Content on our policies site, unless otherwise specified, is licensed under the Creative Commons Attribution-ShareAlike 4.0 International license.

Attribution

When you adopt our policies on your own, please credit us as such with the following format, replacing placeholders as required:

Portions of this [policy name] are adopted from Recap Time Squad's [original policy]([link to policy, either live version or archived via Internet Archive/other service]), licensed under CC-BY-SA-4.0 (https://creativecommons.org/licenses/by-sa/4.0).

You may customize how you attribute your adaptation to the original policy as long as it is linked to the original policy page and the license page to be compliant with the license terms.

Welcome to our policies site, where we host most of our policies publicly in one place. Use the navigation menu on the left (or by tapping the hamburger icon) or the search bar/icon to navigate around.

Important policies and legal documents

Changelog and previous versions

You can track policy changes and more in one place on its dedicated page below:

Reporting security issues

Email [email protected] with details about the security issue in question.

If you are also submitting security patches for our projects, we recommend emailing the patchsets to ~recaptime-dev/[email protected] or using confidential merge requests in GitLab SaaS.

Last updated on July 20, 2025 (changelog)

Our refund policy is roughly based on the default one in the Open Collective platform (docs), with some adjustments. Depending on how and where you donate or pay, we may be able to issue you a refund once it is reviewed by both our team and our fiscal sponsor.

General guidelines

We only review refund requests if they are covered under this policy (or if they're not covered but have specific guidelines similar to this).

Once we receive a refund request, we'll try to respond within 1-2 weeks to allow us to investigate possible issues and check if the amount requested is correct.

Timeline for refund requests

Depending on the payment method used and payment processor, it may take up to 10-20 banking days for refunds to reflect on your bank or credit card statement if approved. If it takes longer than that, contact your bank for details.

Covered vs not covered by refunds

Covered

• Donations and payments processed through Stripe on the following platforms in particular order:

  • HCB (your refund request will be forwarded to the HCB team for review)

  • Open Collective (email [email protected] first so we can review your request)

Not covered

• Discord Server Subscriptions and Premium Apps - and

• GitHub Sponsors -

• Donations and payments via manual bank transfers (not through Direct Debit if processed through Stripe)

As an open-source organization, we have adapted these open-source policies

• Linux DCO

• Licensing guidelines

• Release policy and checklist

Accountability / BDFL

Andrei Jiroh is our team lead and founder, as well as the SABDFL (self-assigned benevolent dictator for life) for most of the Recap Time Squad projects, and the primary contact for our organization regarding the HCB fiscal sponsorship agreement.

You may contact him via email at [email protected] for general inquiries about the organization and its projects, or reach out via RCS at +63 994 325 9266 (also WhatsApp, and ) for emergencies and abuse/incident reports only (see also ).

Site-wide content updates

August 4, 2025

We moved to GitBook in terms of hosting the policies site, as well as to lessen our maintainer burden from updating Python packages responsible for the site itself. We'll keep things in sync with the Git history in the future, although we started fresh by creating a local orphan branch.

1Password

Our 1Password for Teams account (recaptime-dev.1password.com) is provided at no cost as part of the 1Password for Open-source program, with benefits such as:

• developer integrations through managing SSH keys and signing Git commits, authenticating CLIs with biometrics, and securing secrets throughout projects

Team organizations in 1Password can have up to 10 regular users and 5 guests, so slots are limited at the moment (and the break-glass account can't be used daily due to the risk of abusing elevated permissions).

Vaultwarden

Our Vaultwarden organization (hosted on our instance at vault.recaptime.dev at Hack Club Nest) is available for those who use Bitwarden clients, although the credentials may be outdated due to the use of 1Password.

As one of the fiscally hosted organizations by Hack Club, we have HCB-specific branding guidelines on how to properly mention our fiscal sponsorship status to anyone, not just prospective sponsors and donors but for legal purposes.

Stating fiscal sponsorship status

While the default format from the official guidelines (shown below in plain text) is enough in most cases, we want to link them to HCB since transparency mode is enabled, and to allow anyone not familiar with Hack Club's fiscal sponsorship program + platform

Because of that,

On using "fiscal host" vs "fiscal sponsor"

Since our fiscal sponsor is based in the United States, it uses the legal term "fiscal sponsor" to state our legal status as a fiscally sponsored organization. In Open Collective's UI and documentation, it uses the more generalized term "fiscal host" because many countries (especially in Europe) use different terms than what is typically used in the US.

Using proof of fiscal sponsorship documents

Any member of our organization in the HCB dashboard ( on GitHub for context) can access these legal documents, provided that

When we share your information with third-party subprocessors, such as our vendors and service providers, we remain responsible for it. We work very hard to maintain your trust when we bring on new vendors, and we require all vendors to enter into data protection agreements with us that restrict their processing of Users' Personal Information (as described in our privacy policy)

When we bring on a new vendor or other subprocessor who handles our Users' Personal Information, or remove a subprocessor, or we change how we use a subprocessor, we will update this page.

