Privacy Statement
Thank you for entrusting HASH, Inc. or HASH, Ltd. (“HASH”, “we”, "us" or "our") with your projects and "Personal Data", which is information that is directly linked or can be linked to you. This Privacy Statement is where we describe how HASH (the "Data Controller") collects, handles and uses your Personal Data when you interact with our websites, applications, products and services, including any Beta Previews (collectively, the “Service(s)”).
All capitalized terms have their definition in the HASH General Terms of Service, unless otherwise noted here.
Overview
The short version
We use your personal information as this Privacy Statement describes. No matter where you are, where you live, or what your citizenship is, you have the same high standard of privacy protection when using HASH's services as all our users around the world, regardless of their country of origin or location.
Additional privacy notices are provided for residents of:
→
The United States: please see the HASH Notice about U.S. State Data Privacy or scroll down.→
The European Union, wider EEA and United Kingdom: please see the HASH Notice about European Data Privacy or scroll down.
In the event of any perceived conflict between the English-language version of this Privacy Statement and any other versions of it, this English version shall be considered the controlling version.
Summary
Section | What can you find there? |
---|---|
Data Controller | Who is responsible for controlling your data. In North America, HASH, Inc. is typically responsible for processing your Personal Data. In the rest of the world, HASH, Ltd. is responsible. If you have linked an Organization to your HASH account, or use third-party applications, other parties may act as a controller of your data instead. |
Data Collection | What data we collect. We collect information directly from you when you register, pay, transact and use our Services. We also collect certain information automatically from you based on your usage of our service, subject, where necessary, to your consent. We may compute certain information based on data we already hold. And we may collect certain data from third-parties. We only collect the minimum amount of Personal Data necessary to provide innovative services and personalized experiences, unless you choose to provide more. |
Data Usage | How we use your data. We describe the ways in which we use your information, including to provide you the Service, to communicate with you, for security and compliance purposes, and to improve our Website or Service or develop new features and functionality of our Website or Service. We also describe the legal basis upon which we process your information. |
Data Protection | How we protect your data. We take various steps to ensure the confidentiality, integrity, privacy, security and availability of your data. We also provide you with the ability to view, update and delete the information we hold in relation to you. |
Data Sharing | Our approach to limiting data sharing. We may share your information with third parties under one of the following circumstances: with your consent, with our service providers, for security purposes, to comply with our legal obligations, or when there is a change of control or sale of corporate entities or business units. We do not sell your personal information and we do not display paid advertising on HASH. |
Your Rights | The rights you have and how to enforce them. We provide easy ways for you to access, alter, or delete your personal information. We also allow you to export your data and set communication and cookie preferences. We provide information about the cookies we use. |
Compliance Information | How we handle international and region-specific obligations. We outline our approach to cross-border data transfers, certification under the Data Privacy Framework, and provides specific notices to US residents, and EU/EEA citizens and residents. |
Change Process | How we handle changes to this Privacy Statement. Our approach to updating this document, and how we go about notifying you. |
Contact Us | Get in touch with us for any reason. We provide information about how to contact us with questions, comments or complaints. |
HASH Privacy Statement
Data Controller
The Data Controller of your Personal Data is HASH, Inc. For individuals outside North America, the Data Controller is HASH, Ltd.
When a school, employer, or other organization supplies your HASH account or grants access to a "web" on HASH, they assume the role of Data Controller for any linked Personal Data used in our Services. This enables them to:
→
Manage and administer aspects of your HASH account, potentially including adjusting certain privacy settings.→
Access and utilize certain of your Personal Data, which includes details on how you use the Services, as well as specific content and files.→
Should you access a HASH Service through an account provided by an organization, such as your employer or school, the organization becomes the Data Controller, and this Privacy Statement's direct applicability to you changes. Even so, HASH remains dedicated to preserving your privacy rights. In such circumstances, HASH functions as a Data Processor, adhering to the Data Controller's instructions regarding your Personal Data's processing. A Data Protection Agreement governs the relationship between HASH and the Data Controller. For further details regarding their privacy practices, please refer to the privacy policy of the organization providing your account.
In cases where your organization grants access to HASH products, HASH acts as the Data Controller solely for specific processing activities. These activities are clearly defined in a contractual agreement with your organization, known as a Data Protection Agreement. You can review our standard Data Protection Agreement at any time. For those limited purposes, this Statement governs the handling of your Personal Data. For all other aspects of HASH product usage, your organization's policies apply.
When you use third-party extensions or integrations, whether promoted by HASH or not, or follow references and links within our Services, the privacy policies of these third parties apply to any Personal Data you provide or consent to share with them. Their privacy policies will govern how this data is processed, and not our Privacy Statement.
