us at the contact information provided. We will verify your identity before processing your request and respond within 45 days (extendable by an additional 45 days if necessary).

You may designate an authorized agent to make a request on your behalf by providing written authorization or power of attorney.

9.4 How to Exercise Your Rights

To exercise any of your privacy rights:

  1. Email us at privacy@hexahacks.com with "Privacy Rights Request" in the subject line
  2. Provide sufficient information to verify your identity (name, email, account details)
  3. Specify which right(s) you wish to exercise and the information or action you are requesting
  4. We will confirm receipt and process your request according to applicable legal timeframes

10. International Data Transfers

HexaHacks is based in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. When we transfer personal data from the EEA, UK, or Switzerland to other countries, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs): EU Commission-approved contractual terms that provide appropriate safeguards for data transfers
  • Adequacy Decisions: Transfers to countries deemed to provide adequate data protection by the European Commission
  • Privacy Shield (where applicable): Certifications under applicable data transfer frameworks
  • Binding Corporate Rules: Internal privacy policies approved by data protection authorities

For more information about our data transfer mechanisms or to obtain a copy of the safeguards we use, contact us at privacy@hexahacks.com.

11. Data Security

We implement appropriate technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

  • Encryption: Data encryption in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access controls and principle of least privilege
  • Authentication: Multi-factor authentication and strong password requirements
  • Network Security: Firewalls, intrusion detection systems, and DDoS protection
  • Security Monitoring: 24/7 security monitoring and incident response procedures
  • Regular Audits: Security audits, vulnerability assessments, and penetration testing
  • Employee Training: Regular security awareness training for all personnel
  • Vendor Management: Security requirements and assessments for third-party providers
  • Data Backup: Regular encrypted backups with disaster recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and for any activities under your account.

If we become aware of a data breach that may affect your personal information, we will notify you and relevant authorities as required by applicable law, providing information about the breach and steps you can take to protect yourself.

12. Children's Privacy

Our Services are not intended for, and we do not knowingly collect personal information from, children under the age of 18 (or the age of majority in your jurisdiction). If you are under 18, do not use our Services or provide any personal information to us.

If we become aware that we have collected personal information from a child under 18 without verified parental consent, we will take steps to delete that information as quickly as possible. If you believe we may have information from or about a child under 18, please contact us immediately at privacy@hexahacks.com.

Our educational programs through Prodicity may involve participants under 18 in supervised settings with appropriate parental or guardian consent. In such cases, we collect only the minimum information necessary and implement additional safeguards to protect minors' information.

13. Third-Party Services and Links

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by HexaHacks. This Privacy Policy applies only to information collected by our Services.

When you click on third-party links or interact with third-party services, you are subject to the privacy policies and terms of those third parties. We are not responsible for the privacy practices or content of third-party services. We encourage you to review the privacy policies of any third-party services before providing them with your information.

Third-party integrations and plugins (such as social media buttons, analytics services, and advertising networks) may collect information about your use of our Services. These third parties may use cookies and similar technologies subject to their own privacy policies.

14. Do Not Track Signals

Some web browsers incorporate "Do Not Track" (DNT) features. Currently, there is no industry-wide standard for how to respond to DNT signals. As such, our Services do not currently respond to DNT browser signals or mechanisms. We will continue to monitor developments in this area.

You can control cookies and tracking technologies through your browser settings and our Cookie Preferences page.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by:

  • Posting the updated Privacy Policy on this page with a new "Last Updated" date
  • Sending you an email notification (if you have provided an email address)
  • Displaying a prominent notice on our Services
  • Obtaining your consent where required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

If you do not agree with any changes to this Privacy Policy, you should discontinue use of our Services and contact us to close your account and request deletion of your information (subject to legal and contractual obligations).

16. Contact Us and Privacy Inquiries

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data practices, please contact us:

HexaHacks, Inc.
Privacy Team
415 Mission Street
San Francisco, CA 94105
United States

General Email: ask@hexahacks.com
Privacy Email: privacy@hexahacks.com
Data Protection Officer: dpo@hexahacks.com
Website: hexahacks.com

We will respond to your inquiry within a reasonable timeframe, typically within 30 days. For privacy rights requests, we will respond within the timeframe required by applicable law (e.g., 30 days for GDPR requests, 45 days for CCPA requests).

16.1 Supervisory Authority (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights or applicable data protection laws.

Contact information for EEA supervisory authorities: https://edpb.europa.eu/about-edpb/board/members_en

UK Information Commissioner's Office: https://ico.org.uk/

Supplemental Disclosures

Categories of Personal Information We Collect (CCPA)

In the preceding 12 months, we have collected the following categories of personal information:

  • Identifiers: Name, email address, postal address, IP address, device identifiers, account name
  • Commercial Information: Purchase history, payment information, transaction details
  • Internet Activity: Browsing history, search history, interaction with Services
  • Geolocation Data: General and precise location information
  • Audio/Visual Information: Profile photos, event recordings (with consent)
  • Professional Information: Job title, company, work history, educational background
  • Inferences: Preferences, characteristics, behaviors derived from other information

Business Purposes for Collection (CCPA)

We collect personal information for the business purposes described in Section 5 of this Privacy Policy, including service delivery, security, analytics, marketing, and legal compliance.

Sources of Personal Information (CCPA)

We collect personal information from the sources described in Section 3 of this Privacy Policy, including directly from you, automatically through your use of Services, and from third-party sources.

Sale and Sharing of Personal Information (CCPA)

We do not sell your personal information. We do not share personal information with third parties for cross-context behavioral advertising purposes.

Effective Date: This Privacy Policy is effective as of September 1, 2025, and applies to all information collected on or after this date and, to the extent permitted by law, to information collected before this date.

Got any questions?

Please feel free to email us at ask@hexahacks.com

Email Us