See also

Basics

Recap Time Squad is a open-source organization, alongside its projects such as Community Lorebooks, by (d.b.a ), a US 501(c)(3) non-profit with EIN 81-2908499.

Alongside the Community Code of Conduct, we also enforce platform and community-specific guidelines and rules to complement

Zulip

(Applies to the Recap Time Squad Zulip Cloud organization)

Your RecapTime.dev Staff SSO account is a Google Cloud Identity organization account managed independently from the one that Hack Club uses both at the HQ and for eligible HCB organizations. It is being planned to utilize Authentik (the same system that powers Hack Club Nest Identity and blahaj.land SSO) in the future.

Technical details and limitations

Currently, we set up our Google Cloud Identity organization for purposes of SSO in apps like Tailscale and Cloudflare One and use of the Google Cloud Platform, and not for Google Workspace apps (we're currently in our fiscal host's waiting list for their Google Workspace organization at the moment).

Legal information

Recap Time Squad is a fiscally-sponsored open-source organization under The Hack Foundation (d.b.a Hack Club), a US 501(c)(3) non-profit with EIN 81-2908499. Andrei Jiroh Halili, a natural-born Filipino citizen and Philippine resident, is our SABDFL (self-assigned benevolent dictator for life) and lead maintainer for projects under the organization and primary contact with the fiscal sponsor's operations team.

Visit Legal information / Imprint / Impressum for the up-to-date imprint and legal documents about our organization.

General abuse reports

For regular abuse reports (general or service/API-specific ToS, legal takedown requests), email [email protected] with links and file attachments (if it is too large for email, links to file-based evidence are also enough) as evidence.

Code of conduct violations

For cases involving code of conduct violations, you may reach out to our code of conduct support at [email protected] and it will be routed to our internal GitLab issue tracker focused on reports of misconduct.

Intellectual property (IP) takedown reports

For takedown reports involving possible copyright and trademark-related issues (both under the copyright laws in the US and the Philippines), please email them to [email protected] with the following:

• Your legal name

• Name of the rights holder or its authorized agent, alongside contact details such as email address, phone number and mailing address

• Description of original work and links to infringing content

• 512(f) acknowledgment, Good faith belief, Authority to act (type "I attest, that you have a good faith belief that use of the material in this report is not authorized by the copyright owner, its agent, or the law; AND that, under penalty of perjury, you are authorized to act on behalf of the copyright owner; AND you understand, under 17 U.S.C. § 512(f), you may be liable for any damages, including costs and attorneys' fees, if you knowingly materially misrepresent reported material. Checking this box also confirms that you have a bona fide belief that the information and allegations contained in this report are accurate and complete, for purposes of the Digital Services Act.")

If you choose to file a copyright takedown report via the , we may publish your report alongside our response and actions taken on our own transparency reports, alongside being shared with third parties such as . Note that copyright takedown reports should not be used to silence criticism and speech, nor block valid reuse under existing fair use and fair dealing laws.

Violations affecting/coming outside RecapTime.dev

If we receive a violation report that either affects or comes from other communities, we have limited moderation powers over what’s happening outside our spaces, either public or within internal channels. This is usually the case when reporting content from other homeservers in the fediverse, in which coordination between homeserver admins and mods is required.

If that’s the case, a member from our moderation team will simply forward your case on your behalf anonymously unless you allow us to share your contact information with other moderators outside of our spaces. See also this FAQ entry on the Contributor Covenant website for context.

In case of a previous issue that caught our attention (or was found during an investigation), we’ll look into it and evaluate any options. This doesn’t mean we’re “digging your grave” for your past mistakes and controversies (see above) unless it’s involving grave misconduct, especially involving current trusted community members (maintainers, moderators) and core team members.

See also platform and community-specific policies

Applicability to staff/core team on business/corporate matters

The Community Code of Conduct also applies to our core team members and staff, as stated in this section, although laws on NDA enforcement and our fiscal sponsorship agreement with the HCB team may override/supersede this code of conduct in case of conflicts.

Appealing to an enforcement action

Anyone with an active enforcement action (i.e., bans, mandatory cool-offs) who believes that

You have a project to ship or even get adopted under the Recap Time Squad organization, and have reviewed the release policy and checklist, alongside being ready to take the responsibility of an open-source maintainer. One of the requirements is to have a LICENSE file in your repository/project.

This document answers "which license?"

In a nutshell

Our licensing policy for open-source projects is simple: as long as it is OSI-approved, can be maintained in the long term, and does not involve using the "fair source"/open-core model of licensing (unless cleared by the HCB team for dual-licensing or after refactoring), we can allow it to exist within our organization.

