Our commitment to privacy

About the steps we take to ensure your privacy and security

Welcome

As an open-source data company, at HASH we understand the value that’s contained within your personal and business information. That’s why we take every possible measure to secure and encrypt your information, and are mindful whenever we collect it. On this page you’ll find a transparent overview of who we are, what data we collect, and why. “HASH” refers to:

  1. HASH, INC is a corporation registered in the United States (Delaware) whose offices are located in New York City at 33 Irving Place, Manhattan, 10003;
  2. HASH, LTD is a company in the United Kingdom, registered in England and Wales (company number 10364181), whose office is located at Aldwych House, 71-91 Aldwych, Holborn, London, WC2B 4HN.

In addition to developing our open-source platform, HASH is a company that also provides:

  • a hosted version of HASH Core on this website;
  • HASH Index: a data, models, algorithms and transformations marketplace;
  • HASH Cloud: a tool for running large, complex HASH simulations atop distributed compute resources with zero configuration;
  • further products and tools, services and training, and account management functionality.

Why does HASH store user data?

We collect data for a number of reasons.

  1. Functionality: first and foremost, we can’t provide users with a service if we’re unable to authenticate their identity. Information like usernames, email addresses and passwords enable us to do this. It’s also not much good being able to log in if your personal files and folders aren’t available, so we store user-uploaded information including datasets, models and algorithms on users’ behalves.
  2. Account servicing: we collect usage metrics about how our platform is used so we can improve our product, onboard users effectively, and provide individuals with a personalised experience. With user consent, we may also use contact information to make users aware of news and updates relating to HASH.
  3. Support and security: we save certain key account information such as the date a user last logged in, and the IP address used to change a password or reset an API key. We do this in order to protect, secure, and effectively service user accounts.

We comply globally with the strictest standards of data protection, going above and beyond measures set out in the EU’s General Data Protection Regulations (GDPR). We apply these high standards to all of our users worldwide, not just those within Europe.

What data is collected?

Users may submit information on the HASH platform via form fields, checkboxes, radio buttons or other interactive inputs, or through integrations with third party providers (for example when using Google or LinkedIn to log in to a HASH account, where accounts from these providers may have been associated).

Certain user-submitted Public Information such as name and profile photo will be visible by anybody with an internet connection who visits your HASH profile page. This information can be edited or removed at any time by logging in.

Users may also store Private Information within HASH for processing. This includes contact details which users have not elected to make public, as well as HASH working files, which are private by default. To access a private file, you must either be its creator, or have been invited by an existing user with sharing permissions. As a file creator, you can choose to share your work with individual users and organisations, or alternatively make it publicly accessible to anybody with a link.

How is my data stored?

We store and process data both internally and on cloud servers provided by a number of external providers.

ProviderWhat is storedRegions stored in
BACKBLAZEUser-uploaded images, audio, and videoUS
GOOGLEUser-uploaded models, algorithms, and datasetsUK, US, EU (based on user preferences)
MICROSOFTUser-uploaded models, algorithms, and datasetsUK, US, EU (based on user preferences)
AMAZONUser-uploaded models, algorithms, and datasetsUK, US, EU, + 3 others (based on user preferences)

The cost of storing and processing data may differ by region, but your Private Information will always be stored in an encrypted format at all times.

  1. Standard encryption: enabled by default, your data is stored and transmitted in an encrypted format. If you ever need to reset your password, you can use the ‘forgotten password’ function to recover your account. This option has the fastest performance.
  2. Mylar encryption: If you are at high risk of attack, you may consider enabling Mylar encryption. With this enhanced level of security, your data is wholly end-to-end encrypted on our platform, including whilst operations are being performed on it, and we can’t recover access to your account if you lose your password. Operations may take longer and be more computationally expensive.

For most ordinary users we believe that standard encryption is sufficient, however politically sensitive or incredibly commercially sensitive clients may wish to take advantage of the greater level of protection afforded by Mylar.

How can I delete my data?

You can modify or delete your data at any time by logging into your account and overwriting field data, or by using the ‘delete’ buttons found adjacent to many files or elements in HASH. You can also remove all search history and personalised suggestions by clearing your account history.

You can also delete your account completely at any time by visiting the user preferences panel of your account. Please note: once an account is deleted, it may be impossible to recover. If your account is part of a HASH organisation, you may need to wait for administrator approval before any data linked to that organisation which may also be associated with your account is deleted.

What third-party service providers does HASH rely on?

Not only do we not share user Private Information with third-parties, we cannot access it ourselves. That being said, we utilise a number of third-party software products and data processors when analysing platform data, and for the purposes of communicating with users. For the sake of transparency, these are outlined below.

Data processorWhat we use them for
GooglePlatform analytics and reporting
MixpanelPlatform analytics and reporting
SentryError tracking within the platform
StripeProcessing user payments
MailChimpEmail communication with some users
AmazonEmail and SMS communication with some users
TwilioSMS, WhatsApp and other instant messenger communication with some users
MapboxVisually representing certain geospatial user data
ZendeskProviding customer support to users via live chat and our helpdesk
SegmentAggregating, cleaning and managing user data to ensure permissioned access
ClearbitEnhancing and cross-referencing user data to ensure it is accurate and up-to-date
CloudflareSecurely delivering information via their Content Delivery Network
GravatarDisplaying user profile pictures in relation to hashed emails

Before using any third-party provider, we consider the nature of the information being processed on their platform, and the strength of the security policies and practices they have in place. The history of the company, the competency of its team, and the criticality of the user data we ask them to process all weigh on our decision whether or not to use a given third-party provider. No decision is taken lightly, and we regularly review the data processors we work with to protect our userbase’s interests. We welcome feedback from the community on what standards we should expect of our partners, as well as any concerns or feedback that might relate to existing ones.

The providers that host HASH and process our user’s sensitive data maintain a multitude of certifications, including (where relevant) ISO 27001, ISO 27017, ISO 27018 and PCI DSS certifications. They are also subject to regular SOC reporting. If you are interested in finding out more about certification and compliance within our supply chain please contact us.

Was this page useful?

Quick Jump
Welcome
Why do we need data?
What do we store?
Storing your data
Deleting your data
Data processors