Hexa ⟡by Hacktoolkit

Privacy Policy

Last Updated: January 2025

1. Introduction

Hacktoolkit ("we," "our," or "us") operates Hexa ⟡ (hexa.hacktoolkit.com). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring transparency about how your data is handled.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Payment information (processed securely by Stripe)
  • Subscription plan details

2.2 Usage Data

We automatically collect certain information when you use the Service:

  • Browser type and version
  • Device information
  • IP address
  • Pages visited and features used
  • Time and date of visits
  • Time spent on pages

2.3 Code and Prompts

When you use our AI services, we process your prompts and generated code to provide the Service. The handling of this data depends on your chosen AI provider:

  • Mock Mode: No data is sent to any server; all processing is local in your browser
  • Local AI (Transformers.js): All processing happens entirely in your browser; no data is sent to our servers or third parties
  • Cloud AI (Backend): Prompts and code are sent to third-party AI providers (OpenAI, Anthropic) via encrypted connections

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process your subscription and payments
  • Send you service-related notifications
  • Respond to your support requests
  • Monitor and analyze usage patterns
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Code Privacy and AI Training

4.1 Code Storage

Your prompts and generated code are processed securely but not stored permanently on our servers. We retain temporary logs for debugging and service improvement for up to 30 days.

4.2 AI Training

Your code is NOT used to train AI models without your explicit permission. When using third-party AI providers (OpenAI, Anthropic), their respective data policies apply, but we configure API calls to opt out of training data collection where available.

4.3 Privacy-First Option

For maximum privacy, use the Local AI (Transformers.js) provider, which processes all code entirely in your browser with no data sent to any server.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

5.1 Service Providers

  • Stripe: Payment processing (subject to Stripe's privacy policy)
  • OpenAI/Anthropic: AI processing when using cloud AI providers
  • Hosting providers: For infrastructure and service delivery

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if necessary to protect our rights, property, or safety.

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for stored data
  • Secure API connections to third-party services
  • Regular security audits and monitoring
  • Access controls and authentication

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 GDPR Rights (EU/EEA)

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

7.2 CCPA Rights (California)

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at privacy@hacktoolkit.com

8. Data Retention

We retain your information for as long as necessary to provide the Service:

  • Account data: Until you delete your account
  • Usage logs: Up to 90 days
  • Code/prompts: Temporary processing only, up to 30 days in logs
  • Payment records: As required by law (typically 7 years)

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication
  • Remember your preferences (theme, settings)
  • Analyze usage patterns and improve the Service

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

10. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

11. Children's Privacy

Hexa ⟡ is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by the European Commission.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last Updated" date at the top indicates when the policy was last revised.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

Email: privacy@hacktoolkit.com
Email (General): hello@hacktoolkit.com
Website: hexa.hacktoolkit.com