Effective date: May 25, 2020
Last updated: March 12, 2026
Key point: Hacked limits collection to what is needed to answer inquiries, deliver case support, process payments, schedule meetings, secure the service, and measure our own marketing. Private case materials are handled separately from ad measurement tools.
How we protect current and potential customers' personal information
Hawkfish AS, which operates Hacked.com, is built around incident response, account recovery, and privacy support. People often contact us during active compromise, so we treat personal information and case material as sensitive by default.
We do not sell personal information. We do not publish client case details. We keep payment card handling with specialized payment processors, and we keep private case materials out of website ad tags used for marketing measurement.
- We collect only the information needed to respond to inquiries, open and run a case, schedule support, process payment, and protect the service from abuse.
- Case workspaces, client messages, and screenshot uploads are stored in authenticated systems. Access is limited to the client account owner and authorized Hacked staff who need access to provide support.
- Payment card information is handled by Stripe or PayPal. We do not store full card numbers or card security codes on our own servers.
- We use separate ad measurement tools for page views, lead events, and purchase conversions. We do not send case notes, screenshots, identity documents, or detailed recovery evidence to Google Ads, Meta, or similar ad platforms through those website tags.
- Purchase values sent to Google Ads or Meta are tied to verified successful payment states, not guessed or hardcoded amounts.
- We use session controls, rate limits, and provider security features to reduce spam, abuse, and unauthorized access.
Information we collect
| Category | Examples | Why we collect it |
|---|---|---|
| Inquiry and contact data | First name, email address, message content | To answer questions, route requests, and provide support |
| Client case data | Incident type, platform, case messages, screenshots, account recovery notes, session scheduling details | To investigate, document, and support your case |
| Account and access data | Email login details, authentication state, case IDs, basic profile details tied to your signed-in account | To secure access to your case workspace and related services |
| Payment and transaction data | Payment status, transaction IDs, purchase value, currency, payer email provided by the payment processor | To confirm successful payment, activate service access, and keep financial records |
| Scheduling and communications data | Booking details, meeting availability requests, transactional emails | To schedule sessions and communicate about your case or inquiry |
| Usage and device data | IP address, browser, device identifiers, pages visited, timestamps, referrer data, cookie and local storage identifiers | To run the website, measure performance, prevent abuse, and measure marketing results |
Information you provide directly
You may provide personal information when you contact us, open a case, sign in to a case workspace, schedule a session, upload screenshots, subscribe to an alert, or complete a purchase.
Information we collect automatically
When you browse Hacked.com, we and our service providers may collect technical and usage information through cookies, similar identifiers, scripts, logs, and local storage. This may include page views, browser and device details, timestamps, IP address, and site interaction data.
What we ask you not to send through public website forms or chat
Please do not send passwords, one-time codes, backup codes, full payment card details, or unnecessary identity documents through the public website sales chat or basic contact forms. If your case requires sensitive proof or documents, we will direct you to the appropriate case workspace or support channel.
How we use personal information
- To respond to inquiries and provide customer support
- To open, operate, and secure client case workspaces
- To process and confirm payments
- To schedule calls, meetings, and follow-up support
- To deliver login links, status emails, and other transactional communications
- To analyze website performance and improve service flows
- To measure the effectiveness of our own advertising and prevent fraud or abuse
- To comply with legal obligations, enforce our terms, and protect users, staff, and the service
Advertising, analytics, cookies, and similar technologies
Hacked.com uses third-party tools to understand site usage and to measure the performance of our own marketing campaigns. These tools may place or read cookies and similar identifiers, or collect information such as page URL, IP address, browser details, device identifiers, referrer data, and event timestamps.
Our website currently uses Google Tag and Google Ads conversion tracking, Meta Pixel, Microsoft Clarity, and Firebase Analytics. These tools may record events such as page views, add-to-cart actions, and completed purchase conversions. Purchase conversion values are sent only after a verified successful payment.
We use these tools for marketing measurement, analytics, fraud reduction, and site improvement. We do not use website ad tags to send private case notes, client screenshots, identity documents, or detailed recovery evidence to advertising platforms.
Google explains how it uses information from sites and apps that use its services here: How Google uses information from sites or apps that use its services.
Sales chat disclosure
If you use the public website sales chat, your message and a limited amount of recent chat history may be processed by OpenAI to generate triage or routing responses. That chat is intended for intake and routing, not for sending secrets or highly sensitive documents.
Cookies and local storage that help the site function
We also use first-party cookies and browser storage for practical service operations, including maintaining website session continuity, limiting abuse in contact flows, supporting case access, and remembering certain client-side state. If you block all cookies or browser storage, some parts of the site may not work properly.
When we share information
We share personal information only when needed to run the service, process transactions, support your case, comply with law, or protect the platform and its users.
- Payment processors: Stripe and PayPal process checkout and payment data under their own privacy terms.
- Infrastructure and product providers: Google and Firebase support hosting, authentication, storage, analytics, and related service operations.
- Scheduling and communication providers: Calendly and email delivery providers may process booking and transactional communication data.
- Support and AI providers: OpenAI may process public sales-chat inputs and limited internal support drafting inputs where we use those tools.
- Analytics providers: Google, Meta, Microsoft Clarity, and Firebase may receive browsing and conversion-measurement data described above.
- Legal or safety disclosures: We may disclose information when required by law or when reasonably necessary to protect rights, safety, investigate abuse, or enforce our agreements.
Relevant third-party privacy resources include Stripe Privacy Policy, PayPal Privacy Statement, Microsoft Privacy Statement, and OpenAI Privacy Policy.
Data retention
We keep personal information for as long as needed to provide the service, maintain support records, prevent fraud, resolve disputes, enforce agreements, and comply with legal obligations.
We do not keep unpaid pre-purchase case initializations indefinitely. Stale unpaid case records are automatically deleted after a limited retention window. For active or paid support matters, we may retain case data, communications, transaction records, and related operational logs for longer where needed for the reasons above.
If you ask us to delete personal information, we will review the request and remove what we can where continued retention is not required for security, fraud prevention, legal obligations, accounting, or dispute handling.
International transfers
Hawkfish AS is based in Norway, and our service providers may process data in Norway, other EEA countries, the United States, and other jurisdictions where they operate. By using the service, you understand that your information may be transferred to and processed in countries that may have different data protection rules from your home jurisdiction.
Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal information. You may also be able to withdraw consent where processing is based on consent, or lodge a complaint with your local data protection authority.
You can also use browser settings and platform controls to block cookies, clear local storage, or adjust advertising preferences. Some third-party providers also offer direct opt-out and privacy controls through their own services.
To make a privacy request, contact us at help@hacked.com. We may need to verify your identity before completing the request.
Links to other sites
Our service may link to third-party sites that we do not operate. Their privacy practices are governed by their own terms and policies, not this page.
Children's privacy
Our service is not directed to children under 16 without parental or guardian involvement. We do not knowingly collect personal information from children under 16 in a way that would require parental consent without obtaining that involvement. If you believe a child has provided us personal information improperly, contact us and we will review the matter.
Changes to this privacy policy
We may update this privacy policy from time to time. When we do, we will post the revised version on this page and update the last updated date above.
Contact us
If you have questions about this privacy policy or how Hacked handles personal information, contact help@hacked.com.