Legal

Privacy Policy

How Hania collects, uses, and protects information — written in plain English so you actually know what you're agreeing to.

Last updated: May 1, 2026 · View revision history

TL;DR

We collect only what we need to run Hania for you. We never sell your data. We never train foundation models on your conversations or knowledge. You can export everything, delete everything, and pin where it lives. The full version is below — but that's the gist.

What we collect

We collect three categories of information:

  • Account information. Name, email, company, role, billing details, and authentication metadata (SSO provider, last sign-in IP, device fingerprint for security).
  • Product data. The content of conversations your bots have, your knowledge base, your tools, your team members, and how you've configured everything. This is your data — we process it on your behalf.
  • Usage and telemetry. Things like which dashboard pages you visited, which buttons you clicked, error logs, and performance metrics — used to keep the service fast and reliable.

How we use it

  • To deliver the service you signed up for — running bots, answering API calls, processing voice and chat.
  • To bill you accurately and prevent fraud.
  • To send transactional and product-update emails. You can unsubscribe from product updates at any time; transactional emails (receipts, security alerts) are required for the service to function.
  • To detect abuse and protect the integrity of the platform — for example, blocking accounts that violate our Acceptable Use Policy.
  • To improve Hania itself — measuring features, latency, and reliability. This always happens on aggregated, pseudonymous data — never on the raw content of your conversations.

Who we share with

We share data with three categories of third parties, and only for the reasons listed:

  • Subprocessors — see our live subprocessor list. These are infrastructure providers (AWS, Google Cloud), model providers (OpenAI, Anthropic, Cartesia, Deepgram), and operational tools (Stripe for billing, Drata for audit). All bound by data processing agreements at least as strict as this policy.
  • Auditors and legal advisors — under NDA, only when required for compliance or legal process.
  • Acquirers — if Hania is acquired or merged, your data may transfer to the new entity, who will be bound by this policy. You'll be notified before any transfer.

We do not sell your personal information. We do not share it with advertising networks, data brokers, or marketing partners.

No AI training on your data

This is important enough to make its own section: we never use the content of your conversations, knowledge base, or tool calls to train any AI model — ours or anyone else's. This is contractually binding under our DPA and our subprocessor agreements.

The model providers we route to (OpenAI, Anthropic, etc.) operate under zero-retention API agreements with us. They process your data to generate a response and then delete it. They do not log it, train on it, or retain it beyond the request lifetime.

How long we keep things

  • Conversations follow your workspace's retention setting — 7 days, 30 days, 90 days, 1 year, or forever. Default is 90 days.
  • Voice recordings are off by default. If enabled, they follow the same retention as conversations. We redact PII before storage.
  • Account information is kept for the life of your account, plus a 30-day grace period after closure.
  • Billing records are retained for 7 years for tax compliance.
  • Audit logs are retained for 1 year on Production plans (90 days on Growth).

Your rights

Wherever you live, you have the right to:

  • Access — request a copy of everything we have about you.
  • Correct — update inaccurate information.
  • Delete — close your account and have personal data removed (subject to legal retention requirements).
  • Export — download your conversations, knowledge, and configs in JSON or Parquet.
  • Object — opt out of non-essential processing (analytics, product emails).
  • Lodge a complaint with your local data protection authority. In the EU, that's your national supervisory authority; in the UK, the ICO.

To exercise any of these, email [email protected] or use the in-product Data Export tool. We respond within 30 days; most requests are completed within a few business days.

Children

Hania is a B2B platform. We don't direct services at children, and you may not use Hania to build agents directed at children under 13 (or under 16 in the EU). If we learn we've collected information from a child, we'll delete it.

International transfers

Each workspace is pinned to a region — US-East, US-West, EU-West, EU-Central, or AP-South — and your data stays there for its entire lifecycle, including processing, embeddings, voice synthesis, and backups. Where transfers do happen (for example, you're an EU workspace using a US-based support engineer with your permission), we rely on Standard Contractual Clauses approved by the European Commission.

Security

The short version: TLS 1.3 in transit, AES-256 at rest, SOC 2 Type II audited, annual penetration tests, customer-managed retention, and tamper-evident audit logs. For the long version, see our security page.

Changes to this policy

If we make a material change to this policy, we'll email every account owner at least 30 days before it takes effect. Minor changes (typos, clarifications) are published immediately; we keep a full revision history of every change.

Contact

Privacy questions: [email protected].
Security questions: [email protected].
Postal mail: Hania, Inc. · 33 Crosby Street, Floor 4 · New York, NY 10013, USA.
EU representative: Hania GmbH · Schönhauser Allee 36 · 10435 Berlin, Germany.