NYC Tech Week 2026 · Powered by CriticalAsset
The City / Hacks / The State

Privacy Notice

Last updated May 5, 2026 · Consent version 2026-05-05.v1

This notice describes how The City / Hacks / The State (the "Site"), powered by CriticalAsset, collects, uses, and shares personal information about visitors and registered participants, and how California residents can exercise their privacy rights.

1. Personal information we collect

  • Account & identity: name, email, team affiliation, role.
  • Submissions: project content you upload (graph JSON, summaries, URLs).
  • Device & usage: IP address, user-agent, pages visited, timestamps. Only stored as one-way hashes for consent audit purposes.
  • Consent records: categories you accept or reject, GPC signal, timestamp.

We do not knowingly collect precise geolocation, biometric data, or other sensitive personal information.

2. Why we collect it

  • Operate the hackathon platform (essential).
  • Score and judge submissions (essential).
  • Detect abuse and protect accounts (security / fraud).
  • Aggregate, de-identified product analytics (only with your consent).
  • Marketing about CriticalAsset programs (only with your consent).

3. Sources

Directly from you, from your team admin, or from your interactions with the Site.

4. Service providers we share with

  • Hosting and database infrastructure (Lovable Cloud).
  • Email delivery providers used for transactional notices.

We do not sell personal information for money. To the extent any analytics or marketing tools we may add in the future could constitute "sharing" for cross-context behavioral advertising under California law, you can opt out at any time using the controls described below.

5. Retention

We retain consent and audit records for at least 24 months for legal-defensibility purposes. Account and submission data is retained for the duration of the event and deleted on request, subject to lawful retention obligations.

6. Your California privacy rights

If you are a California resident, you may request to:

  • Know what personal information we have about you.
  • Delete personal information we hold about you.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of your personal information.
  • Limit the use of any sensitive personal information.

We do not discriminate against you for exercising your rights. To make a request, visit /privacy-request. We verify access, deletion, and correction requests by emailing a one-time link to the email address on the request.

7. Global Privacy Control

We honor the Global Privacy Control (GPC) signal as a valid opt-out of sale and sharing for the browser sending it. When detected, we automatically block any marketing/advertising tooling for that session and record the signal.

8. Cookies and similar technologies

Essential cookies are used for sign-in, session, and security. Analytics, functional, and marketing cookies are off by default and only loaded after you opt in via the consent banner. You can change your choices anytime via "Cookie preferences" in the footer.

9. Contact

Privacy requests and questions: privacy@criticalasset.dev

This notice describes implemented behavior. If we change data flows, we will update this notice and the consent version, and re-prompt for consent where required.

Privacy noticePrivacy requests
Your privacy choices. We use only essential cookies by default. With your consent we may also use analytics or marketing tools. You can change your choice anytime. See our Privacy Notice.