diff --git a/constants/general.constant.js b/constants/general.constant.js
index e1cc8502..ddd7ccbc 100644
--- a/constants/general.constant.js
+++ b/constants/general.constant.js
@@ -134,6 +134,7 @@ const SAMPLE_DIET_RESTRICTIONS = [
 const HACKER = "Hacker";
 const VOLUNTEER = "Volunteer";
 const STAFF = "Staff";
+const HACKBOARD = "Hackboard";
 const SPONSOR = "Sponsor";
 
 const SPONSOR_T1 = "SponsorT1";
@@ -171,8 +172,9 @@ POST_ROLES[SPONSOR_T4] = "postSponsor";
 POST_ROLES[SPONSOR_T5] = "postSponsor";
 POST_ROLES[VOLUNTEER] = "postVolunteer";
 POST_ROLES[STAFF] = "postStaff";
+POST_ROLES[HACKBOARD] = "Hackboard";
 
-const USER_TYPES = [HACKER, VOLUNTEER, STAFF, SPONSOR];
+const USER_TYPES = [HACKER, VOLUNTEER, STAFF, HACKBOARD, SPONSOR];
 const SPONSOR_TIERS = [
     SPONSOR_T1,
     SPONSOR_T2,
@@ -184,6 +186,7 @@ const EXTENDED_USER_TYPES = [
     HACKER,
     VOLUNTEER,
     STAFF,
+    HACKBOARD,
     SPONSOR_T1,
     SPONSOR_T2,
     SPONSOR_T3,
@@ -230,6 +233,9 @@ CREATE_ACC_EMAIL_SUBJECTS[
 CREATE_ACC_EMAIL_SUBJECTS[
     STAFF
 ] = `You've been invited to create a staff account for ${HACKATHON_NAME}`;
+CREATE_ACC_EMAIL_SUBJECTS[
+    HACKBOARD
+] = `You've been invited to create a hackboard account for ${HACKATHON_NAME}`;
 
 const CACHE_TIMEOUT_STATS = 5 * 60 * 1000;
 const CACHE_KEY_STATS = "hackerStats";
@@ -282,6 +288,7 @@ module.exports = {
     SPONSOR: SPONSOR,
     VOLUNTEER: VOLUNTEER,
     STAFF: STAFF,
+    HACKBOARD: HACKBOARD,
     SPONSOR_T1: SPONSOR_T1,
     SPONSOR_T2: SPONSOR_T2,
     SPONSOR_T3: SPONSOR_T3,
diff --git a/constants/role.constant.js b/constants/role.constant.js
index 87cb3eba..ebd33a7d 100644
--- a/constants/role.constant.js
+++ b/constants/role.constant.js
@@ -20,12 +20,32 @@ const accountRole = {
     ]
 };
 
+const hackboardRestrictedRoutes = [ // hackboard permissions is all staff routes minus these routes
+    Constants.Routes.hackerRoutes.postAnySendWeekOfEmail,
+    Constants.Routes.hackerRoutes.postSelfSendWeekOfEmail,
+    Constants.Routes.hackerRoutes.postAnySendDayOfEmail,
+    Constants.Routes.hackerRoutes.postSelfSendDayOfEmail,
+    Constants.Routes.staffRoutes.postAutomatedStatusEmails,
+    Constants.Routes.staffRoutes.getAutomatedStatusEmailCount,
+    Constants.Routes.hackerRoutes.patchAcceptHackerById,
+    Constants.Routes.hackerRoutes.patchAcceptHackerByEmail,
+    Constants.Routes.hackerRoutes.patchAcceptHackerByArrayOfIds,
+    Constants.Routes.settingsRoutes.getSettings,
+    Constants.Routes.settingsRoutes.patchSettings
+];
+
 const adminRole = {
     _id: mongoose.Types.ObjectId.createFromTime(1),
     name: Constants.General.STAFF,
     routes: Constants.Routes.listAllRoutes()
 };
 
+const hackboardRole = {
+    _id: mongoose.Types.ObjectId.createFromTime(9),
+    name: "Hackboard",
+    routes: createHackboardRoutes()
+};
+
 const hackerRole = {
     _id: mongoose.Types.ObjectId.createFromTime(2),
     name: Constants.General.HACKER,
@@ -143,6 +163,15 @@ const singularRoles = createAllSingularRoles();
 const allRolesObject = createAllRoles();
 const allRolesArray = Object.values(allRolesObject);
 
