Privacy Policy

Effective date: March 26, 2026

hackaws.cloud is owned and operated by Daniel Grzelak (“hackaws,” “we,” “us,” or “our”). We recognise the importance of your privacy and are committed to protecting the personal information we hold about you.

This Privacy Policy has been developed in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. It explains how we collect, hold, use, and disclose your personal information when you use our website at hackaws.cloud, our platform at platform.hackaws.cloud, and any related services (collectively, the “Service”).

1. Information We Collect

Information you provide

• Account information. When you sign up via Google or GitHub authentication, we receive your name, email address, and profile identifier from the authentication provider.
• Assessment configuration. When you create an Assessment, you provide AWS account IDs, IAM role or user ARNs, scope definitions, exclusions, and technique selections.
• AWS credentials. You provide IAM credentials (role ARNs, access keys, or SSO configurations) as a starting foothold for Assessments. These credentials are used solely to execute the Assessment within your defined scope.
• Support requests. If you contact us, we collect the information you include in your message.
• Waitlist and survey responses. If you join our waitlist, we collect your email address and any survey responses you provide.

Information collected automatically

• Usage data. We use Google Analytics to collect anonymised information about how you use the Site, including pages visited, time spent, and referring sources. Google Analytics may set cookies on your device.
• Log data. Our servers may record your IP address, browser type, and request timestamps when you access the Service.

Information generated by the Service

• Assessment results. When our autonomous agent runs an Assessment, it generates attack graphs, findings, event logs, and reports based on what it discovers in your AWS environment. This data may include AWS resource identifiers, IAM principal ARNs, policy documents, and relationships between resources.

2. How We Use Your Information

We use your personal information to:

• Provide, operate, and maintain the Service.
• Authenticate your identity and manage your account.
• Execute Assessments against the AWS resources you designate.
• Generate assessment reports, attack graphs, and security findings.
• Respond to your support requests and communications.
• Send you essential service communications (e.g., account verification, assessment completion notifications).
• Improve and develop the Service through aggregated, de-identified usage analysis.
• Comply with legal obligations.

3. How We Store Your Information

All data is stored in our own AWS infrastructure in the us-east-2 (Ohio) region. We do not use third-party data processors or SaaS platforms to store your account data, Assessment configurations, or Assessment results. Your data resides in DynamoDB and S3, protected by AWS’s built-in encryption at rest and in transit.

AWS credentials you provide for Assessments are used only for the duration of the Assessment execution and are not stored after the Assessment completes.

4. Disclosure of Your Information

We do not sell, rent, or trade your personal information to third parties. We may disclose your information only in the following circumstances:

• Service providers. We use AWS as our infrastructure provider. Google Analytics processes anonymised usage data. Google and GitHub process authentication data when you sign in.
• Legal requirements. We may disclose information if required by law, regulation, legal process, or governmental request.
• Protection of rights. We may disclose information to protect our rights, property, or safety, or that of our users or the public.
• Business transfers. If hackaws.cloud is acquired or merged, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Cookies and Tracking

We use Google Analytics, which sets cookies on your device to collect anonymised usage statistics. We do not use advertising cookies, retargeting pixels, or third-party tracking beyond Google Analytics.

You can disable cookies through your browser settings or use browser extensions to block Google Analytics. Disabling cookies will not affect your ability to use the Service.

6. Data Retention

We retain your account information for as long as your account is active. Assessment data (attack graphs, findings, reports) is retained for as long as your account exists or as required to provide the Service. If you delete your account, we will delete your personal information and Assessment data within a reasonable timeframe, unless we are required by law to retain it.

Waitlist email addresses are retained until you unsubscribe or we no longer need them.

7. Your Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you.
• Correct any inaccurate or out-of-date personal information.
• Request deletion of your personal information, subject to any legal obligations we may have to retain it.
• Withdraw consent to processing where consent is the basis for processing. This may affect our ability to provide the Service to you.
• Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Australian Privacy Principles.

To exercise any of these rights, contact us at privacy@hackaws.cloud. We will respond to your request within 30 days.

8. International Data Transfers

Our infrastructure is hosted in the United States (AWS us-east-2). By using the Service, you consent to the transfer and storage of your information in the United States. We take reasonable steps to ensure that your information is treated securely and in accordance with this Privacy Policy regardless of where it is stored.

9. Children

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Security

We implement appropriate technical and organisational measures to protect your personal information, including encryption at rest and in transit, authentication via trusted identity providers (Google and GitHub), and access controls on our infrastructure. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page and update the effective date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or wish to make a complaint about our handling of your personal information, contact us at privacy@hackaws.cloud.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.