Last updated on July 15, 2025

Full text

(copied from )

How to sign the DCO

To open-source or innersource?

By default, internal projects are considered innersource if the codebase/project sources are accessible only to the team; otherwise, they are open-source if a corresponding OSI-approved license is present.

Please note that if you proceed, our fiscal sponsor will hold the copyrights to your project on our behalf. Be sure to consider this when reviewing our licensing guidelines.

Regarding GitLab for Open-source Program Terms compliance

Innersource projects that are private are considered ineligible for hosting on our GitLab SaaS namespaces. For compliance reasons, they should not be mirrored/hosted there unless manually cleared by Andrei Jiroh in coordination with GitLab's open-source program team. If you need to email them, remember to CC ~recaptime-dev/[email protected] in your correspondence.

While we can have one private project for purposes of security or moderation decisions (we choose to operate the moderation project in hybrid mode, meaning issues may be confidential, but publish those reports and stats there), we may need clearance from GitLab's open-source program team first or use a separate namespace for that.

Contributions

All contributions to a Recap Time Squad-hosted project are made under the project license in an inbound-outbound model under to simplify compliance.

Checklist

• Adopt the and

• Migrate any project-specific secrets from repository secrets settings to the centralized setup on Doppler/dotenvx.

Notes

Why do we call the GitLab.com instance GitLab SaaS?

We call the cloud-hosted GitLab.com instance GitLab SaaS to match the SaaS pricing, even though their handbook says otherwise.

Brand colors

Our official brand colors are derived from our brand icon/logo with the following hex codes:

• #bff6f9

• #f8049c

• #fdd54f

Brand kit

For team members with Canva team access: You can access our brand kit or by searching for Recap Time Squad it in the Brand Kits section of the Canva app. You might need to switch teams if you use your personal account instead of signing up/in via your @crew.recaptime.dev email address.

For everyone else: We're working on publishing our brand kit for public use in the future, but in the meantime, please come back here for any updates.

Data we collect and why

Information from web browsers and client

If you're just browsing on our websites, we collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs. This is stuff we collect from everybody, whether they have used our services/apps or not.

The information we collect about all visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally identifying information like Internet Protocol (IP) addresses.

We use this information from web browsers and other web clients for purposes of web analytics, service monitoring, security, and abuse prevention/mitigation.

Information you provide through our services/apps

If you create an account for our services/apps or use them with your existing social accounts via OAuth2 or OpenID Connect, we usually require you to provide some basic information about yourself. Unless you use social login, you will be asked for a non-disposable email address and password (or set up a passkey for passwordless authentication). You also have the option to give us more information if you want to, and this may include "User Personal Information."

"User Personal Information" is any information about one of our users that could, alone or together with other information, personally identify him or her. Information such as a username and password, an email address, a real name, and a photograph is are example of “User Personal Information.” User Personal Information includes Personal Data as defined in the data privacy laws, such as EU General Data Protection Regulation (GDPR) and the Data Privacy Act of 2012 in the Philippines.

User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, improve, and optimize our website and service.

If you use our services/apps through existing platforms such as Discord bots, we receive technical and basic information about your account, such as username and user IDs, alongside interaction data from the platform.

Information you provide through contacting us

When you contact us through email or one of the available contact methods, we collect your name, email address, or phone number used for contacting us, the subject line, and the message body of the inquiry, alongside any attachments provided.

What we do not collect

If you are a child under the age of 13 in most countries (or higher in some countries), you may not use our apps and services without parental consent. Recap Time Squad does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will, unfortunately, have to close your account.

Accessing your information

You can access and edit/amend the information we have about you in your account settings and in the respective apps/services. You can a

Data retention and deletion

Generally, Recap Time Squad retains User Personal Information for as long as your account exists or as needed to

Our use of cookies and trackers

Cookies

Like any website, we use "cookies" (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences and personalize your experience. We also use cookies to identify a device, for security reasons.

Tracking and analytics

Changes to this policy

Although most changes are likely to be minor, Recap Time Squad may change them from time to time. When we make changes to this policy, you will be notified at least 30 days before being effective via email address on file and on our announcement bulletins in GitHub Discussions and Zulip Cloud organization.

Credits

Portions of this privacy policy are adapted from the following sources:

TL;DR

• Treat everyone with respect and kindness.

• Be thoughtful in how you communicate.

• Don't be destructive or inflammatory.

• If you encounter an issue, please mail .

Why have a Code of Conduct?

Hack Club's community includes people from many different backgrounds. The Hack Club contributors are committed to providing a friendly, safe, and welcoming environment for all, regardless of age, disability, gender, nationality, race, religion, sexuality, or similar personal characteristic.