Data Collection
The Personal Data we collect depends on how you interact with us, the services you use, and the choices you make. We collect information about you from different sources and in various ways when you use our Service, including information you provide directly, information collected automatically, information inferred from other data obtained, and information gathered from third-party data sources.
Our services are not intended for individuals under the age of 13, and we do not intentionally gather Personal Data from such individuals. If you become aware that a minor has provided us with Personal Data, please notify us.
From You
We collect Personal Data you provide to us. For example:
→
Registration information: We collect information such as your name and contact data, including username and email address, as well as authentication data during account creation.→
Demographic information: In some cases, we request that you provide age, gender, and similar demographic details.→
Payment and billing information: If you make a purchase or other financial transaction, we collect credit card numbers, financial account information, and other payment details.→
Content and files: We collect any code, text, photographs, documents, or other files, including videos or recordings, you upload to or create using our Service; and if you send us email messages or other communications, we collect and retain those communications. For example, you may choose to give us more information for your Account profile, such as your full name, an avatar which may include a photograph, your biography, your location, your company, and a URL to a third-party website. Please note that your profile information may be visible to other Users of our Service.→
Feedback and ratings: We collect any feedback or ratings you provide, including through written communications and via surveys.
Automatically & Inferred
When you visit or use our Service, we collect some information automatically. We also infer new information from other data we collect, including by using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address. Other automatically generated, collected or inferred data may include:
→
Transaction information, Subscription and licensing data: If you have a paid Account or subscription with us, or make a purchase or sale using our Service, we automatically collect certain information about your transactions on the Service, such as your full name, address, region, state, country, postal or ZIP Code, the date, time, and amount charged.→
Usage information and Interactions: If you're accessing or using our Service, we may automatically collect information about how you use and how your device interacts with the Service, such as the pages you view, links clicked, the referring site, your IP address and information about your device, session information, the date and time of each request, device type and ID, operating system and application version, information contained in or relating to your contributions to individual workspaces, listings and projects, and telemetry data (i.e., information about how a specific feature or service is performing) regarding your use of other features and functionality of the Service. As further described below, we automatically collect usage information and interaction data using cookies (which may use a cookie ID), depending on your settings or preferences, in connection with our Service.→
Geolocation information: In connection with certain features and depending on the functionality of the Service, we collect geolocation information such as through IP addresses or the location information you choose to provide in your Account profile.→
Buttons, Tools, and Content from Other Companies: Our Services may contain links or buttons that lead to third-party services like X (Twitter) or LinkedIn. Use of these features may result in data collection. Engaging with these buttons, tools, or content may automatically send certain browser information to these companies. Please review the privacy policies of these companies for more information.→
Essential Cookies and Similar Tracking Technologies: We use cookies and similar technologies to provide essential functionality like storing settings and recognizing you while using our Services.→
Non-essential Cookies: Depending on your jurisdiction, we may use online analytics products that use cookies to help us analyze how de-identified users use our Services and to enhance your experience when you use the Services. We may also employ third-party Cookies to gather data for interest-based advertising. In some jurisdictions, we only use non-essential cookies after obtaining your consent.→
Email Marketing Interactions: Our emails may have web beacons that offer information on your device type, email client, email reception, opens, and link clicks.→
Geolocation Information: Depending on the Service's functionality, we may collect regional geolocation data.
From Third-Parties
→
Other Users of the Services: Other users may share information about you when they submit information or upload content. We may also receive information about you if you are identified as a representative or administrator on your company's account.→
Other companies with whom you choose to engage: HASH may collect Personal Data about you from third parties. For example, this may happen if you sign up for training or to receive information about HASH from one of our vendors, partners, or affiliates.→
Service Providers: We may also receive information from processors or service providers who process the data on our behalf, such as our payment processor who process payment and billing information in connection with our Service.→
Co-branding/marketing partners: We may receive information from partners with which we offer co-branded services or engage in joint marketing activities.→
Publicly available sources: We may also obtain information from publicly available sources such as published blocks, graphs, types or entities.→
Commercially available databases: Where a specific need exists we may obtain information from commercially available databases or data providers, such as review platforms.
When you are asked to provide Personal Data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.
Data Usage
Lawful Bases For Processing
This section is applicable to EEA and UK end-users.HASH processes Personal Data in compliance with the GDPR, ensuring a lawful basis for each processing activity. The basis varies depending on the data type and the context, including how you access the services. Our processing activities typically fall under these lawful bases:
→
Contractual Necessity: Processing is required to fulfill our contractual duties to you, in accordance with the HASH Terms of Service.→
Legal Obligation: We process data when it's necessary to comply with applicable laws or to protect the rights, safety, and property of HASH, our affiliates, users, or third parties.→
Legitimate Interests: We process data for purposes that are in our legitimate interests, such as securing our Services, communicating with you, and improving our Services. This is done only when these interests are not overridden by your data protection rights or your fundamental rights and freedoms.→
Consent: We process data when you have explicitly consented to such processing. When we rely on consent as the legal basis, you have the right to withdraw your consent for data processing at any time. The procedures for withdrawal are detailed in this Statement and available on our website.
