HardenThisHardenThis
HardenThis

Privacy Policy

Last updated · June 15, 2026

This policy explains what personal data we process, why, who may receive it, and the rights you have under the GDPR.

1. Who is responsible

The data controller is -. For any privacy request, contact [email protected]. We are not required to appoint a Data Protection Officer.

2. What we collect

  • Account data: email, username and password.
  • Profile data you choose to add: name, biography, country, profile picture.
  • Activity data: your progress, results and achievements on labs and academy content, and any ratings you leave.
  • Technical data needed to run and secure the service, including your IP address and essential cookies.

We do not sell your data, do not use it for advertising or tracking, and do not make automated decisions that produce legal or similarly significant effects about you.

3. Why, and on what legal basis

  • To provide the service (account, labs, progress) - performance of a contract.
  • To send essential emails (verification, password reset) - contract and our legitimate interest in account security.
  • To keep the service secure (authentication, abuse prevention) - our legitimate interests.
  • To comply with the law where applicable - legal obligation.

4. Who may receive your data

We do not share your data with third parties for their own use. We rely on a small number of service providers acting on our instructions, to the extent necessary to run the service: hosting and infrastructure, email delivery, and security / anti-bot protection. We may also disclose data where required by law.

5. International transfers

Our service is operated from the European Union. Some processing may take place outside the European Economic Area, including in the United States, where part of the lab infrastructure runs. Where data is transferred outside the EEA, the transfer is covered by appropriate safeguards, such as the European Commission’s Standard Contractual Clauses or an adequacy decision.

6. How long we keep it

We keep your account and activity data for as long as your account exists. You can delete your account at any time from your settings, which deletes your personal data, subject to any limited retention required by law. Technical and security data is kept only for a short period.

7. Security

We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss or alteration.

8. Your rights

You have the right to access, rectify, erase, restrict or object to the processing of your data, and the right to data portability and to withdraw consent where applicable. To exercise them, email [email protected] or delete your account from your settings. You may also lodge a complaint with the French supervisory authority, the CNIL.

9. Children

You must be at least 15 years old to create an account. Minors need the consent of a parent or guardian.

10. Changes

We may update this policy. The “last updated” date above reflects the current version.