Legal
Privacy Policy
Controller: Adamantware OU · Estonia · Last updated: June 2026
01 — Who We Are
NoHatHacker is a product line operated by Adamantware OU, a company registered in Estonia. This policy describes what personal data we collect, why, and how long we keep it.
If you have questions or want to exercise any of your rights under GDPR, contact us at mr.adamantware@gmail.com.
02 — Data We Collect
We collect only what is necessary to operate the service. The table below lists everything we store:
| Data |
Why we collect it |
Where it lives |
Retained |
Email address
(account) |
Account identity and licence delivery |
Our licence server (EU) |
Until you request deletion |
Email address
(release notification opt-in) |
To notify you when a specific tool becomes available — collected only when you explicitly request to be notified |
Our licence server (EU) |
Until the release notification is sent; purged by log rotation thereafter |
Invoicing data
(name, billing address) |
Invoicing and VAT compliance — only collected when you request an invoice |
Our licence server (EU) |
7 years (statutory accounting obligation) |
| PayPal account identifier |
Recurring subscription billing via PayPal; we store only the PayPal account reference returned by PayPal after authorisation — no card data ever passes through us |
PayPal + our licence server (EU) |
Until subscription cancelled or account deleted |
| Login IP address |
Security audit log — detects account takeover and licensing abuse |
Our licence server (EU) |
5 years rolling |
| Machine fingerprint |
Tool licence enforcement (seat count) and security audit — ties a CLI session to a specific device; the fingerprint is a hash generated by the client tool and cannot be used to identify hardware outside the context of your account |
Our licence server (EU) |
5 years rolling |
All other operational logs (application errors, internal metrics, SMTP relay logs) are written locally on the server and are never transmitted to third parties. They are rotated automatically and are not stored in our database.
The tools themselves write local activity logs to the pentester's own machine. These logs are stored exclusively on the operator's device, are never sent to us, and exist to support the evidence trail for penetration-test reports. Adamantware OU has no access to them.
03 — What We Do Not Collect
- We do not collect credit or debit card numbers — all payment processing is handled exclusively by PayPal.
- We do not use cookies for tracking or advertising.
- We do not collect tool usage telemetry, keystrokes, scan targets, or any output produced by the tools.
- We do not sell, rent, or share your data with third parties for marketing purposes.
04 — Legal Basis (GDPR)
- Contract performance (Art. 6(1)(b)): email address, PayPal account — required to deliver the service you purchased.
- Legal obligation (Art. 6(1)(c)): invoicing data — retained under Estonian and EU accounting rules.
- Legitimate interest (Art. 6(1)(f)): IP address and machine fingerprint — fraud prevention, licence enforcement, and security audit trail; retained for 5 years to support any legal or contractual dispute arising from misuse. Our interest is proportionate and does not override your rights.
- Consent (Art. 6(1)(a)): release notification opt-in email — you explicitly submit your address to be notified; the record exists solely for that purpose and is purged once the notification has been sent or on request.
05 — Third-Party Processors
- PayPal (Europe) S.à r.l. et Cie, S.C.A. — payment processing. Your payment data is governed by PayPal's Privacy Statement. We receive only a subscription/account reference token.
- Hetzner Online GmbH — our server is hosted in an EU data centre. Hetzner acts as a data processor under a standard DPA.
We do not use Google Analytics, Meta Pixel, or any other advertising or analytics service.
06 — Your Rights
Under GDPR you have the right to:
- Access — request a copy of all data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — request deletion of your data, subject to our legal retention obligations (invoicing data).
- Restriction — ask us to suspend processing while a dispute is resolved.
- Portability — receive your data in a machine-readable format.
- Object — object to processing based on legitimate interest (IP/fingerprint logs).
To exercise any right, email mr.adamantware@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee).
07 — Data Retention Summary
- Account email: retained until you request deletion or the account is inactive for 3 years.
- Invoicing data: 7 years from the invoice date (legal minimum).
- PayPal reference: deleted when subscription ends or account is removed.
- IP address & machine fingerprint: 5-year rolling window, then automatically purged.
- Release notification opt-in email: retained only until the notification is sent; purged by log rotation thereafter. You may also ask to be removed at any time before the notification fires.
08 — Changes to This Policy
If we make material changes we will update the "Last updated" date at the top and, where feasible, notify active customers by email. Continued use of the service after the update date constitutes acceptance of the revised policy.