Hired Hands legal

Privacy Policy

Effective July 3, 2026

Hired Hands provides managed AI employees for businesses. This policy explains what we collect, why, where it goes, and the controls you have. We wrote it to match how the product actually works — no boilerplate that doesn't apply.

1. Who we are, and the two hats we wear

Hired Hands (“we”, “us”) operates the platform at this site. For your account, organization, and billing data, we act as the data controller. For content that flows through your agents — your uploaded knowledge and your own customers’ chat messages — we act as a data processor on your behalf: you decide what your agents know and where they run.

2. What we collect

Account & organization data

  • Email address and authentication data (managed by Supabase Auth).
  • Organization name, website, industry, timezone, and team membership.
  • Plan, subscription status, and billing identifiers (we never see or store card numbers — payment details go directly to Stripe).

Agent knowledge you provide

  • Everything you enter in the agent wizard: policies, FAQs, price lists, brand voice, playbooks.
  • Text we scan from your public website at your request.
  • This content is chunked and embedded so your agents can search it, and it is isolated to your organization.

Conversations & agent activity

  • Messages sent to your agents in the dashboard and through the embeddable widget, including messages from your end users, plus the agents’ replies (kept as transcripts you can review).
  • Agent outputs awaiting your review: escalations, post drafts, captured leads, digests.
  • Usage metering: token counts, timestamps, and the model used per call — this powers your usage dashboard and our fair-use limits.

Connection credentials

  • When you connect tools (Slack, Discord, Telegram, GitHub, Notion, Resend, custom webhooks), we store the tokens or webhook URLs you provide so your agents can notify those tools.
  • These secrets are stored in a service-role-only database table that client sessions cannot read, and are never returned by our APIs after you save them.

3. What we use it for

  • Running your agents: generating replies grounded in your knowledge, executing workflows, delivering notifications to your connected tools.
  • Operating the service: authentication, billing, usage enforcement, abuse prevention (rate limits), and support.
  • Improving your own agents: transcripts and review-queue decisions exist so you can audit and improve your setup.

We do not sell personal data, and we do not use your content to train models — ours or anyone else’s.

4. Where your data goes (subprocessors)

ProviderPurposeNotes
Supabase (AWS, us-east-1)Database, authentication, vector searchEncrypted at rest and in transit; tenant isolation via row-level security
VercelApplication hostingServes the app and API
OpenAILanguage model responses and embeddingsAPI data is not used to train OpenAI models per their API terms
StripePayments and subscriptionsCard data is handled solely by Stripe
Your connected toolsNotifications you configureOnly when you connect them; only agent-event summaries are sent

5. The embeddable widget and your end users

If you install the Hired Hands chat widget on your site, your visitors’ messages are processed to generate replies and stored as transcripts in your organization’s account, keyed by a random per-visitor session identifier held in their browser’s session storage. We don’t set advertising trackers through the widget. You are responsible for disclosing the assistant to your users and covering it in your own privacy policy where required.

6. Cookies

We use cookies only to keep you signed in (Supabase authentication session). No advertising or cross-site tracking cookies.

7. Retention & deletion

  • Account, knowledge, transcripts, and outputs are retained while your subscription is active.
  • Deleting an agent deletes its knowledge chunks; deleting your organization deletes its data (agents, transcripts, outputs, connections) via cascading deletion.
  • To delete your account entirely, email us — we complete deletion within 30 days, except records we must keep for tax or legal compliance (e.g., invoices in Stripe).

8. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA/CPRA and similar), you may have rights to access, correct, export, delete, or restrict processing of your personal data. Email privacy@hiredhands.devand we’ll respond within 30 days. If your data reached us through a business using Hired Hands (for example, you chatted with a company’s widget), we’ll route your request to that business, who controls it.

9. Security

Tenant isolation via row-level security, service-role-only secret storage, TLS in transit, encryption at rest, per-plan usage limits, and abuse rate-limiting. Details on our Security page.

10. Children

Hired Hands is a business tool and not directed at children under 16. We don’t knowingly collect their data.

11. Changes

We’ll post updates here and, for material changes, notify account owners by email at least 14 days before they take effect.