Processing Purposes
We may use your information to provide, administer, analyze, manage, and operate our Service. For example, we use your information for the following purposes, to:
→
Provide products and deliver our services including troubleshooting, improving, and personalizing the features on the Service.→
Conduct business operations such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.→
Generate new information from other data we collect to derive likely preferences or other characteristics. For instance, we infer your general geographic location based on your IP address.→
Improve and develop our products and services including to develop new services or features, and conduct research. This includes enhancing delivery, efficacy, quality, and security of Professional Services and the underlying product(s) based on issues identified while providing Professional Services, including fixing software defects, and otherwise keeping the Professional Services up to date and performant.→
Personalize our Service by understanding you and your preferences to enhance your experience and enjoyment using our Service.→
Ensure the safety, integrity and security of our Services, by processing Personal Data using both automated and, at times, manual techniques for abuse detection, prevention, and violations of terms of service.→
Provide customer support and respond to your questions, as well as troubleshoot technical or other issues.→
Deliver professional services, using Personal Data to deliver training, consulting or implementation (“Professional Services”). This includes providing technical support, professional planning, advice, guidance, data migration, deployment, and solution/software development services.→
Deliver promotional communications with you about new services, features, offers, promotions, and other information about our Service.→
Personalize and measure the effectiveness of enterprise business ads, including those you see off of the Services, promotional communications or marketing you receive related to the Enterprise Marketing Pages.→
Send you information, including confirmations, invoices, technical notices, updates, security alerts, support and administrative messages.→
Comply with or resolve legal obligations, including responding to Data Subject Requests for Personal Data processed by HASH as Controller (for example website data), tax requirements, agreements and disputes.
We combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.
When carrying out these activities, HASH practices data minimization and uses the minimum amount of Personal Information required.
Data Protection
Security Controls
HASH takes reasonable measures necessary to protect your Personal Data from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of your Personal Data. For example, we employ administrative, technical, and physical security controls where appropriate to protect your Personal Data.
To help us protect Personal Data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts. In addition, if your account contains private or unpublished information, you control the access to that Content. HASH personnel do not access private information except as outlined in the Content Privacy section.
Access Limitation
Users may request access to their own information held by HASH, as well as exercise their right to data correction and deletion, at any time, in line with this Privacy Statement.
Government entities may submit requests to access information held by HASH through our formal Legal Requests of User Data process.
A dedicated process outlined in our Sensitive Information Removal Policy exists for the removal of sensitive content whose publication on HASH poses a security risk to you or an organization you represent.
Outside of these processes, we strictly limit access to data as outlined in this Privacy Statement.
Content Privacy
If your HASH account supports private content (such as projects, entities, types, blocks or webs), you control the access to that information. HASH does not access private content without your consent except as provided in this Privacy Statement and:
→
for security purposes;→
to perform automated scanning or manual review for known vulnerabilities, active malware, or other content known to violate our Terms of Service→
to assist you with support matters in relation to private information in your account or an account you control;→
to maintain the integrity of the Services, or→
to comply with our legal obligations if we have reason to believe the contents are in violation of the law.
HASH personnel access to private information is continuously logged and regularly audited. In certain cases, depending on the kind of content uploaded and type of encryption used, HASH may be technically incapable of accessing your private content.
HASH will provide you with notice regarding private content access unless doing so is prohibited by law or if HASH acted in response to a security threat or other risk to security.
Limited Retention
We retain Personal Data for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other lawful business purposes (for example, ensuring platform security, exercising or defending ourselves against legal claims, or any other legitimate purpose). Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. For example, we may retain your Personal Data for longer periods, where necessary, subject to applicable law, for security purposes, or to comply with a court settlement or other equivalent mandated process.
In general, the following retention periods apply:
→
Financial/transaction data will be retained for 10 years in most regions, although in specific regions such as China financial/transaction data may be retained for up to 30 years in order to comply with local laws and regulations;→
Performance/marketing related data will be retained for up to 3 years from the date an individual (or their associated organization) last interacted with HASH;→
User data (including any associated Personal Data) will be retained for 5 years from the date of a user's last login, except in cases where a valid HASH subscription continues to be associated with the account, in which case data will be retained indefinitely.
