What we do with your data.
Short version: this website doesn't track you. We don't run analytics, ad pixels, or session recorders. We log nothing about who you are.
What this page covers
This is the privacy policy for this website
(wehackitbeforetheydo.com). The data we hold about people who book a security
engagement is covered under the engagement contract, not here.
What we collect on this site
- CDN access logs. Our content delivery network (Amazon CloudFront) records the time of each request, the URL requested, the response status, an approximate region, and a user-agent string. These are kept for 30 days and used only for security and uptime diagnostics.
- Email you send us. If you email us at any of our contact addresses, we keep the conversation as long as we need to answer it.
- Nothing else. No cookies, no analytics, no remarketing, no fingerprinting.
What we don't do
- We don't sell or share data with third parties.
- We don't run Google Analytics, Plausible, Posthog, or any equivalent.
- We don't set tracking cookies. We set no cookies at all.
- We don't use ad-tech retargeting pixels (Meta, X, LinkedIn, etc.).
Your rights
Under GDPR and similar laws you have the right to know what personal data we hold about you, to ask us to correct or delete it, and to complain to a supervisory authority. To exercise any of these, email privacy@wehackitbeforetheydo.com and we'll respond within 30 days.
Where we are
WEHACKITBEFORETHEYDO LTD is a Delaware corporation. The website is served from infrastructure in the EU (Frankfurt). For EU/UK visitors we treat ourselves as the data controller for anything covered above.
Changes
If we change this policy in a way that affects what we collect, we'll update the date at the top of the page. Substantial changes will also be noted on the homepage for at least 30 days.