top of page

Privacy Policy

Effective Date: 04/30/2025

Last Updated: 04/30/2025

 

ATC24 Controllers, a fiscally sponsored organization by The Hack Foundation ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and disclose personal data across all services under atc24controllers.com, including the following subdomains:

 

  • login.atc24controllers.com – Auth0-based login and authentication

  • oidc.atc24controllers.com – Microsoft Entra Verified ID login and identity framework

  • portal.atc24controllers.com – Employee hour tracking and logs  

  • api.atc24controllers.com/theory/ – Theory exam platform  

  • api.atc24controllers.com/fasttrack/ – VATSIM fast track submissions  

  • chatwoot.atc24controllers.com – Support via Azure-hosted Chatwoot  

  • pbx.atc24controllers.com – Communications and notifications  

 

1. Information We Collect

 

We collect the following categories of personal information depending on your interaction with our services:

 

a. Identity & Authentication Data

- Discord ID and VATSIM CID  

- OAuth profile information: full name, email, avatar  

- Microsoft Verified ID claims  

- Auth0 metadata (e.g., login timestamps)  

 

b. Usage & Profile Data

- User profile: role, quota, rank (e.g., "Member", "Controller")  

- Time spent, login timestamps, access reason (from portal)  

- Theory exam attempts, answers, score, type (S1, S2, S3)  

- Fast track requests (CID, Discord ID)  

 

c. Communication Data

- SMS, WhatsApp, and Chatwoot messages  

- Phone number and message content when you reach out via messaging platforms  

 

d. Technical & Error Logging

- IP address, browser type, login history  

- Sentry error reports for debugging  

 

e. Voice Channel Usage

- Presence in Discord voice channels  

- Time connected to each session  

Note: We do not record voice audio.

​

f. Donation Data

- Name, email address, and amount (if provided during donation)

- Donation method and transaction metadata (e.g., via Givebutter or Hack Club)

- Communication preferences submitted during donations

Note: We do not process or store full payment details; these are handled by third-party platforms.

 

2. How We Use Your Information

 

We use your personal data to:

- Authenticate and authorize user access  

- Create and maintain user profiles  

- Log participation, hours, and training progress  

- Evaluate and record theory exams  

- Process fast track applications via VATSIM  

- Deliver support through Chatwoot, SMS, or WhatsApp  

- Monitor security and system reliability (via Sentry)  

- Generate usage statistics and administer operational quotas  

 

3. Legal Bases for Processing (GDPR)

 

We process data under the following lawful bases:

- Consent: when logging in via Discord, VATSIM, or other providers  

- Contractual necessity: to provide access to our services  

- Legitimate interest: for system integrity, usage tracking, improvement  

- Legal obligation: to comply with applicable training or operational laws  

 

4. Your Privacy Rights (GDPR & CCPA)

 

Under GDPR, you have the right to:

- Access your personal data  

- Request correction or deletion  

- Restrict or object to processing  

- Request data portability  

 

Under CCPA (California Residents), you may:

- Know what personal data we collect and how we use it  

- Request deletion of your data  

- Opt out of the sale or sharing of personal data (*we do not sell or share data for advertising*)  

- Appoint an authorized agent to make requests on your behalf  

 

You can exercise these rights by contacting privacy@atc24controllers.com or calling one of the numbers in Section 8.

 

5. Messaging and Customer Support

 

When you contact us via SMS at +1 (866) 924-1083, +44 7893 952159, or WhatsApp Business, we collect:

- Your phone number  

- Message content  

 

We use a self-hosted instance of Chatwoot on Microsoft Azure to manage communications. Messages are deleted once your request is resolved.

 

- Your data is never sold or shared.  

- You may opt out at any time by replying "STOP" or requesting cessation.  

 

6. Subprocessors and Hosting

 

We use the following third-party services to deliver and manage our platform:

 

- Wix.com Ltd. – Website hosting for `atc24controllers.com`  

- Auth0, Inc. (a subsidiary of Okta, Inc.) – Authentication across subdomains  

- Microsoft Corporation – Entra Verified ID identity services and Azure cloud hosting  

- Google LLC – Utility bots and core API infrastructure  

- DigitalOcean, LLC – Secure MongoDB database hosting  

- Functional Software, Inc. (Sentry) – Application monitoring and error tracking  

- Discord Inc. – Voice communications and OAuth login

- Givebutter, Inc. – Platform used to collect donations and manage donor communications

- The Hack Foundation – Manages donations on our behalf as our fiscal sponsor through their HCB platform

 

All subprocessors are bound by contractual obligations to ensure adequate data protection.

 

7. Data Protection Officer (DPO) and UK Representation

 

Data Protection Officer

Name: Jose Moran Urena

Email: bubbles@atc24controllers.com

Phone: +1 (866) 924-1083 ext. 1001

 

GDPR Article 27 UK Representative

A designated UK representative has been appointed in accordance with Article 27 of the UK GDPR.

 

Email: mrmylo@atc24controllers.com

Location: United Kingdom

 

You may contact either to exercise your data rights or raise privacy concerns.

 

8. Contact Information

 

For questions, requests, or complaints regarding your data:

 

- Email: privacy@atc24controllers.com  

- Phone (US): +1 (866) 924-1083  

- Phone (UK): +44 7893 952159  

- DPO Email: bubbles@atc24controllers.com  

 

9. Security Measures

 

We implement appropriate technical and organizational safeguards including:

- End-to-end encryption for authentication and transport  

- Access control and audit logging  

- Secure database hosting and backups  

- Monitoring via Sentry for anomalies or breaches  

 

10. Data Retention

 

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy. Data related to user accounts, exams, logs, and support is retained for up to 24 months after inactivity unless required otherwise by law or upon user request. Donation-related data, such as donor name, email, and amount, is retained by Givebutter and The Hack Foundation (our fiscal sponsor) in accordance with their respective retention policies. We retain access to donor metadata solely for communication and reporting purposes, and only as long as necessary.

 

11. International Data Transfers

 

Your data may be stored and processed in the United States, United Kingdom, or European Union. We apply appropriate safeguards, including Standard Contractual Clauses (SCCs), to ensure lawful international data transfers under GDPR.

 

12. Children’s Privacy

 

Our services are not intended for children under the age of 13. Access requires a Discord account, which is restricted to individuals aged 13 or older. We do not knowingly collect data from children under this age.

 

If you believe we have inadvertently collected such data, please contact us immediately to request deletion.

 

13. Cookies and Tracking Technologies

 

We may use cookies or similar technologies to support secure authentication, improve performance, and personalize your experience. Where legally required, we ask for consent via a cookie banner or browser prompt before storing or retrieving information on your device.

 

14. Changes to This Policy

 

We may update this Privacy Policy periodically. Any significant changes will be communicated on our platform or by email where applicable. Continued use of our services after updates constitutes acceptance of the revised terms.

bottom of page