Privacy Policy

Last updated: 2026-04-23

This policy describes what HAIL Framework collects, why we collect it, how long we keep it, who else sees it, and the controls you have over it. We have written it in plain language because governance starts with being legible to the people you serve.

1. Who we are

HAIL Framework is operated by Sarah Smith-Barry LLC, a Texas limited liability company doing business as HAIL Framework. You can reach us at hello@hailframework.com.

2. What we collect and why

Account data

Your name and email address. We need these to authenticate you into the course and to deliver your modules, quiz feedback, and certificate.

Billing data

Your payment is processed by Stripe. HAIL Framework never sees your card number. Stripe returns a charge status and a customer identifier, which we store to tie your enrollment to your payment.

Course data

Module progress, quiz attempts and scores, and your certificate identifier once you graduate.

Tool data

Diagnostic inputs you type into any of the 8 HAIL tools, and the computed scores those tools produce. We save these to your HAIL account so you can review and compare them over time. You can delete all tool results yourself from your Account page.

Technical data

A session cookie (a signed JWT named hail_session) that proves you are signed in. Server-side request logs that include IP address and browser user-agent, retained for security and abuse prevention. AWS CloudTrail records administrative activity against the infrastructure for audit purposes.

3. How long we keep it

Account and course data: for the life of your enrollment plus 12 months after graduation or cancellation.
Tool results: while you are enrolled plus 12 months, or until you delete them yourself from your Account page.
Billing records: 7 years, retained by Stripe, to meet federal and state tax requirements.
Certificates: 5 years, so that employers and reviewers can verify them on the public verification page.
Server logs and CloudTrail events: up to 90 days for request logs; CloudTrail per its default retention.

4. Who else sees it

Stripe, for payment processing.
Amazon Web Services, for hosting, transactional email delivery (SES), and audit logging (CloudTrail).
No advertising networks. No analytics resellers. No marketing list rentals. We do not sell data.

5. Your rights

You have the right to access the personal data we hold about you, correct it, delete it, and receive a copy in a portable format.

Self-service: delete all tool results from your Account page at any time.
Everything else: email hello@hailframework.com. We respond within 15 business days.
California residents have rights under the CCPA and CPRA, including the right to know, delete, correct, and limit the use of sensitive personal information. We do not sell personal information and do not share it for cross-context behavioral advertising.
Texas residents have similar rights under Texas SB 1522 (the Data Privacy and Security Act).
EU and UK users: see the Scope section below.

6. Security

Data is encrypted in transit with TLS and at rest with AWS KMS. Application secrets live in AWS SSM Parameter Store as SecureString parameters, never in source. Administrative accounts require MFA. IAM follows least privilege, and every infrastructure change is recorded in CloudTrail.

7. Children

This product is intended for working professionals and is not directed at minors. Do not use HAIL Framework if you are under 18.

8. Scope

HAIL Framework is marketed in the United States. EU and UK users are welcome to enroll, but please note that we do not currently maintain GDPR-specific infrastructure beyond the core access, correction, deletion, and portability rights described above. If you are an EU or UK resident and want to exercise any GDPR right, email us at hello@hailframework.com and we will respond within 15 business days.

A full postal address for EU data protection correspondence will be added to this policy before any marketing to EU residents begins. Until then, EU and UK users should contact us by email.

9. Changes to this policy

This page is updated from time to time. The Last updated date at the top reflects the most recent change. Material changes will be communicated by email where we have a current address for you.

10. Contact

Questions about this policy, or requests regarding your data, go to hello@hailframework.com.