Privacy Policy
Last Updated: March 4, 2026
At Hedra, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered data analyst service. Please read this privacy policy carefully.
Information We Collect
1. Information You Provide
- •Account Information: Name, email address, and workspace details when you sign up
- •Database Credentials: Connection strings and credentials for data sources you connect (stored encrypted)
- •Query Data: Questions you ask and SQL queries generated
- •File Uploads: CSV files and other data you upload for analysis
2. Automatically Collected Information
- •Usage Information: Features used, query frequency, and interaction patterns
- •Device Information: Browser type, operating system, IP address
- •Audit Logs: Timestamps and user actions for security and compliance
3. Slack Integration Data
- •Workspace Information: Slack workspace ID, team name
- •User Information: Slack user IDs and display names
- •Messages: Messages sent to the Hedra bot (stored temporarily for processing)
How We Use Your Information
- ✓Service Delivery: Process your queries, generate SQL, create visualizations, and deliver insights
- ✓Security: Monitor for suspicious activity, prevent fraud, and maintain audit logs
- ✓Improvement: Analyze usage patterns to enhance our AI models and features
- ✓Communication: Send service updates, security alerts, and respond to support requests
- ✓Compliance: Meet legal obligations and enforce our terms of service
Data Security and Storage
🔐Encryption
All database credentials and sensitive data are encrypted at rest using AES-256 encryption. Data in transit is protected using TLS 1.3.
🏢Private Deployment
For enterprise customers, Hedra can be deployed in your own VPC or on-premise environment, ensuring your data never leaves your infrastructure.
📋Audit Logs
We maintain comprehensive audit logs of all data access and queries, providing full visibility into who accessed what data and when.
⏱️Data Retention
Query results and generated reports are retained for 90 days. Audit logs are kept for 2 years for compliance purposes. You can request deletion of your data at any time.
Third-Party Services
We use the following third-party services to provide and improve our service:
- OpenAI: For AI-powered natural language processing and query generation. Data sent to OpenAI is not used for training their models.
- Anthropic (Claude): Optional AI provider for query generation. Subject to Anthropic's privacy policy.
- Slack: For workspace integration and notifications. See Slack's privacy policy for details.
- Cloud Infrastructure: We use secure cloud hosting providers (Vercel, Render, Neon) with SOC 2 compliance.
- Analytics: We may use privacy-focused analytics tools to understand usage patterns (no personal data shared).
Data Sharing and Disclosure
We do not sell your data. We only share your information in these limited circumstances:
- •With Your Consent: When you explicitly authorize data sharing
- •Service Providers: With trusted partners who help us operate our service (under strict confidentiality agreements)
- •Legal Requirements: When required by law, court order, or to protect our rights
- •Business Transfers: In connection with a merger, acquisition, or sale (with notice to you)
Your Privacy Rights
Depending on your location, you may have the following rights:
🔍 Access
Request a copy of the personal data we hold about you
✏️ Correction
Request correction of inaccurate or incomplete data
🗑️ Deletion
Request deletion of your personal data
📥 Portability
Receive your data in a portable format
⛔ Objection
Object to certain processing of your data
🚫 Restriction
Request restriction of data processing
To exercise any of these rights, please contact us at privacy@hedra.tech
Cookies and Tracking
We use cookies and similar technologies to:
- •Keep you logged in (essential cookies)
- •Remember your preferences
- •Analyze how you use our service (only with consent)
You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.
International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:
- • Standard contractual clauses approved by regulatory authorities
- • Adequate data protection certifications
- • Your explicit consent where required
Children's Privacy
Hedra is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.
Changes to This Privacy Policy
We may update this privacy policy from time to time. We will notify you of any material changes by:
- • Posting the new policy on this page
- • Updating the "Last Updated" date
- • Sending you an email notification (for significant changes)
Your continued use of Hedra after changes become effective constitutes acceptance of the updated policy.
Contact Us
If you have questions or concerns about this privacy policy or our data practices, please contact us:
Additional Information for EU and California Residents
GDPR (EU Residents)
Legal Basis for Processing: We process your data based on:
- • Consent: When you agree to specific data processing
- • Contract: To provide the service you requested
- • Legitimate interests: To improve our service and prevent fraud
- • Legal obligations: To comply with applicable laws
You have the right to lodge a complaint with your local data protection authority.
CCPA (California Residents)
Your California Privacy Rights:
- • Right to know what personal information is collected
- • Right to know if personal information is sold or disclosed
- • Right to opt-out of the sale of personal information (we don't sell data)
- • Right to deletion of personal information
- • Right to non-discrimination for exercising your rights
To submit a CCPA request, email privacy@hedra.tech