If you delete your HASH account and later choose to create a new account, you may be required to use an email address that is not associated with the account you previously requested we delete. If you used a phone number to create your account, it similarly may be unavailable for use when creating another account, for the same reasons, and you will not be able to remove either the primary email address or phone number associated with a deleted account.
If we delete your Personal Data, we may both render certain Personal Data about you permanently unrecoverable and also deidentify certain Personal Data.
Data Sharing
As a principle, we avoid sharing data whenever a suitable alternative to doing so exists. However, we may share Personal Data with the following recipients for the purposes given:
→
Abuse and Fraud Prevention Entities: We may disclose Personal Data based on a good faith belief it is needed to prevent fraud, abuse, or attacks on our systems, networks, or Services, or to protect the rights, property, and safety of HASH, our users, or other members of the public, including enforcing our agreements, terms, and policies.→
Affiliates: Personal Data may be shared with HASH subsidiaries or affiliates in order to facilitate customer service, marketing and advertising, order fulfillment, billing, technical support, and legal and compliance obligations. Our affiliates may only use the Personal Data in a manner consistent with this Privacy Statement.→
HASH Organization Accounts: You may indicate, through your actions on HASH, that you are willing to share your Personal Data with Organizations, as defined in HASH's General Terms of Service, who also use the Services. If you collaborate on or become a member of an Organization, then its Account owners may receive your Personal Data, for example by having the ability to view your activity in the Organization’s access log. When you accept an invitation to an Organization, you will be notified of the types of information owners may be able to see. Please contact the Account owners for more information about how they might process your Personal Data in their Organization and the ways for you to access, update, alter, or delete your Personal Data stored in the Account. Should your user account be associated with an Organization on HASH, your use of the Services is protected by a data protection agreement and terms between that Organization and HASH.→
Competent Authorities: We may disclose Personal Data to authorized law enforcement, regulators, courts, or other public authorities in response to lawful requests or to protect our rights and safety. Please refer to our guidelines for Legal Requests of User Data for more information.→
Corporate Transaction Entities: We might disclose Personal Data within the limits of the law and in accordance with this Privacy Statement for strategic business transactions such as sales or a merger.→
Partners and Resellers: We cooperate with third-parties that offer sales, consulting, support, and technical services for our Services. We may share your data with these partners and resellers where allowed, and with your consent when required.→
Subprocessors and Service Providers: We may use vendors to provide services on our behalf, including hosting, marketing, advertising, social, analytics, support ticketing, payment processing, security, and other similar services. They are bound by contractual obligations to ensure the security, privacy, and confidentiality of your information. Our list of Subprocessors may be accessed on our website at any time. Our service providers may process data in your region, in the United States, or in any other country where they operate facilities, except where an agreement to geographically-restrict data processing is in place, as detailed on our Subprocessors page. Such processing by service providers and any related cross border data transfers will be in compliance with applicable law.→
Other Third-Party Applications: Upon your instruction, we may share Personal Data with third-party applications available on our Marketplace. You are responsible for the data you instruct us to share with these applications, and for your own use of these applications. Use of these third-party applications is not necessary for your use of HASH. Please note that some of the features on our Service include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide Personal Data to any of those third parties, or allow us to share Personal Data with them, that data is governed by their privacy policies.→
Other Users and the Public: Depending on your account settings, we may share Personal Data with other users of the Services and the public. You control what information is made public. To adjust your settings, visit your profile's user settings panel while logged in to HASH. Please be aware that any information you share in a collaborative context may become publicly accessible. Please note that if you would like to compile HASH data, you must comply with our General Terms of Service regarding information usage and privacy, and you may only use any public-facing information you gather for the purpose for which our user authorized it. For example, where a HASH user has made an email address public-facing for the purpose of identification and attribution, do not use that email address for the purposes of sending unsolicited emails to users or selling personal information, such as to recruiters, headhunters, and job boards, or for commercial advertising. User-published information may also not be harvested to assist in the compilation of datasets used for the purpose of training AI models. In all cases, we expect individuals accessing public HASH data to reasonably secure any information gathered from HASH, and to respond promptly to complaints, removal requests, and "do not contact" requests from HASH or HASH users.
Your Rights
Depending on your residence location, you may have specific legal rights regarding privacy and your Personal Data:
→
The right to access the data collected about you→
The right to request detailed information about the specific types of Personal Data we've collected over the past 12 months, including data disclosed for business purposes→
The right to rectify or update inaccurate or incomplete Personal Data under certain circumstances→
The right to erase or limit the processing of your Personal Data under specific conditions→
The right to object to the processing of your Personal Data, as allowed by applicable law→
The right to withdraw consent, where processing is based on your consent→
The right to receive your collected Personal Data in a structured, commonly used, and machine-readable format to facilitate its transfer to another company, where technically feasible
To exercise these rights, please send an email to [email protected] and follow the instructions provided. To verify your identity for security, we may request extra information before addressing your data-related request. Please contact our Data Protection Officer at [email protected] for any feedback or concerns. Depending on your region, you have the right to complain to your local Data Protection Authority. European users can find authority contacts on the European Data Protection Board website, and UK users on the Information Commissioner’s Office website.
