1. Who we are, and the two hats we wear
Hired Hands (“we”, “us”) operates the platform at this site. For your account, organization, and billing data, we act as the data controller. For content that flows through your agents — your uploaded knowledge and your own customers’ chat messages — we act as a data processor on your behalf: you decide what your agents know and where they run.
2. What we collect
Account & organization data
- Email address and authentication data (managed by Supabase Auth).
- Organization name, website, industry, timezone, and team membership.
- Plan, subscription status, and billing identifiers (we never see or store card numbers — payment details go directly to Stripe).
Agent knowledge you provide
- Everything you enter in the agent wizard: policies, FAQs, price lists, brand voice, playbooks.
- Text we scan from your public website at your request.
- This content is chunked and embedded so your agents can search it, and it is isolated to your organization.
Conversations & agent activity
- Messages sent to your agents in the dashboard and through the embeddable widget, including messages from your end users, plus the agents’ replies (kept as transcripts you can review).
- Agent outputs awaiting your review: escalations, post drafts, captured leads, digests.
- Usage metering: token counts, timestamps, and the model used per call — this powers your usage dashboard and our fair-use limits.
Connection credentials
- When you connect tools (Slack, Discord, Telegram, GitHub, Notion, Resend, custom webhooks), we store the tokens or webhook URLs you provide so your agents can notify those tools.
- These secrets are stored in a service-role-only database table that client sessions cannot read, and are never returned by our APIs after you save them.
3. What we use it for
- Running your agents: generating replies grounded in your knowledge, executing workflows, delivering notifications to your connected tools.
- Operating the service: authentication, billing, usage enforcement, abuse prevention (rate limits), and support.
- Improving your own agents: transcripts and review-queue decisions exist so you can audit and improve your setup.
We do not sell personal data, and we do not use your content to train models — ours or anyone else’s.
4. Where your data goes (subprocessors)
| Provider | Purpose | Notes |
|---|---|---|
| Supabase (AWS, us-east-1) | Database, authentication, vector search | Encrypted at rest and in transit; tenant isolation via row-level security |
| Vercel | Application hosting | Serves the app and API |
| OpenAI | Language model responses and embeddings | API data is not used to train OpenAI models per their API terms |
| Stripe | Payments and subscriptions | Card data is handled solely by Stripe |
| Your connected tools | Notifications you configure | Only when you connect them; only agent-event summaries are sent |
5. The embeddable widget and your end users
If you install the Hired Hands chat widget on your site, your visitors’ messages are processed to generate replies and stored as transcripts in your organization’s account, keyed by a random per-visitor session identifier held in their browser’s session storage. We don’t set advertising trackers through the widget. You are responsible for disclosing the assistant to your users and covering it in your own privacy policy where required.
6. Cookies
We use cookies only to keep you signed in (Supabase authentication session). No advertising or cross-site tracking cookies.
7. Retention & deletion
- Account, knowledge, transcripts, and outputs are retained while your subscription is active.
- Deleting an agent deletes its knowledge chunks; deleting your organization deletes its data (agents, transcripts, outputs, connections) via cascading deletion.
- To delete your account entirely, email us — we complete deletion within 30 days, except records we must keep for tax or legal compliance (e.g., invoices in Stripe).
8. Your rights
Depending on where you live (GDPR, UK GDPR, CCPA/CPRA and similar), you may have rights to access, correct, export, delete, or restrict processing of your personal data. Email privacy@hiredhands.devand we’ll respond within 30 days. If your data reached us through a business using Hired Hands (for example, you chatted with a company’s widget), we’ll route your request to that business, who controls it.
9. Security
Tenant isolation via row-level security, service-role-only secret storage, TLS in transit, encryption at rest, per-plan usage limits, and abuse rate-limiting. Details on our Security page.
10. Children
Hired Hands is a business tool and not directed at children under 16. We don’t knowingly collect their data.
11. Changes
We’ll post updates here and, for material changes, notify account owners by email at least 14 days before they take effect.