Privacy Policy
Last updated: June 2026
Overview
ExplainTheHack is a web-based educational platform for offensive security concepts and interview preparation, operated by Aleluya Technologies LLC (the data controller for the personal data described in this policy). This policy explains what data we collect, how we use it, and who we share it with. We collect only what is necessary to provide the service and process payments.
What we collect
- Email and account information: your email address, name, and authentication data, managed by Clerk. This is collected when you create an account and is used to identify you and manage your access.
- Payment information: billing details are processed directly by Stripe. We do not store credit card numbers, bank account details, or other payment credentials on our servers.
- Study progress and usage data: lesson completions, flagged lessons, quiz results, and flashcard progress. If you are signed in, this data is stored securely in our database (Supabase) so it syncs across your devices. If you are not signed in, it is stored locally in your browser and stays on your device.
- Aggregate visit statistics: we use Vercel Analytics, a cookieless analytics service that counts page visits in aggregate. It sets no cookies, stores nothing on your device, and does not identify or track you across sites.
How we use your data
- Account management: to create and maintain your account, authenticate your sessions, and manage your subscription status.
- Progress tracking: to save and sync your study progress so you can pick up where you left off.
- Product improvement: to understand how the platform is used and make it better. We do not sell your data or use it for advertising.
Third-party services
We use the following services to operate ExplainTheHack:
- Clerk — authentication and user management. Privacy policy
- Stripe — payment processing. Your payment information is handled entirely by Stripe. Privacy policy
- Supabase — database for study progress storage (signed-in users only). Privacy policy
- Vercel — hosting, deployment, and cookieless aggregate analytics (Vercel Analytics). Privacy policy
These services may collect technical data (such as IP addresses and browser information) as part of their normal operation. Each has its own privacy policy linked above.
Cookies and local storage
We use only strictly necessary cookies: authentication session cookies set by Clerk (first-party) so you can sign in and stay signed in. We do not use advertising, analytics, or tracking cookies, which is why you do not see a cookie consent banner on this site.
We also use your browser’s local storage for functionality you ask for: caching your study progress (and keeping it on your device if you study without an account) and caching authentication configuration. Nothing stored on your device is used to track you.
If you pay for a subscription, checkout happens on Stripe’s own checkout pages, where Stripe sets cookies for payment processing and fraud prevention under its own policy.
Legal bases and international transfers
Where EU/EEA or UK data-protection law applies, we process your data on the following legal bases: performance of a contract for account management, study-progress sync, and billing; and legitimate interest for service security and aggregate, non-identifying usage statistics.
We are a US-based company and the service providers listed above process data in the United States. Where required, transfers from the EU/EEA or UK rely on safeguards such as the EU–US Data Privacy Framework and/or Standard Contractual Clauses maintained by each provider.
Data retention
Account data is retained while your account is active. Study progress data is retained as long as your account exists. If you delete your account, your authentication data is removed from Clerk and your study progress is deleted from our database. Payment records are retained by Stripe as required by financial regulations.
Your rights
You can request access to, correction of, or deletion of your personal data at any time by contacting us. You can delete your account yourself in account settings (Security → Delete account) — this removes your authentication data from Clerk, deletes your study progress from our database, and cancels any active subscription. You can also email us and we will do it for you. We respond to data requests within 30 days.
If you are in the EU/EEA or UK, you additionally have the right to data portability, to restrict or object to processing, to withdraw consent where processing is based on consent, and to lodge a complaint with your local supervisory authority.
Children
ExplainTheHack is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us so we can remove it.
Changes to this policy
We may update this privacy policy from time to time. Changes will be reflected by updating the “Last updated” date at the top of this page.
Contact
For privacy-related questions, email rafael@aleluyatechnologies.com.