Privacy Policy

Last updated: February 7, 2026

1. What We Collect

When you create an account, we collect:

• Email address — used for account verification and password resets
• Username and password — password is hashed with bcrypt and never stored in plain text
• Profile information — optional fields like name, bio, and social links that you choose to provide

When you use the Site, we collect:

• Posts, comments, and votes — the content you submit
• Session cookies — to keep you logged in (see Cookies section below)

2. What We Do NOT Collect

• We do not use analytics or tracking scripts
• We do not run advertisements or ad trackers
• We do not sell, rent, or share your personal data with third parties
• We do not collect browsing behavior beyond what you submit to the Site

3. How We Use Your Data

• Display your public content (posts, comments, profile) on the Site
• Authenticate your session so you can log in
• Send transactional emails (verification, password reset) via our email provider
• Enforce moderation and prevent abuse

4. Cookies

We use a single session cookie to keep you logged in. It is:

• HttpOnly (not accessible to JavaScript)
• Secure in production (HTTPS only)
• SameSite=Lax (not sent on cross-site requests)
• Expires after 7 days of inactivity

We do not use any third-party cookies, tracking cookies, or advertising cookies.

5. Data Storage

Your data is stored securely on our servers. Passwords are hashed and never stored in plain text. Uploaded images are stored on a secure cloud storage provider.

6. Data Retention

Your account and content remain on the Site as long as your account exists. Deleted posts and comments are soft-deleted (hidden from public view) and may be retained for moderation purposes.

7. Your Rights

You can:

• View and edit your profile information in settings
• Choose whether to display your email on your public profile
• Request deletion of your account by contacting an administrator

8. Email Communications

We send emails only for account-related purposes (verification, password reset). We do not send marketing emails or newsletters.

9. Children's Privacy

hack.iowa is not intended for users under 13 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this privacy policy from time to time. The "last updated" date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or data deletion requests, contact the site administrators.