Our commitment to privacy
About the steps we take to ensure your privacy and security
About the steps we take to ensure your privacy and security
Version Effective Date: November 15, 2022
As an open-source data company, at HASH we understand the value that’s contained within your personal and business information. That’s why we take every possible measure to secure and encrypt your information, and are mindful whenever we collect it. On this page you’ll find a transparent overview of who we are, what data we collect, and why.
HASH is a company that provides:
You can find out more about these on our Platform Overview page (hash.ai/platform).
We collect data for a number of reasons.
We comply globally with the strictest standards of data protection, going above and beyond measures set out in specific local and national regulations such as the California Consumer Privacy Act (CCPA), and EU’s General Data Protection Regulations (GDPR).
Users may submit information on the HASH platform via form fields, checkboxes, radio buttons or other interactive inputs, or through integrations with third party providers (for example when using Google, GitHub, Twitter, or LinkedIn to log in to a HASH account, where accounts from these providers may have been associated).
Certain user-submitted Public Information such as name and profile photo will be visible by anybody with an internet connection who visits your HASH profile page. This information can be edited or removed at any time by logging in.
Users may also store Private Information within HASH for processing. This includes contact details which users have not elected to make public, as well as HASH project files, which are private by default. To access a private file, you must either be its creator, or have been invited by an existing user with sharing permissions. As a file creator, you can choose to share your work with individual users and organizations, or alternatively make it publicly accessible to anybody with a link.
We store and process data both internally and on cloud servers provided by a number of external providers.
Provider | What is stored | Regions stored in |
AMAZON | User-uploaded models, algorithms, and datasets | UK, US, EU, + 3 others (based on user preferences) |
User-uploaded models, algorithms, and datasets | UK, US, EU (based on user preferences) | |
MICROSOFT | User-uploaded models, algorithms, and datasets | UK, US, EU (based on user preferences) |
The cost of storing and processing data may differ by region, but your Private Information will always be stored in an encrypted form.
For most ordinary users we believe that standard encryption is sufficient, however especially politically or commercially sensitive clients may wish to take advantage of the greater level of protection afforded by E2E encryption. Contact us to enquire about switching your storage region or enabling E2E encryption for your account.
You can modify or delete your data at any time by logging into your account and overwriting field data, or by using the ‘delete’ buttons found adjacent to many files or elements in HASH. You can also remove all search history and personalised suggestions by clearing your account history.
You can also delete your account completely at any time by contacting us and requesting account deletion. Please note: once an account is deleted, it may be impossible to recover. If your account is part of a HASH organisation, you may need to wait for administrator approval before any data linked to that organisation which may also be associated with your account is deleted.
If somebody else has uploaded information about you which may pose a risk to your health or safety, you can apply to have this removed under our Sensitive Data Removal Policy. Our Sensitive Data Removal Policy also outlines how you can get in touch in cases where there is no immediate risk to health and safety, but where personally-identifiable information may have still been posted about you, without your consent.
Not only do we avoid sharing user Private Information with third-parties, we put in place careful measures to limit our own access to it. We do however still utilize a number of third-party software products and data processors when analyzing platform data, and for the purposes of communicating with users. For the sake of transparency, these are outlined below.
Data processor | What we use them for |
Platform analytics and reporting | |
Sentry | Error tracking within the platform |
Stripe | Processing user payments |
Twilio | SMS, WhatsApp and other instant messenger communication with some users |
MailChimp | Email communication with some users |
Amazon | Email and SMS communication with some users |
Zendesk | Providing customer support to users via live chat and our helpdesk |
Mapbox | Visually representing certain geospatial user data |
Gravatar | Displaying user profile pictures in relation to hashed emails |
Segment | Aggregating, cleaning and managing user data to ensure permissioned access |
Clearbit | Enhancing and cross-referencing user data to ensure it is accurate and up-to-date |
Cloudflare | Securely delivering information via their Content Delivery Network |
AirTable | Customer relationship management, job applicant tracking, and other communication logs |
Before using any third-party provider, we consider the nature of the information being processed on their platform, and the strength of the security policies and practices they have in place. The history of the company, the competency of its team, and the criticality of the user data we ask them to process all weigh on our decision whether or not to use a given third-party provider. No decision is taken lightly, and we regularly review the data processors we work with to protect our userbase’s interests. We welcome feedback from the community on what standards we should expect of our partners, as well as any concerns or feedback that might relate to existing ones.
The providers that host HASH and process our user’s sensitive data maintain a multitude of certifications, including (where relevant) ISO 27001, ISO 27017, ISO 27018 and PCI DSS certifications. They are also subject to regular SOC reporting. If you are interested in finding out more about certification and compliance within our supply chain please contact us.