Ad Box — configurable via Admin > System Assets / Settings.
H@CK M1RR0R CMS V2 (build 37)
Legend
H Homepage defacement
M Mass defacements
R Redefacement (same target again)
L Location / IP-based defacement

1. Overview

This Privacy Policy explains how H@CK M1RR0R processes personal data, log information and content submitted by users and automated systems. Depending on who operates this instance, additional legal requirements (such as local data protection laws) may apply.

2. Data we collect

  • Access logs — IP address, user agent, requested URL, timestamp and basic request metadata may be recorded for security and debugging.
  • Account data — when you register, we collect your username, email address, codename and hashed password. Optional profile fields and team membership data may also be stored.
  • Defacement notifications — submissions via the Notify page can include domains, mirror URLs, IP addresses, user codenames, team references and descriptive fields.
  • Archive & ranking data — published defacements and related stats are stored in the archive tables, including timestamps, technical stack information and associated accounts/teams.
  • Contact & support — messages sent via the Contact form typically include your name, email address, reason and message content.

3. IP analytics & technical fingerprints

If the IP Analytics subsystem is enabled, the system may store IP-level statistics such as total hits, approximate geo information (country code), ISP/ASN hints and basic request fingerprints. This is primarily used for:

  • detecting abuse and automated attacks (rate limiting, WAF decisions);
  • aggregated statistics exposed via the IP Intel and Stats pages;
  • improving security posture and identifying anomalous traffic.

IP data is generally stored in pseudonymous form and is not intended to identify individuals directly. However, in combination with other information, IP data may be considered personal data under certain laws.

4. Cookies & session data

  • Session cookies — we use cookies to maintain your login session and CSRF protection. These cookies are required for authenticated features and cannot be disabled without breaking functionality.
  • Preference cookies — some instances may store basic UI preferences (for example, language or theme) in cookies or local storage.
  • Third-party cookies — if integrations such as reCAPTCHA or analytics are enabled, those providers may set additional cookies. Their handling is governed by the respective third-party policies.

5. How we use the data

  • To operate and maintain the H@CK M1RR0R service, including account management, rankings, archives and related features.
  • To protect the service against abuse, detect suspicious behaviour and enforce security measures (e.g. WAF, rate limiting, login protections, 2FA).
  • To respond to support, abuse or data removal requests submitted via the Contact page.
  • To produce aggregated, anonymised statistics that help improve the reliability and usefulness of the archive.

6. Legal basis (where applicable)

For jurisdictions where a legal basis is required to process personal data (for example under GDPR), processing activities are typically based on one or more of the following:

  • Legitimate interests — operating a security-relevant archive, preventing abuse and keeping the service secure and reliable.
  • Contractual necessity — providing user accounts, team features and other requested functionality.
  • Consent — in cases where you explicitly agree to optional features (for example, certain analytics or email notifications).

7. Data sharing & retention

  • We do not sell your personal data.
  • Data may be shared with infrastructure or security providers (for example, hosting, backup or monitoring services) solely for operating the service.
  • Logs and IP analytics may be retained for different periods depending on configuration and legal requirements. Some instances may rotate logs regularly or anonymise older entries.
  • Public-facing content (archives, rankings, team profiles) may be stored for longer periods as part of the historical record.

8. Your rights

Depending on your jurisdiction, you may have rights such as access, rectification, deletion, restriction of processing or data portability regarding your personal data. To exercise these rights on this instance, please contact the operator via the Contact page and include sufficient details to identify your account, team or relevant records.

9. Third-party services

This instance may integrate with third-party services such as:

  • Email providers — for account verification, password reset and notifications.
  • Messaging platforms — Slack, Telegram or similar channels used by the notification matrix.
  • Security & analytics tools — optional modules for traffic analysis or protection.

These third parties may process limited data about you as part of providing their services. Their use of data is governed by their own privacy policies.

10. Self-hosted instances

H@CK M1RR0R CMS V2 can be self-hosted by third parties. If you are running your own instance, you are responsible for providing and maintaining an accurate privacy policy that reflects your actual processing activities, legal obligations and contact details.

11. Changes to this policy

This Privacy Policy may be updated periodically. Where legally required, material changes may be announced on the News page or via similar channels. Continued use of the service after such changes indicates acceptance of the updated policy.

12. Contact

If you have questions or concerns about privacy on this instance of H@CK M1RR0R, please reach out via the Contact page and mention “Privacy” in the subject line.