Privacy Policy
How Hania collects, uses, and protects information, written in plain English so you actually know what you're agreeing to.
TL;DR
We collect only what we need to run Hania for you. We never sell your data. We never train foundation models on your conversations or knowledge. You can export everything, delete everything, and pin where it lives. The full version is below, but that's the gist.
What we collect
We collect three categories of information:
- Account information. Name, email, company, role, billing details, and authentication metadata (such as last sign-in time and IP, for security).
- Product data. The content of conversations your bots have, your knowledge base, your tools, your team members, and how you've configured everything. This is your data, and we process it on your behalf.
- Usage and telemetry. Things like which dashboard pages you visited, which buttons you clicked, error logs, and performance metrics, all of it used to keep the service fast and reliable.
How we use it
- To deliver the service you signed up for: running bots, answering API calls, and processing voice and chat.
- To bill you accurately and prevent fraud.
- To send transactional and product-update emails. You can unsubscribe from product updates at any time; transactional emails (receipts, security alerts) are required for the service to function.
- To detect abuse and protect the integrity of the platform, for example by blocking accounts that violate our Acceptable Use Policy.
- To improve Hania itself, by measuring features, latency, and reliability. This always happens on aggregated, pseudonymous data, never on the raw content of your conversations.
Who we share with
We share data with three categories of third parties, and only for the reasons listed:
- Subprocessors. See our live subprocessor list. These include infrastructure (Cloudflare), AI model and voice providers (such as OpenAI, Anthropic, and Deepgram), payments (Stripe, PayPal), email and telephony (BlacklistGuard, LeanPBX), analytics and tag management (Google Analytics, Google Tag Manager), and advertising (Google Ads, Meta) used with your consent to measure our marketing. All are bound by data processing terms.
- Auditors and legal advisors. Under NDA, and only when required for compliance or legal process.
- Acquirers. If Hania is acquired or merged, your data may transfer to the new entity, who will be bound by this policy. You'll be notified before any transfer.
We do not sell your personal information, and we don't share it with data brokers. With your consent, we use advertising cookies that share limited data with advertising platforms to measure our own marketing campaigns, and you can decline these at any time.
No AI training on your data
This is important enough to make its own section: we don't use the content of your conversations, knowledge base, or tool calls to train AI models, and we don't sell your data.
We send your content to the AI providers we route to (such as OpenAI and Anthropic) only to generate a response in the moment. Their handling of that data is governed by their own terms; see our subprocessor list for who they are.
How long we keep things
- Conversations and knowledge are retained until you delete them. Deleting a conversation, a bot, or your account removes the associated data.
- Sensitive personal data (such as card numbers and government IDs) is redacted in real time and not stored.
- Account information is kept for the life of your account, plus a short grace period after closure.
- Billing records are retained as required for tax and legal compliance.
Your rights
Wherever you live, you have the right to:
- Access. Request a copy of everything we have about you.
- Correct. Update inaccurate information.
- Delete. Close your account and have personal data removed (subject to legal retention requirements).
- Export. Request a copy of your conversations, knowledge, and configuration.
- Object. Opt out of non-essential processing (analytics, advertising, product emails).
- Lodge a complaint with your local data protection authority.
To exercise any of these, email [email protected]. We respond within 30 days; most requests are completed within a few business days.
Children
Hania is a B2B platform. We don't direct services at children, and you may not use Hania to build agents directed at children under 13 (or under 16 in the EU). If we learn we've collected information from a child, we'll delete it.
International transfers
Hania and its subprocessors may process your data in the United States and other countries. See our Subprocessors page for the third parties involved and where they operate.
Security
The short version: encryption in transit (TLS) and at rest, two-factor authentication, automatic PII redaction, and strict per-workspace isolation. For more, see our security page.
Changes to this policy
If we make a material change to this policy, we'll email every account owner at least 30 days before it takes effect. Minor changes (typos, clarifications) are published immediately; we keep a full revision history of every change.
Contact
Privacy questions: [email protected].
Security questions: [email protected].
Postal mail: Hania · Lahore, Pakistan.