Legal
Privacy Policy
Last updated: June 4, 2026
This Privacy Policy explains how HackFirstAid ("we", "us") collects, uses, and protects information submitted through the partner application form and the partner portal at partners.hackfirstaid.com. It applies only to this site; the consumer-facing HackFirstAid sites have their own privacy notices linked from about.hackfirstaid.com.
1. What we collect
- Application data: company legal name, DBA, website, country and state/province, primary contact name, work email, phone number, services you sell, current customer count, and any free-text background you provide.
- Portal account data: user email, name, role within the organization, and authentication metadata (sign-in timestamps, IP address for session security).
- Business activity: deals you register, customers you add, MDF requests, quotes, commissions, certifications, and lead responses.
- Operational logs: minimal server logs and error reports used to keep the portal running. We do not run third-party advertising trackers on this site.
2. Why we collect it
- To review and decide on partner applications.
- To operate the partner portal — deal registration, commissions, MDF, certifications, leads.
- To send program-related email (account confirmations, deal-status updates, MDF decisions, and program announcements).
- To detect and prevent abuse, fraud, and Code of Conduct violations.
- To meet our legal, tax, and accounting obligations.
3. How long we keep it
Applications that are not approved are retained for up to 24 months so we can reference them if you re-apply, then deleted. Active partner records are retained for the duration of your participation in the Program plus seven years after termination to meet Canadian tax and accounting record requirements. You can request earlier deletion of non-transactional data (see Section 7).
4. We do not sell or rent your data
HackFirstAid does not sell, rent, or trade partner data to third parties. We do not share your application contents with other partners. Aggregate, anonymized program statistics (e.g., total number of partners, certifications issued) may be published in marketing material but never in a form that identifies a specific Partner without consent.
5. Service providers
We rely on a small number of vendors strictly to run the portal: cloud hosting and database (Supabase / Lovable Cloud), transactional email delivery, and error monitoring. These providers process data only on our instructions and under contracts that prohibit secondary use. We do not transfer partner data outside of providers' standard North American and EU regions.
6. Security
The portal uses TLS in transit, encrypted storage at rest, role-based access controls, row-level security in the database, and audit logging on sensitive admin actions. Despite reasonable safeguards, no system is perfectly secure; we will notify affected partners promptly in the event of a security incident affecting their data, as required by applicable law.
7. Your rights
Subject to Canadian privacy law (PIPEDA) and applicable provincial law, you may request access to, correction of, or deletion of personal information we hold about you. We will respond within 30 days. Some data must be retained for legal or accounting reasons (see Section 3) and cannot be deleted while that obligation applies.
8. Email
Program-related transactional emails are required while you are an active Partner. Optional newsletter-style emails include a one-click unsubscribe link in every message and on /email/unsubscribe.
9. Changes
We will post material changes to this Policy here and update the "Last updated" date above. Where required by law, we will additionally notify the primary contact on file before changes take effect.
10. Contact
Privacy questions or requests: partners@hackfirstaid.com.