VIRAL HACK Privacy Policy

Last updated: July 6, 2026

Welcome to VIRAL HACK (referred to as the "Publication," "we," "us," or "our"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website, subscribe to our newsletters, or otherwise interact with our content and services (collectively, the "Services"). For the purposes of applicable data protection law, including the EU General Data Protection Regulation ("GDPR") and the UK GDPR, VIRAL HACK is the data controller of the personal information described in this Policy.

Our Services are hosted and distributed through the beehiiv platform, operated by beehiiv, Inc. ("beehiiv"). beehiiv acts as our service provider (data processor) for hosting, subscriber management, and email delivery, and may also process limited data independently, as a separate controller, for its own platform security and operational purposes. beehiiv's own privacy policy is available at https://www.beehiiv.com/privacy and its terms of use at https://www.beehiiv.com/tou; we encourage you to review them, as they govern beehiiv's independent processing of your data.

1. Scope

This Policy applies to:

  • Visitors browsing our website and content.
  • Free and paid email newsletter subscribers.
  • Anyone who contacts or communicates with us directly.

This Policy does not apply to third-party websites, products, or services linked from our content, which are governed by their own privacy policies.

2. Age Restrictions and Children's Privacy

Our Services are intended strictly for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18 years of age (and in no event from children under 13, in accordance with the U.S. Children's Online Privacy Protection Act, or under 16 where required by applicable EU/EEA law). If we learn that we have collected personal information from a minor, we will delete it promptly. If you believe a minor has provided us with personal information, please contact us.

3. Information We Collect

Information You Provide

  • Email address, name, and subscription preferences.
  • Direct communications and messages sent to us or our support team.
  • For premium subscriptions: payment status, transaction identifiers, and billing-related metadata. Payments are processed by third-party payment processors engaged through the beehiiv platform, including Stripe, Inc. ("Stripe"); we do not receive, store, or process complete payment card numbers. Stripe processes your payment data under its own privacy policy, available at https://stripe.com/privacy.

Information Collected Automatically

  • IP address, browser type, operating system, and device identifiers.
  • Approximate location derived from your IP address.
  • Timestamps, referring websites and pages viewed.
  • Cookie data and similar tracking technologies (e.g., pixels, SDKs).
  • Email engagement metrics, such as opens, clicks, and delivery status.

4. Purposes of Processing and Legal Bases

We process your personal information for the following purposes. Where the GDPR or UK GDPR applies, the corresponding legal basis is indicated:

  • To deliver our newsletters and manage your subscription (performance of a contract; consent for email marketing).
  • To process payments for premium subscriptions and manage billing (performance of a contract; legal obligation for tax and accounting records).
  • To personalize content and analyze and improve the performance of our Services (legitimate interests in operating and improving our publication).
  • To send administrative communications, such as billing alerts or service notices (performance of a contract; legitimate interests).
  • To send promotional and sponsored content (consent, which you may withdraw at any time via the unsubscribe link).
  • To detect and prevent fraud, abuse, and security incidents, and to resolve technical issues (legitimate interests; legal obligation).
  • To comply with applicable laws and enforce our Terms of Service (legal obligation; legitimate interests).

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Cookies and Tracking Technologies

We and our service providers use cookies, pixels, and similar technologies to operate the Services, remember your preferences, measure email and website engagement, and analyze traffic. Where required by law (including in the EU/EEA and UK), non-essential cookies are used only with your consent. You can manage or withdraw cookie consent through your browser settings or any cookie banner presented on our site; refusing cookies may affect certain site functionality. We do not currently respond to "Do Not Track" browser signals; however, we honor opt-out preference signals (such as the Global Privacy Control) where required by applicable law.

6. How We Share Information

We do not sell your personal information for money. We may share personal information in the following circumstances:

  • Service Providers: We share data with vendors that perform services on our behalf, including beehiiv (hosting, subscriber management, and email distribution — privacy policy: https://www.beehiiv.com/privacy), payment processors such as Stripe (privacy policy: https://stripe.com/privacy), and analytics providers. These providers are contractually bound to process data only on our instructions, except where they act as independent controllers for limited purposes such as platform security or payment processing.
  • Advertising Partners, Sponsors, and Affiliates: Our content may include sponsored placements and affiliate links (always clearly labeled). If you click such links or complete a purchase, we may share aggregated or pseudonymous conversion and click data with the relevant partner for performance measurement. Depending on your jurisdiction, this may qualify as "sharing" for cross-context behavioral advertising under the California Consumer Privacy Act as amended by the CPRA; you may opt out as described in Section 8.
  • Legal Requirements: We may disclose data where required by law, regulation, legal process, or governmental request, or where necessary to protect the rights, property, or safety of our users, the public, or our Publication.
  • Business Transfers: In connection with a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred to the successor entity, subject to this Policy.

7. Your Rights — All Users

  • Email Opt-Out: You may stop receiving marketing emails at any time by clicking the "unsubscribe" link at the bottom of any email we send. We will continue to send transactional messages related to any active paid subscription.
  • Access, Correction, and Deletion: You may request access to, correction of, or deletion of your personal information by contacting us. We will respond in accordance with applicable law and may need to verify your identity before acting on your request.

8. Additional Rights for EEA, UK, and Swiss Residents

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under applicable data protection law, subject to legal conditions and exemptions:

  • The right to access your personal data and receive a copy of it.
  • The right to rectification of inaccurate or incomplete data.
  • The right to erasure ("right to be forgotten").
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to processing based on legitimate interests, and an absolute right to object to direct marketing.
  • The right to withdraw consent at any time.
  • The right to lodge a complaint with your local supervisory authority (in the EU, the data protection authority of your member state; in the UK, the Information Commissioner's Office).

To exercise any of these rights, contact us. We will respond within the timeframes required by law (generally one month).

9. Additional Rights for California Residents

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") provides you with the following rights:

  • The right to know what categories of personal information we collect, the purposes of collection, and the categories of third parties with whom it is shared.
  • The right to access and receive a copy of your personal information.
  • The right to correct inaccurate personal information.
  • The right to delete your personal information, subject to certain exceptions.
  • The right to opt out of the "sale" or "sharing" of personal information. We do not sell personal information for money; to the extent that sharing click or conversion data with advertising partners constitutes "sharing" under the CCPA/CPRA, you may opt out by contacting us with the subject line "Do Not Sell or Share My Personal Information," or via any opt-out link provided on our site.
  • The right not to receive discriminatory treatment for exercising your privacy rights.

You may exercise these rights by contacting us. You may designate an authorized agent to make requests on your behalf, subject to identity verification.

10. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, including providing the Services, resolving disputes, maintaining business and tax records, and meeting legal obligations. Subscriber data is generally retained for the duration of your subscription and for a limited period thereafter. We maintain a minimal suppression ("unsubscribe") list indefinitely to ensure we respect your opt-out choices, as permitted and required by anti-spam laws such as CAN-SPAM.

11. International Data Transfers and Security

Our Services are operated from, and our vendors are primarily located in, the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate, which may not provide the same level of data protection as your home jurisdiction. Where required by the GDPR or UK GDPR, such transfers are made under appropriate safeguards, including the European Commission's Standard Contractual Clauses (and the UK Addendum or International Data Transfer Agreement) entered into by us or our service providers, or another lawful transfer mechanism such as the EU-U.S. Data Privacy Framework where the recipient is certified.

We implement reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, or misuse. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will revise the "Last updated" date at the top of this page, and material changes will be communicated by email or by prominent notice on our site before they take effect. Your continued use of the Services after the effective date of a revised Policy constitutes acknowledgment of the changes.