Last updated: April 27, 2026
h4ckbot (“we”, “us”, “our”) takes privacy seriously. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to it. By using the Service, you consent to the practices described here.
When you register, we collect your email address and a hashed version of your password. We do not store your password in plaintext. We use your email address to send account-related communications (email verification, password reset, usage warnings) and to identify your account.
We collect data about your use of the Service, including chat message content, AI model usage (token counts, cost), and timestamps. This data is used to enforce the per-user weekly spend cap, investigate abuse, and improve the Service.
Standard web server logs (IP address, browser user agent, request timestamps) are retained for security and operational purposes.
h4ckbot runs its own proprietary AI model trained on offensive security, red-teaming, and penetration testing data. Your conversations are processed entirely on h4ckbot’s own infrastructure and are never sent to any third-party AI provider. Your conversation content is not used to train or fine-tune any model.
We retain conversation data server-side to provide history across sessions and for abuse investigation. You may request deletion of your conversation history and account data at any time — see Section 9.
We use privacy-friendly analytics (deferred to Phase 4); we do not use Google Analytics. When analytics are introduced, we will update this policy and use tools that do not share data with third parties or use cookies for cross-site tracking.
We retain your account data for as long as your account is active, plus a reasonable period thereafter for legal and operational purposes. You may request deletion of your account by contacting us (see Section 9). Conversation history is retained to provide the Service (history sidebar, context loading) and for abuse investigation.
We do not sell your data. We share data only with:
We use industry-standard security practices including encrypted connections (TLS), password hashing (Argon2id), and signed session tokens. We conduct penetration testing on our own infrastructure. To report a security vulnerability, contact contact@h4ckbot.com.
If you are located in the European Economic Area or UK, you have rights under applicable data protection law including the right to access, correct, port, and erase your personal data, and to object to certain processing. To exercise these rights, contact us at the address in Section 9.
Privacy questions and data requests: contact@h4ckbot.com. Security concerns: contact@h4ckbot.com.