← Back to Home

Privacy Policy

Last Updated: January 15, 2026

                Summary: We collect only the information necessary to provide digital forensics assistance. Your evidence files are encrypted with AES-256-GCM. You can delete your data at any time.
            

1. Who We Are

HackAid is a Swedish non-profit volunteer initiative providing pro-bono digital forensics assistance. Our volunteers are working professionals who completed Advanced Digital Forensics training at Blekinge Tekniska Hogskola (BTH). This is an independent volunteer initiative; BTH takes no responsibility for HackAid services.

Data Controller: HackAid
Contact: privacy@hackaid.org
Jurisdiction: Sweden (Swedish law applies)

2. Information We Collect

2.1 Information You Provide

Data Type	Purpose	Required
Email address	Communication, application access	Yes
Organization name	Case identification, legal requirements	Yes
Contact person name	Communication, legal requirements	Yes
Phone number	Urgent communication	No
Incident description	Case assessment and assistance	Yes
Evidence files	Forensic analysis	Yes

2.2 Information Collected Automatically

IP Address: For security, rate limiting, and fraud prevention
Browser Information: User agent string for compatibility
Timestamps: When you access or modify your application
Activity Logs: Actions taken on your application (submissions, uploads, status changes)

2.3 Behavioral Analysis (Anti-Bot)

To prevent automated abuse, we analyze interaction patterns such as mouse movements, typing patterns, and form completion timing. This data is used only for bot detection and is not stored long-term or linked to your identity.

3. How We Use Your Information

Service Delivery: To review your case and provide forensics assistance
Communication: To send you updates about your application status
Security: To protect against fraud, abuse, and unauthorized access
Volunteer Assignment: To match your case with appropriate volunteers
Service Improvement: To improve our processes (aggregated, anonymized data only)

4. How We Protect Your Data

                Evidence File Security: All uploaded evidence files are encrypted using
                AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) before storage.
                Each file has a unique encryption key that is stored separately from the encrypted file.
            

4.1 Technical Measures

Encryption at Rest: Evidence files encrypted with AES-256-GCM
Encryption in Transit: All connections use HTTPS/TLS
Secure Storage: Data stored in AWS (EU region) with encryption
Access Controls: Only assigned volunteers can access case files
Unique Application IDs: Cryptographically random 8-character identifiers
Rate Limiting: Protection against brute-force attacks
CSRF Protection: Cross-site request forgery prevention

4.2 Organizational Measures

Volunteers agree to confidentiality requirements
Access granted only on a need-to-know basis
Activity logging for audit trails
Regular review of access permissions

5. Data Sharing

We share your information only with:

HackAid Volunteers: Assigned to review and assist with your case
Service Providers:
- Amazon Web Services (AWS) - Cloud hosting and storage (EU region)
- AWS Simple Email Service (SES) - Email delivery
Legal Requirements: If required by Swedish law or valid legal process

We do NOT sell, rent, or trade your personal information to third parties for marketing or any other purposes.

6. Data Retention

Data Type	Retention Period
Active applications	Until case completion + 90 days, or until you delete
Completed cases	12 months after completion (for reference)
Evidence files	Deleted with application or 30 days after case closure
Activity logs	12 months
Rate limit records	24 hours

7. Your Rights

Under GDPR and Swedish data protection law, you have the right to:

7.1 Access

Request a copy of your personal data. Contact us at privacy@hackaid.org.

7.2 Deletion

You can delete your application and all associated data at any time using the delete function in your application portal. Deletion is immediate and permanent.

7.3 Rectification

Request correction of inaccurate personal data.

7.4 Portability

Request your data in a machine-readable format.

7.5 Objection

Object to processing of your personal data in certain circumstances.

7.6 Complaint

You have the right to lodge a complaint with a supervisory authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY) - www.imy.se.

8. Cookies

We use only essential cookies required for the service to function:

Session Cookie: Maintains your logged-in state (volunteers only)
CSRF Token: Security protection against cross-site attacks

We do NOT use tracking cookies, analytics cookies, or advertising cookies.

9. International Data Transfers

Your data is processed and stored within the European Union (AWS EU-West-1 region in Ireland). We do not transfer your data outside the EU/EEA.

10. Children's Privacy

HackAid services are intended for organizations and individuals over 18 years of age. We do not knowingly collect information from children under 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active applicants of significant changes via email. The "Last Updated" date at the top indicates when the policy was last revised.

12. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@hackaid.org
General Contact: help@hackaid.org

                Note: This privacy policy applies to the HackAid web application and services.
                For questions about specific forensics engagements, please contact your assigned volunteer
                or email us directly.
            