+function createHackboardRoutes() {
+    const restrictedRouteIds = new Set(
+        hackboardRestrictedRoutes.map((route) => route._id.toString())
+    );
+    return Constants.Routes.listAllRoutes().filter((route) => {
+        return !restrictedRouteIds.has(route._id.toString());
+    });
+}
+
 /**
  * Creates all the roles that are of a specific uri and request type
  * @return {Role[]}
@@ -185,6 +214,7 @@ function createAllRoles() {
     let allRolesObject = {
         accountRole: accountRole,
         adminRole: adminRole,
+        hackboardRole: hackboardRole,
         hackerRole: hackerRole,
         volunteerRole: volunteerRole,
         sponsorT1Role: sponsorT1Role,
@@ -208,6 +238,7 @@ function createAllRoles() {
 module.exports = {
     accountRole: accountRole,
     adminRole: adminRole,
+    hackboardRole: hackboardRole,
     hackerRole: hackerRole,
     volunteerRole: volunteerRole,
     sponsorT1Role: sponsorT1Role,
diff --git a/middlewares/auth.middleware.js b/middlewares/auth.middleware.js
index eeb898c7..ce3a8793 100644
--- a/middlewares/auth.middleware.js
+++ b/middlewares/auth.middleware.js
@@ -477,6 +477,11 @@ async function addCreationRoleBindings(req, res, next) {
             req.body.account.id,
             Constants.Role.adminRole.name
         );
+    } else if (req.body.account.accountType === Constants.General.HACKBOARD) {
+        await Services.RoleBinding.createRoleBindingByRoleName(
+            req.body.account.id,
+            Constants.Role.hackboardRole.name
+        );
     } else {
         // Get the default role for the account type given
         const roleName =
diff --git a/routes/api/hacker.js b/routes/api/hacker.js
index 58f57d8b..bfc7a5bf 100644
--- a/routes/api/hacker.js
+++ b/routes/api/hacker.js
@@ -269,11 +269,12 @@ module.exports = {
 
         /**
          * @api {patch} /hacker/status/:id update a hacker's status - DOES NOT trigger an email to the hacker
+         * updates all hacker data fields passed
          * @apiName patchHackerStatus
          * @apiGroup Hacker
          * @apiVersion 0.0.9
          *
-         * @apiParam (body) {string} [status] Status of the hacker's application ("None"|"Applied"|"Accepted"|"Declined"|"Waitlisted"|"Confirmed"|"Withdrawn"|"Checked-in")
+         * @apiParam (body) {string} [status] Status of the hacker's application ("None"|"Applied"|"Accepted"|"Declined"|"Waitlisted"|"Confirmed"|"Withdrawn"|"Checked-in") as well as reviewer fields and any other hacker data in hacker data object
          * @apiSuccess {string} message Success message
          * @apiSuccess {object} data Hacker object
          * @apiSuccessExample {object} Success-Response:
@@ -283,7 +284,8 @@ module.exports = {
          *              "status": "Accepted"
          *          }
          *      }
-         * @apiPermission Administrator
+         * @apiPermission Administrator / Hackboard
+         *
          */
         hackerRouter.route("/status/:id").patch(
             Middleware.Validator.RouteParam.idValidator,
diff --git a/services/accountConfirmation.service.js b/services/accountConfirmation.service.js
index f27bff94..028e0615 100644
--- a/services/accountConfirmation.service.js
+++ b/services/accountConfirmation.service.js
@@ -172,6 +172,8 @@ function generateAccountInvitationEmail(address, receiverEmail, type, token) {
         emailSubject = Constants.CREATE_ACC_EMAIL_SUBJECTS[Constants.SPONSOR];
     } else if (type === Constants.STAFF) {
         emailSubject = Constants.CREATE_ACC_EMAIL_SUBJECTS[Constants.STAFF];
+    } else if (type === Constants.HACKBOARD) {
+        emailSubject = Constants.CREATE_ACC_EMAIL_SUBJECTS[Constants.HACKBOARD];
     }
     const handlebarPath = path.join(
         __dirname,
diff --git a/tests/util/roleBinding.test.util.js b/tests/util/roleBinding.test.util.js
index 56c566d6..93f0c0ba 100644
--- a/tests/util/roleBinding.test.util.js
+++ b/tests/util/roleBinding.test.util.js
@@ -25,6 +25,9 @@ function createRoleBinding(accountId, accountType = null, specificRoles = []) {
         case Constants.General.STAFF:
             roleBinding.roles.push(Constants.Role.adminRole);
             break;
+        case Constants.General.HACKBOARD:
+            roleBinding.roles.push(Constants.Role.hackboardRole);
+            break;
         case Constants.General.SPONSOR_T1:
             roleBinding.roles.push(Constants.Role.sponsorT1Role);
             break;