HackWatch

Privacy and data handling

Privacy Policy

Updated April 15, 2026. This policy explains what HackWatch collects, why it is processed, how long it may be retained and where to send privacy requests.

HackWatch processes the minimum information needed to operate the website, review incident submissions, answer reader questions, protect the service from abuse and understand aggregate site usage. We do not treat personal data as a product for resale.

Who this policy applies to

This policy applies to visitors of hackwatch.io, users of HackWatch tools, people who contact the editorial desk and anyone who submits incident reports, corrections or commercial inquiries through the contact channels published on this site.

What information we may collect

Operational and security data

Basic server logs, abuse-prevention signals, request metadata and error records needed to keep the site stable, diagnose failures and protect the service from malicious traffic.

Communications you send us

Emails, attachments and supporting material sent to editorial, incident, corrections, advertising, partnership, privacy or cookie-related addresses.

Analytics and product usage

Aggregate usage data that helps us understand traffic, reader journeys, content performance and tool usefulness. We use this to improve quality and usability, not to sell personal profiles.

How we use information

  • To operate, secure and improve the site and its tool workflows.
  • To review and verify incident submissions, corrections and newsroom correspondence.
  • To respond to reader, privacy, business or editorial requests.
  • To measure aggregate performance, navigation quality and content usefulness.
  • To prevent abuse, fraud, spam, malicious automation and other misuse of the service.

Legal bases and legitimate interests

Depending on your location and the specific interaction, we may rely on consent, legitimate interests, contractual necessity, legal compliance or protection of the service against abuse. Our core legitimate interests include running the newsroom, protecting site integrity, responding to user requests and improving the quality of editorial and tool experiences.

Reader and source protection

  • We do not sell user-submitted incident information or personal profiles to data brokers.
  • We encourage reporters to redact secrets, tokens, payment data and unnecessary identifiers before sending evidence.
  • We do not publish private material automatically; disclosure decisions are subject to editorial review.
  • We aim to retain only the evidence reasonably needed to validate a submission or maintain newsroom records.

Sharing and service providers

We may rely on infrastructure, analytics, hosting, security or communication providers to operate HackWatch. Information may also be disclosed when required by law, to investigate abuse, to protect the site and its users or when necessary to process a request you initiated. We do not share data casually or for unrelated commercial resale.

Data retention

We keep information only for as long as reasonably necessary to operate the service, preserve security records, review submissions, maintain editorial accuracy, meet legal obligations or resolve disputes. Retention may vary based on the type of record and the sensitivity of the submission.

Contributor candidate records are retained for 6 months without additional consent. HackWatch does not request sensitive personal data, secrets, credentials, private victim data or unnecessary identifiers in contributor applications. We do not collect public email addresses from comments or scraped profiles without explicit consent.

Your rights and choices

Depending on your jurisdiction, you may have rights to request access, correction, deletion, restriction or objection related to personal data we hold about you. You may also be able to withdraw consent where processing depends on it. We will review privacy requests in good faith and respond as required by applicable law.

International access

HackWatch may be accessed globally and supporting providers may process data in more than one country. If data crosses borders, we aim to use reasonable safeguards appropriate to the service and the type of information involved.

Contact for privacy requests

For privacy-related questions or requests, contact [email protected]. For cookie-specific questions, use [email protected].