Privacy Policy for Hackdex
Last updated: 2025-11-03
Canonical URL: https://www.hackdex.app/privacy
Contact: admin@hackdex.app
Important notices
- This Privacy Policy applies only to the Hackdex service available at the domain hackdex.app (including subdomains). Any copies of this document in public source repositories are provided for reference only and are void unless explicitly hosted under hackdex.app.
- This document is not licensed under the repository's MIT license and may not be reused without permission.
- Nothing in this document constitutes legal advice.
1. Introduction
Welcome to Hackdex, a platform that allows users to download and apply patches to their legally obtained ROM files. This Privacy Policy explains how we collect, use, and protect your data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
By using Hackdex, you agree to this Privacy Policy and our Terms of Service.
2. Data We Collect
Anonymous Users
For visitors who browse and download patches without creating an account, Hackdex generates a unique device ID stored in your browser's localStorage. This ID:
- Is used solely to prevent download-count abuse.
- Does not contain personally identifiable information.
- Is reset if your browser cache is cleared.
Additionally, for each download, we record:
- The patch ID
- The time of download
- The generated device ID (for count verification only)
No other data is collected from anonymous users.
Creators (Registered Users)
When you create a creator account to upload ROM hacks, we collect:
- Name
- Email address
- Username
This data is necessary to create and manage your account and public creator profile.
3. Purpose of Processing
| User Type | Purpose of Data Use |
|---|---|
| Anonymous Users | To ensure download count accuracy and prevent abuse. |
| Creators | To create, manage, and display creator profiles; to authenticate access to the platform. |
We do not use personal data for marketing, profiling, or advertising purposes.
4. Legal Basis for Processing
We process your data based on:
- Legitimate interest (for anonymous users, to maintain fair and accurate download metrics)
- Contractual necessity (for creators, to provide account-related functionality)
- Consent (when you voluntarily create an account and accept the Privacy Policy)
5. How We Obtain Consent
By creating a creator account on Hackdex, you explicitly agree to this Privacy Policy and our Terms of Service. Anonymous users are not required to consent separately since only non-identifiable technical data is used for functionality.
6. Cookies & Local Storage
Hackdex uses limited browser storage technologies for essential functionality only.
Local Storage
For anonymous users, a unique device ID is stored in the browser's localStorage. This ID:
- Helps ensure download counts remain accurate and fair.
- Does not identify or track you personally.
- Is automatically reset if you clear your browser cache.
Cookies
For creators (registered users), we use authentication cookies provided by Supabase. These cookies:
- Are required for login sessions and secure access to creator features.
- Are used only for authentication and authorization purposes.
- Are not used for analytics, tracking, or advertising.
Because these cookies and localStorage entries are strictly necessary for platform functionality, user consent for them is not required under GDPR Article 6(1)(f).
7. Data Retention
- Anonymous Users: Download data (such as patch IDs and timestamps) is stored in our database for aggregate and statistical purposes. While this data remains stored, it cannot be linked back to any individual once the user clears their browser's localStorage, as the unique device ID used for download tracking is then removed.
- Creators: Personal data is retained as long as your account remains active or until you request its deletion.
8. Data Sharing and Third Parties
Hackdex uses Supabase as its backend service provider for authentication and database storage. Supabase processes user data solely on behalf of Hackdex and in accordance with GDPR requirements.
- Service: Supabase
- Hosting Location: Ohio, USA
- Purpose: Authentication, database, and storage
- Safeguards: Supabase implements industry-standard security and complies with GDPR through data processing agreements and encryption.
Hackdex does not share or sell personal data to any other third parties.
9. International Data Transfers
Because Supabase servers are hosted in the United States, your data may be transferred outside the European Economic Area (EEA). Supabase applies appropriate safeguards, such as Standard Contractual Clauses (SCCs), to ensure that your data remains protected and processed lawfully.
10. Security Measures
We take the security of your data seriously. Hackdex employs:
- SSL encryption for all data transmissions
- Password hashing to protect account credentials
- Restricted database access using Row-Level Security (RLS) and user roles
- Regular internal reviews of access permissions
11. User Rights (Under GDPR)
You have the following rights regarding your personal data:
- Right of access: Request a copy of your personal data.
- Right to rectification: Correct inaccurate or incomplete data.
- Right to erasure (“Right to be forgotten”): Request deletion of your data.
- Right to restrict processing: Limit how your data is used.
- Right to data portability: Receive your data in a commonly used, machine-readable format.
- Right to object: Object to processing under certain circumstances.
How to exercise your rights
You can:
- Modify your account data directly from the account page.
- Request data deletion or any other GDPR-related action by emailing us at admin@hackdex.app.
We will respond to all valid requests within 30 days.
12. Updates to This Policy
We may update this Privacy Policy occasionally to reflect platform or legal changes. Users will be notified of significant updates through an on-site notice. The “Last updated” date at the top of this page will always indicate the latest version.
13. Contact Information
If you have questions or concerns about this Privacy Policy or how your data is handled, please contact: admin@hackdex.app
GDPR Compliance Statement
Hackdex is committed to protecting user privacy and ensuring that all personal data is handled in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR). We apply appropriate technical and organizational measures to protect personal data, limit access, and maintain transparency in data processing practices.