Legal
Privacy Policy
Effective April 9, 2026
1. Who Collects Your Data?
This Privacy Policy applies to all personal data collected by:
Hashtee Lab LLP ("Hashtee", "we", "us") 46 Bajaj Bhavan, 4th Floor, Nariman Point, Mumbai, Maharashtra 400021, India Email: legal@hashteelab.com
This policy covers data collected through our website (hashteelab.com), our API platform (platform.hashteelab.com), our AI models and services, and any interactions with our team.
2. What Data Do We Collect?
2.1 Data You Provide Directly
| Category | When Collected |
|---|---|
| Name, email, company name | Account registration, contact forms, demo requests |
| Billing information | Subscription and payment processing |
| API keys and credentials | Platform account creation |
| Communication content | Support tickets, emails, chat messages |
| Input data | Data you submit to our APIs for processing |
2.2 Data Generated Through Use
| Category | When Collected |
|---|---|
| API usage metrics | Each API request (endpoint, timestamp, response time, token count) |
| Platform activity | Dashboard interactions, settings changes, billing events |
| Authentication logs | Login attempts, session data, IP addresses |
2.3 Data Collected Automatically (Website)
| Category | When Collected |
|---|---|
| Device information | Browser type, operating system, screen resolution |
| Network data | IP address, approximate location (country/region level) |
| Usage data | Pages viewed, time on page, referral source |
| Cookies | Essential and analytics cookies (see Section 5) |
3. How Do We Use Your Data?
| Purpose | Data Categories | Legal Basis |
|---|---|---|
| Deliver API services and process your requests | Input data, account data, API keys | Contract performance |
| Manage your account and subscription | Account data, billing information | Contract performance |
| Process payments | Billing information | Contract performance |
| Provide technical support | Account data, communication content, API logs | Contract performance |
| Send service notifications (downtime, updates, billing) | Email address | Contract performance |
| Monitor API performance and reliability | API usage metrics, error logs | Legitimate interest |
| Detect and prevent fraud and abuse | Authentication logs, usage patterns, IP addresses | Legitimate interest |
| Improve our website and user experience | Website usage data, device information | Legitimate interest |
| Send marketing communications | Email address, company name | Consent (opt-in) |
| Comply with legal obligations | As required | Legal obligation |
3.1 API Input and Output Data
We do not use your API Input or Output to train our models unless you explicitly opt in to a data contribution programme. Input is processed solely to generate Output and is not retained beyond the API request lifecycle unless you enable request logging in your account settings.
When request logging is enabled:
- Logged requests are stored encrypted and accessible only to your account
- You can delete logged requests at any time from your dashboard
- Logs are automatically purged after your configured retention period (default: 30 days)
4. How Long Do We Keep Your Data?
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 90 days after deletion |
| API usage metrics | 12 months (aggregated metrics retained indefinitely) |
| API Input/Output (if logging enabled) | Your configured period (default 30 days) |
| Billing records | 8 years (Indian tax and accounting requirements) |
| Communication records | 3 years from last interaction |
| Website analytics | 26 months |
| Authentication logs | 12 months |
After the retention period, data is either deleted or irreversibly anonymised.
5. Cookies
5.1 Essential Cookies
We use strictly necessary cookies for:
- Session management and authentication
- Security (CSRF protection)
- Cookie consent preferences
These cookies cannot be disabled as they are required for the website to function.
5.2 Analytics Cookies
With your consent, we use analytics cookies to understand how visitors interact with our website. We do not use third-party advertising cookies.
You can manage cookie preferences at any time using the cookie settings on our website.
6. Who Do We Share Your Data With?
We share personal data only with the following categories of recipients:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Payment processors | Process subscription payments | Billing information |
| Cloud infrastructure providers | Host our services | All data (encrypted, processed per our instructions) |
| Email service providers | Send transactional and marketing emails | Email address, name |
| Analytics providers | Website usage analysis | Anonymised usage data |
| Legal and regulatory authorities | Comply with legal obligations | As required by law |
We do not sell your personal data. We do not share your API Input or Output with third parties.
6.1 Subprocessors
A current list of subprocessors who process personal data on our behalf is available upon request by emailing legal@hashteelab.com. We notify customers of subprocessor changes with at least 30 days notice.
7. International Data Transfers
Hashtee is based in India. If you are located outside India, your data will be transferred to and processed in India. We ensure appropriate safeguards for international transfers through:
- Standard Contractual Clauses (SCCs) for transfers from the EU/EEA/UK
- Compliance with applicable data protection laws in the destination country
- Encryption in transit and at rest
8. Data Security
We implement technical and organisational measures to protect your data, including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Access controls and role-based permissions
- Regular security assessments
- Incident response procedures
- Employee security training
No system is 100% secure. If we become aware of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of your personal data
- Rectification — correct inaccurate or incomplete data
- Deletion — request deletion of your personal data
- Restriction — restrict processing of your data in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — withdraw consent for marketing communications at any time
- Complaint — lodge a complaint with your local data protection authority
To exercise your rights, email legal@hashteelab.com or use the data controls in your Platform dashboard. We will respond within 30 days.
9.1 Indian Users — Digital Personal Data Protection Act, 2023
If you are located in India, you have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act), including:
- Right to access information about your personal data being processed
- Right to correction and erasure of your personal data
- Right to grievance redressal
- Right to nominate another person to exercise your rights
Our Grievance Officer can be reached at legal@hashteelab.com.
9.2 EU/EEA Users — GDPR
If you are located in the EU/EEA, we process your data under the legal bases described in Section 3. You have all rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local supervisory authority.
10. Children's Privacy
Our Services are not directed to individuals under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via:
- Email notification to registered users
- A prominent notice on our website
The "Effective date" at the bottom of this page indicates when the latest version took effect.
12. Contact
For privacy-related enquiries:
- Privacy email: legal@hashteelab.com
- General enquiries: info@hashteelab.com
- Address: Hashtee Lab LLP, 46 Bajaj Bhavan, 4th Floor, Nariman Point, Mumbai, Maharashtra 400021, India
Effective date: April 9, 2026