Legal
Privacy Policy
Last updated: April 12, 2026. This policy describes how H4ck&Stack collects and uses data when you use our website, Discord OAuth sign-in, and related services.
Data we collect
When you sign in with Discord we store your Discord user id, username, display name, and avatar hash. If you complete a profile, we store bio, GitHub and LinkedIn URLs, tech stack, and related metadata. Challenge submissions may include titles, descriptions, repository and demo URLs, attachments, and voting records linked to your Discord id.
Data we do not collect
We do not ask for passwords (Discord handles authentication). We do not collect payment card data. We do not require an email address for core community participation.
Why we use data
Data is used to operate challenges, profiles, leaderboards, voting, and website features; to verify you are a member of our Discord server; to prevent abuse; and to improve the service.
Discord OAuth
We request the identify and guilds.members.read scopes so we can confirm membership in our server. Your Discord access token may be stored encrypted for a limited time so we can re-check membership on sensitive actions. If the token has expired, we skip that check until you sign in again.
Third parties
Cloudflare hosts Workers, D1, Pages, and related infrastructure. GitHub may be contacted when you use features that read public activity. Anthropic (Claude API) may process challenge metadata (e.g. recent challenge titles) for automated challenge generation — not your private messages or unrelated personal data.
Cookies
We set a single session cookie (hns_session) that is HttpOnly, Secure on HTTPS, SameSite=Lax, with roughly a 7-day lifetime. It keeps you signed in on the website.
Your rights
You may delete your account and associated data through the website where available, or by contacting an administrator. Deletion removes your profile, submissions, votes, and other linked records subject to technical and legal retention limits.
Changes
We may update this policy. The “Last updated” date will change when we do. Continued use after updates means you accept the revised policy.