We aim to promptly respond to requests in compliance with legal requirements. Please note that we may retain certain data as necessary for legal obligations or for establishing, exercising, or defending legal claims. We may also require additional information from you (for example, to locate your account or verify your identity) in order to process submitted requests.
Choices regarding our processing
We provide choices about the Personal Data we collect about you. The choices you make will not apply to any Personal Data associated with an Organization under your Account.
→
Data access and correction: If you're a HASH user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting Support. You can control the information we collect about you by limiting what information is in your profile, by keeping your information current, by changing your cookie preferences, or by contacting Support.→
User data deletion: We retain and use your information as described in this Privacy Statement, but barring legal requirements, we will delete your full profile within 30 days of your request. After an account has been deleted, certain data, such as forked entities or types, contributions to other Users' entities or types, and comments in others' workspaces, may remain. Where possible we will delete or de-identify your Personal Data, including your username, from the author field of entities, types, and comments by associating them with a ghost user. However, we may be unable to change or delete data certain aspects of an entity or type's history — as the graph is designed to maintain an immutable record — but we do enable you to control what information you put in that record.→
Non-user data deletion: If HASH processes Personal Data other than your profile information, such as information about you HASH receives from third parties, then you may, subject to applicable law, access, update, alter, delete, object to or restrict the processing of your Personal Data by contacting Support.→
User content visibility: You can adjust the settings on your Account regarding the display of your Personal Data in private or public graphs or Personal Data processed in connection with Community Features by modifying your profile settings.→
User content access: If you are unable to access certain Personal Data we have via the means described above, you can request access by contacting Support.→
Right to complain: In many jurisdictions you may have the right to lodge a complaint with a named supervisory authority if we you do not feel we have fulfilled our obligations under the law. Please see the geographic-specific sections of this Privacy Statement for more information on how to do so, and your rights.
Data portability
Data portability is one of our core tenets, which we refer to internally as our "non-negotiable principle". As a HASH User, we aim to ensure that you can always take your data with you. As such, you can download your data and the information we have about you at any time, and you can use HASH's open-source code and standards without relying on HASH's hosted services.
Communication preferences
We use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. For example, if you contact our Support team with a request, we respond to you via email. You have control over how your email address is used and shared with other Users on and through our Service. You may manage your communication preferences from your personal notification settings page.
Depending on these settings, HASH may occasionally send notification emails, for example, about changes to endpoints, blocks or types that you're using, new features, requests for feedback, important policy changes, or to offer customer support. We may also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There's an “unsubscribe” link located at the bottom of each of the marketing emails we send you.
Please note that you cannot opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can configure your notifications settings in your profile to opt out of other communications.
Cookie preferences
Background Information
We use cookies and similar technologies, such as web beacons, local storage, and mobile analytics, to operate, provide, secure and improve our Services, and to develop new features and functionality of our Service. Common technologies include:
→
Cookies are small text files stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.→
Web beacons or pixel tags are electronic images (also called “single-pixel” or “clear GIFs”) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device or session and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content.→
Mobile identifiers for analytics can be accessed and used by apps on mobile devices in much the same way that websites access and use cookies.
Across our websites and Servies, we use these kinds of technologies to remember your preferences, enable you to sign-in to HASH, identify your device for security and fraud purposes, including as needed to maintain the integrity of our Services, analyze how our Services perform, provide information and insight for future development of HASH, and fulfill other legitimate purposes. We provide more information about these on our Cookies on HASH page and describe the cookies we set, the needs we have for those cookies, and the expiration of such cookies.
For Enterprise Marketing Pages, we may also use non-essential cookies to gather information about enterprise users’ interests and online activities to personalize their experiences, including by making the ads, content, recommendations, and marketing seen or received more relevant and serve and measure the effectiveness of sales, targeted advertising, and other marketing efforts. If you disable the non-essential cookies on the Enterprise Marketing Pages, the ads, content, and marketing you see may be less relevant.
Our emails to users may contain a pixel tag, whichwe use to make our email communications more effective and to make sure we are not sending you unwanted email.
We may also use so-called “flash cookies” (also known as “Local Shared Objects” or “LSOs”) to collect and store information about your use of our Services.
Some of these cookies and technologies may be provided by third parties, including service providers and advertising partners. For example, analytics and advertising partners may use these technologies in our Services to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) related to your online activities over time and across Services for various purposes, including targeted advertising. HASH may place such non-essential cookies on pages where we market products and services to enterprise customers, for example, on hash.ai/resources
. We and/or our partners may also share the information we collect or infer with third parties for these purposes.