The first goal of the Code of Conduct is to specify a baseline standard of behavior so that people with different social values and communication styles can communicate effectively, productively, and respectfully.

The second goal is to provide a mechanism for resolving conflicts in the community when they arise.

The third goal of the Code of Conduct is to make our community welcoming to people from different backgrounds. Diversity is critical in order for us to build a thriving community; for Hack Club to be successful, it needs hackers from all backgrounds.

With that said, a healthy community must allow for disagreement and debate. The Code of Conduct is not a mechanism for people to silence others with whom they disagree.

Where does the Code of Conduct apply?

If you join in or contribute to the Hack Club ecosystem in any way, you are encouraged to follow the Code of Conduct while doing so.

Explicit enforcement of the Code of Conduct applies to all official online Hack Club groups, in-person meetings, and events including:

• The

• The , including , , & Zoom calls on Slack

• The

• Club Meetings

Anyone associated with HQ is required to follow and model the Code of Conduct in all situations, including places with explicit enforcement and in other spaces too. There is a higher bar for anyone associated with HQ.

Other Hack Club groups (such as hackathons, conferences, meetups, and other unofficial forums) are encouraged to adopt this Code of Conduct. Those groups must provide their own moderators and/or working group (see below).

Hacker Values

These are the values to which people in the Hack Club community should aspire.

• Be friendly and welcoming

• Be patient

  • Remember that people have varying communication styles and that not everyone is using their native language (meaning and tone can be lost in translation).

• Be thoughtful

People are complicated. You should expect to be misunderstood and to misunderstand others; when this inevitably occurs, resist the urge to be defensive or assign blame. Try not to take offense where no offense was intended. Give people the benefit of the doubt. Even if the intent was to provoke, do not rise to it. It is the responsibility of all parties to de-escalate conflict when it arises.

Unwelcome behavior

These actions are explicitly forbidden in Hack Club spaces:

• Expressing or provoking:

  • insulting, demeaning, hateful, or threatening remarks;

  • discrimination based on age, nationality, race, (dis)ability, gender (identity or expression), sexuality, religion, or similar personal characteristic;

  • bullying or systematic harassment;

Moderation & Enforcement

Please understand that speech and actions have consequences, and unacceptable behavior will not be tolerated. When you participate in areas where the code of conduct applies, you should act in the spirit of the "Hacker Values". If you conduct yourself in a way that is explicitly forbidden by the Code of Conduct, you will be warned and asked to stop, and your messages may be removed by community moderators. Repeated offenses may result in a temporary or permanent ban from the community.

• On your first offense, you will receive a written notice from one of our community moderators. Depending on the degree of the reported behavior, you may be asked to apologize, either in public or directly to the party that you have offended.

• On a second offense, you will be temporarily removed from the community. The period of the temporary ban may vary from 3 days to a month, decided based on the seriousness of the reported behavior. Please note that this ban does not indicate that you are no longer welcomed in the community - it represents an official warning for your behavior.

• On a third offense, you may be asked to leave the community. Your account may be suspended for an indefinite amount of time, and you may be publicly identified.

This procedure only serves as a general guideline for moderation & enforcement of our community conduct. Under all circumstances, the Working Group or Hack Club's staff members may take any action we deem appropriate, including immediate removal from the community. Being banned from the Hack Club community may also prevent you from participating in our community events, including but not restricted to: local club meetings, hackathons, or challenges.

Please understand that we will not restrict your ability to contact the Code of Conduct working group under any circumstance. If you have any questions or concerns about our decision, please reach out to us directly. If your Slack account is under suspension, email us directly at .

Working Group

The Working Group is responsible for handling conduct-related issues. Their mission is to de-escalate conflicts and try to resolve issues to the satisfaction of all parties. For all projects related to and/or maintained by Hack Club HQ, the Working Group is made up of the and . The specific team member(s) handling each violation depend on the location and nature of the issue.

Reporting Issues

If you encounter a conduct-related issue, you should report it to the Working Group using the process described below. Do not post about the issue publicly or try to rally sentiment against a particular individual or group.

• Mail

  • Your message will reach the Working Group.

  • Reports are confidential within the Working Group.

  • Should you choose to remain anonymous then the Working Group cannot notify you of the outcome of your report.

Note that the goal of the Code of Conduct and the Working Group is to resolve conflicts in the most harmonious way possible. We hope that in most cases issues may be resolved through polite discussion and mutual agreement. Bannings and other forceful measures are to be employed only as a last resort.

Changes to the Code of Conduct should be proposed by or making a pull request to this document.

Acknowledgments

This was adapted from . It is to be noted that many parts of Go's Code of Conduct are adopted from the Code of Conduct documents of the Django, FreeBSD, and Rust projects.