Privacy

When you sign up as an ambassador we collect:

• Your name, email, country, and how you plan to refer.
• The hashed IP and user agent of devices you use to sign up or sign in (we hash IPs server-side; we don't store the raw value).
• Your authentication events (magic-link send / consume).

We also collect, automatically:

• Click events on your referral link (hashed IP, user agent, country from Cloudflare, HTTP referrer, bot flag).
• Funnel state of people you referred — when they signed up at hackajob, when they went live, when they accepted an offer. We get this from hackajob's data warehouse via the ambassador attribution layer.

• To run your account and dashboard.
• To attribute referrals end-to-end so we can pay rewards accurately.
• To detect fraud (self-referrals, duplicate accounts, abnormal velocity).
• To send you transactional emails (sign-in links, lifecycle updates on your referrals, payout confirmations).
• To meet our legal and tax obligations.

Your account data and click events are stored in a managed Postgres database (Neon, EU region). Backups are encrypted at rest and retained for 24 months.

Email is handled by Resend. Payouts are processed by Tremendous. Both are passed only the data they need (recipient name + email for Resend; recipient + payout amount for Tremendous).

We use Sentry for error monitoring and PostHog for product analytics. Both receive masked / minimised data — never raw email contents, never bank details.

We share data only with:

• The processors named above (Resend, Tremendous, Neon, Sentry, PostHog).
• Other parts of hackajob (the main product, for attribution joins).
• Tax and law-enforcement authorities where required by law (e.g. if we receive a valid subpoena).

We do not sell your data to anyone, ever.

Under UK GDPR and equivalents you have the right to:

• Access the data we hold on you.
• Correct inaccuracies (your name, country, email).
• Delete your account and the data associated with it.
• Receive your data in a portable format.
• Object to processing (which would mean ending your participation in the Programme).
• Lodge a complaint with the ICO (UK) or relevant supervisory authority.

To exercise any of these, email ambassadors@hackajob.com. We respond within 30 days.

• Click events and authentication audit logs: 24 months.
• Ambassador and referral records: kept indefinitely while your account is active. On account deletion, kept for 7 years for financial-record purposes (rewards paid history) and then fully purged.

We use one essential cookie: the Auth.js session cookie that keeps you signed in. We don't use marketing cookies. We don't use third-party tracking pixels.

PostHog, where enabled, runs a first-party analytics cookie scoped to refer.hackajob.com. You can disable it via your browser's cookie controls without affecting your ability to use the Programme.

Privacy questions or requests: ambassadors@hackajob.com.