The length of time a cookie will stay on your browser or device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay until they expire (i.e. they are duration-based), or until they are deleted. The expiration time or retention period applicable to persistent cookies depends on the purpose of the cookie collection and tool used. You may also delete cookie data as described below.
Cookie Usage
The table below provides additional information about the different types of cookies that exist, and how we currently use them:
| Purpose | Description | | :--------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --- | | Essential | HASH uses certain essential, required cookies to perform strictly necessary website functions and to provide the services. For example, cookies are used to log you in, provide a shopping cart experience, ensure performance, route traffic between web servers, detect the size of your screen and position content, determine page load times, provide user experience guarantees, and for audience measurement. These cookies are necessary for our websites to work. | | Functional | Functional cookies are used to enhance per-visitor website performance, functionality and personalization (e.g. helping remember user settings such as preferred language options). They are not required in order to serve the website, but may help improve individual user experiences. | |
For a detailed list of the specific cookies we utilize, see the HASH Cookies page.
We currently do not use, but may in the future rely upon, additional types of cookies:
Purpose | Description |
---|---|
Analytics | HASH and third parties may use analytics cookies to understand how you use our websites so we can make them better. For example, cookies are used to gather information about the pages you visit and how many clicks you need to accomplish a task. We also use some analytics cookies to provide personalized advertising. |
Social Media | HASH and third parties may use social media cookies to show you ads and content based on your social media profiles and activity on HASH’s websites. This ensures that the ads and content you see on our websites and on social media will better reflect your interests. This also enables third parties to develop and improve their products, which they may use on websites that are not owned or operated by HASH. |
Advertising | HASH and third parties may use advertising cookies to show you new ads based on ads you've already seen. Cookies also track which ads you click or purchases you make after clicking an ad. This is done both for payment purposes and to show you ads that are more relevant to you. For example, cookies are used to detect when you click an ad and to show you ads based on your social media interests and website browsing history. |
This Privacy Statement and the HASH Cookies page will be updated accordingly upon any change.
Disabling Cookies
You have several options to disable non-essential cookies.
Any HASH page that serves non-essential cookies will have a link in the page’s footer to view or change your privacy settings (which include your cookie preferences). You can express your preferences at any time by clicking on that linking and updating your settings. Some users will also be able to manage non-essential cookies via a cookie consent banner, including the options to accept, manage, and reject all non-essential cookies.
Outside of our Services, you can attempt to control the cookies you encounter on the web using a variety of widely-available tools. For example:
→
If your browser sends a Do Not Track (DNT) signal, HASH will not set non-essential cookies and will not load third party resources which set non-essential cookies.→
Many browsers provide cookie controls which may limit the types of cookies you encounter online. Check out the documentation for your browser to learn more.→
If you enable a browser extension designed to block tracking, such as Privacy Badger, non-essential cookies set by a website or third parties may be disabled.→
If you enable a browser extension designed to block unwanted content, such as uBlock Origin, non-essential cookies will be disabled to the extent that content that sets non-essential cookies will be blocked.→
You may use the Global Privacy Control (GPC) to communicate your privacy preferences. To learn more, visit Global Privacy Control — Take Control Of Your Privacy→
Advertising controls. Our advertising partners may participate in associations that provide simple ways to opt out of ad targeting, which you can access at:
These choices are specific to the browser you are using. If you access our Services from other devices or browsers, take these actions from those systems to ensure your choices apply to the data collected when you use those systems.
Compliance Information
International Data Transfers
HASH may store and process your Personal Data in a variety of locations, including your local region, the United States, and other countries where HASH or its affiliates, subsidiaries, or subprocessors have operations.
In certain cases we may transfer Personal Data from the European Union, the United Kingdom, and Switzerland to countries that the European Commission has not yet recognized as having an adequate level of data protection. For example, their laws may not guarantee you the same rights, or there may not be a privacy supervisory authority there that is capable of addressing your complaints. When we engage in such transfers, we use a variety of legal mechanisms, including contracts, such as the standard contractual clauses published by the European Commission under Commission Implementing Decision 2021/914, to help protect your rights and enable these protections to travel with your data. To learn more about the European Commission’s decisions on the adequacy of the protection of Personal Data in the countries where HASH processes Personal Data, see this article on the European Commission website.
Data Privacy Framework (DPF)
HASH complies with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF") as set forth by the U.S. Department of Commerce.
HASH has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles ("EU-U.S. DPF Principles") with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF, and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.
HASH has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles ("Swiss-U.S. DPF Principles") with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit dataprivacyframework.gov
HASH has the responsibility for the processing of Personal Data it receives under the Data Privacy Framework (DPF) Principles and subsequently transfers to a third party acting as an agent on HASH's behalf. HASH shall remain liable under the DPF Principles if its agent processes such Personal Data in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
HASH commits to resolve questions and complaints about its processing of your Personal Data. If you have inquiries or complaint, please email [email protected] or us the HASH Contact Form
To investigate unresolved complaints, HASH currently designates:
→
In the European Union: the EU Data Protection Authorities (DPAs);→
In the United Kingdom: the UK Information Commissioner's Office (ICO)→
In Switzerland: and Swiss Federal Data Protection and Information Commissioner (FDPIC)
If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Data Privacy Framework Panel. For more information on this option, please see Annex I of the Data Privacy Framework Principles.
HASH is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). HASH may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Under Section 5 of the Federal Trade Commission Act (15 U.S.C. § 45), an organization's failure to abide by commitments to implement the DPF Principles may be challenged as deceptive by the FTC. The FTC has the power to prohibit such misrepresentations through administrative orders or by seeking court orders.
Information for users in specific regions
EU/EEA Citizens & Residents
European Data Protection Rights Notice: If you are in the European Economic Area, we process your Personal Data in accordance with applicable laws, and the processing of Personal Data about you is subject to European Union data protection law, you have certain rights with respect to that data:
→
you can request access to, and rectification or erasure of, Personal Data;→
if any automated processing of Personal Data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the Personal Data in a usable and portable format;→
if the processing of Personal Data is based on your consent, you can withdraw consent at any time for future processing;→
you can to object to, or obtain a restriction of, the processing of Personal Data under certain circumstances;→
you can find our Data Protection Officer's contact information directly here on this page; and→
for residents of France, you can send us specific instructions regarding the use of your data after your death.
To make such requests, please use the contact information provided within this statement. When we are processing data on behalf of another party (i.e., where HASH is acting as a data processor) you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
We rely on different lawful bases for collecting and processing Personal Data about you, for example, with your consent and/or as necessary to provide the services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.
More information about our handling of Personal Data in Europe can be found in our Data Protection Agreement.
More information about our participation in the EU-U.S. Data Privacy Framework can be found above.
If you are a citizen of the EU/EEA, you can also contact HASH's EU/EEA-based Data Protection Officer directly by emailing [email protected] with the subject line "EU Data Protection". You can also write to HASH's EU/EEA-based Data Protection Officer at the following address:
Deivids VilkinsonsCAYA Postbox 949132
96035 Bamberg
Germany
U.S. Residents
If you are a U.S. resident, we process your Personal Data in accordance with applicable U.S. state data privacy laws. This section provides extra information specifically for residents of certain US states that have distinct data privacy laws and regulations. These laws may grant specific rights to residents of these states when the laws come into effect. This section uses the term “personal information” as an equivalent to the term “Personal Data.”
These rights are common to the US State privacy laws:→
Right to Knowledge and Correction: You have the right to request details on the specific personal information we’ve collected about you and the right to correct inaccurate information. You can exercise this right by contacting us. You can also access and edit basic account information in your settings.→
Right to Know Data Recipients: We share your information with service providers for legitimate business operations, such as data storage and hosting. For more details, please see “Sharing Your Information” below.→
Right to request Deletion: You reserve the right to request the deletion of your data, barring a few exceptions. Such exceptions include circumstances where we are required to retain data to comply with legal obligations, detect fraudulent activity, investigate reports of abuse or other violations of our Terms of Service, or rectify security issues. Upon receiving your verified request, we will promptly delete your personal information (unless an exception applies), and instruct our service providers to do the same. We employ brief retention terms by design.→
Right to a Timely Response: You are allowed to make two free requests in any 12-month period. We commit to responding to your request within 45 days. In complex cases, we may extend our response time by an additional 45 days.→
Non-Discrimination: We will not hold it against you when you exercise any of your rights. On the contrary, we encourage you to review your privacy settings closely and contact us with any questions.
→
We may collect various categories of Personal Data about our website visitors and users of "Services" which includes HASH applications, software, products, or services. That data may include identifiers/contact information, demographic information, payment information, commercial information, internet or electronic network activity information, geolocation data, audio, electronic, visual, or similar information, and inferences drawn from such data.→
We collect Personal Data for various purposes. This includes identifying accessibility gaps and offering targeted support, fostering diversity and representation, providing services, troubleshooting, conducting business operations such as billing and security, improving products and supporting research, communicating important information, ensuring personalized experiences, and promoting safety and security.
→
To make an access, deletion, correction, or opt-out request, please send an email to [email protected] and follow the instructions provided. We may need to verify your identity before processing your request. If you choose to use an authorized agent to submit a request on your behalf, please ensure they have your signed permission or power of attorney as required.→
To opt out of the sharing of your personal information, you can click on the "Privacy" or "Do Not Share My Personal Information" link in the footer of our Websites. Authorized agents can also submit opt-out requests on your behalf.
California Residents
Mandatory disclosures: We also make the following disclosures for purposes of compliance with California privacy law:
→
We collected the following categories of personal information in the last 12 months: identifiers/contact information, demographic information (such as gender), payment card information associated with customers, commercial information, Internet or other electronic network activity information, geolocation data, audio, electronic, visual or similar information, and inferences drawn from the above.→
The sources of personal information from whom we collected are: directly from you, automatically or from third parties.→
The business or commercial purposes of collecting personal information are as summarized above and in our Privacy Statement under Processing Purposes.→
We disclosed the following categories of personal information for a business purpose in the last 12 months: identifiers/contact information, demographic information (such as gender and rough geographic location), payment information, commercial information, Internet or other electronic network activity information, geolocation data, audio, electronic, visual or similar information, and inferences drawn from the above. We disclosed each category to third-party business partners and service providers, third-party sites or platforms such as social networking sites, and other third parties as described in the Sharing of Personal Data section of our Privacy Statement.→
As defined by applicable law, we “shared” the following categories of personal information in the last 12 months: identifiers/contact information, Internet or other electronic network activity information, and inferences drawn from the above. We shared each category to or with advertising networks, data analytics providers, and social networks.→
The business or commercial purpose of sharing personal information is to assist us with marketing, advertising, and audience measurement.→
We do not “sell” or “share” the personal information of known minors under 16 years of age.
Shine the Light Act: Under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law. California Customers may request further information about our compliance with this law by emailing [email protected]. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated email address.
Removal of Content: California residents under the age of 18 who are registered users of online sites, services, or applications have a right under California Business and Professions Code Section 22581 to remove, or request and obtain removal of, content or information they have publicly posted. To remove content or information you have publicly posted, please submit a Sensitive Information Removal request. Alternatively, to request that we remove such content or information, please send a detailed description of the specific content or information you wish to have removed to HASH support. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances. If you have any questions about our privacy practices with respect to California residents, please send an email to [email protected].
We value the trust you place in us and are committed to handling your personal information with care and respect. If you have any questions or concerns about our privacy practices, please email our Data Protection Officer at [email protected].
Colorado/Connecticut/Virginia Residents
If you live in Colorado, Connecticut, or Virginia you have some additional rights:
→
If we deny your rights request, you have the right to appeal that decision. We will provide you with the necessary information to submit an appeal at that time.→
You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. HASH does not engage in such profiling as defined by Colorado law, so there’s no need to opt out.
Nevada Residents
We do not sell your covered information, as defined under Chapter 603A of the Nevada Revised Statutes. If you still have questions about your covered information or anything else in our Privacy Statement, please send an email to [email protected].
Change Process
HASH may change this Privacy Statement from time to time for a variety of reasons, including to comply with new laws and regulations, to cover new features and functionality, and to increase transparency.
In case of material changes to this Privacy Statement, we will provide at least 30 days prior notice by updating our website or sending an email to your primary email address associated with your HASH account.
Contact Us
Questions regarding HASH's Privacy Statement or information practices should be directed to our privacy team via the HASH contact form. If you have a privacy inquiry or concerns about the way HASH is handling your Personal Data, please let us know immediately. We will respond promptly, and we want to help.
In the unlikely event that a dispute arises between you and HASH regarding our handling of your Personal Data, please email us directly at [email protected] with the subject line "Privacy Concerns". We will respond promptly and do our best to resolve the dispute.
Our addresses are:
HASH, Inc.:
Attn: HASH Privacy Team2109 Broadway Unit 1141
New York, NY 10023
United States
HASH, Ltd.:
Attn: HASH Data Protection10 Netherwood Road
Manchester, M22 4BQ
United Kingdom
If you are a citizen of the EU/EEA, you can also contact HASH's EU/EEA-based Data Protection Officer directly by emailing [email protected] with the subject line "EU Data Protection". You can also contact HASH's EU/EEA-based Data Protection Officer by mail by writing to:
Deivids VilkinsonsCAYA Postbox 949132
96035 Bamberg
Germany
As mentioned in the Data Privacy Framework section above, if you are a citizen of resident in the EU, Switzerland, or United Kingdom, you may additionally have the right to file a complaint with your local data protection or privacy agency, or supervisory authority. Links to these can be located in the section above.
Create a free account
Sign up to try HASH out for yourself, and see what all the fuss is about
By signing up you agree to our terms and conditions and privacy policy