Privacy Policy

2. Scope

This Privacy Policy applies to:

• visitors to our website
• prospective customers, customers, and business contacts
• users of the Hashirai platform and related Services
• individuals whose personal data may be included in data submitted to the Services by our customers

This Privacy Policy does not apply to third-party websites, services, or products that may be linked from our Services.

3. Personal data we collect

The personal data we collect depends on how you interact with us.

A. Information you provide directly

We may collect:

• name
• work email address
• company name
• job title
• phone number
• country or region
• information you submit through forms, demo requests, contact requests, or support communications
• billing and commercial information where applicable
• any other information you choose to provide to us

B. Information collected automatically

When you visit our website or use the Services, we may collect certain technical and usage information, such as:

• IP address
• browser type and version
• device information
• operating system
• referring URLs
• pages viewed
• timestamps
• session and usage data
• diagnostic, performance, and telemetry data
• cookie and similar technology data, where used

C. Information processed through the Services

Customers may submit data to Hashirai in connection with AI governance and provenance workflows. Depending on how customers configure the Services, that data may include:

• identifiers associated with users, agents, tools, workflows, or systems
• event metadata
• timestamps
• policy and workflow state
• review and approval metadata
• logs, traces, or records generated by customer systems
• other customer-submitted content

We do not require customers to submit personal data unless it is necessary for their intended use case, and customers are responsible for ensuring they have an appropriate legal basis for any personal data they submit.

4. How we use personal data

We may use personal data to:

• provide, operate, maintain, and improve the Services
• authenticate users and secure accounts
• respond to enquiries, demo requests, and support requests
• manage customer relationships and contracts
• process payments and billing where applicable
• monitor performance, availability, security, and reliability
• prevent fraud, abuse, misuse, and unauthorised access
• comply with legal obligations
• enforce our terms and protect our rights
• communicate with you about the Services, including service, transactional, and administrative messages
• send marketing communications where permitted by law and subject to your preferences
• analyse website and product usage to improve functionality, UX, and commercial operations

5. Legal bases for processing

Where applicable under data protection law, we process personal data on one or more of the following legal bases:

• performance of a contract
• legitimate interests, such as operating and improving the Services, securing our systems, and managing business relationships
• compliance with legal obligations
• consent, where required by law
• other lawful bases available under applicable law

6. Cookies and similar technologies

We may use cookies and similar technologies on our website and in connection with the Services for purposes such as:

• enabling site functionality
• understanding traffic and usage
• measuring marketing effectiveness
• improving performance and user experience
• maintaining security

Where required by law, we will request consent before placing non-essential cookies. You can also control cookies through your browser settings.

7. How we share personal data

We may share personal data with:

• service providers and subprocessors that help us operate the Services, such as hosting, infrastructure, analytics, communications, customer support, CRM, and payment providers
• professional advisers, such as legal, audit, and insurance providers
• regulators, law enforcement, courts, or government authorities where required by law or necessary to protect rights, safety, or security
• affiliates or successors in connection with a merger, acquisition, financing, reorganisation, or sale of all or part of our business

We do not sell personal data in the ordinary sense of the term.

8. International data transfers

We may process personal data in countries other than the country in which it was collected. Where we transfer personal data internationally, we take steps designed to ensure appropriate safeguards are in place, such as contractual protections or other lawful transfer mechanisms where required.

9. Data retention

We retain personal data for as long as necessary for the purposes described in this Privacy Policy, including to:

• provide the Services
• comply with legal, tax, accounting, and regulatory obligations
• resolve disputes
• enforce agreements
• maintain security and business continuity

Retention periods may vary depending on the type of data, the customer configuration, legal requirements, and operational needs.

10. Security

We use reasonable technical, organisational, and administrative safeguards designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Customer data and processor role

Where Hashirai processes personal data on behalf of a customer, the customer is generally the controller and Hashirai acts as a processor or service provider. In those cases:

• the customer determines the purpose and legal basis for the processing
• we process personal data in accordance with the customer’s instructions and our contractual commitments
• requests relating to customer-controlled data may need to be directed to the relevant customer

12. Your rights

Depending on your location and applicable law, you may have rights such as:

• access to your personal data
• correction of inaccurate personal data
• deletion of personal data
• restriction of processing
• objection to processing
• data portability
• withdrawal of consent where processing is based on consent
• the right to lodge a complaint with a supervisory authority

To exercise these rights, contact us using the details below. We may need to verify your identity before responding.

13. Marketing communications

You may opt out of marketing emails from us at any time by using the unsubscribe link in the message or contacting us directly. Even if you opt out of marketing communications, we may still send service-related or transactional messages where necessary.

14. Children

The Services are not directed to children, and we do not knowingly collect personal data from children.

15. Third-party services

Our website or Services may integrate with or reference third-party services. Those third parties operate under their own privacy policies and practices, and we are not responsible for them.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make changes, we will update the "Last updated" date above and, where appropriate, provide additional notice.

17. Contact us

If you have questions about this Privacy Policy or our data practices, contact us at:

Hashirai

[Insert legal entity name]

[Insert business address]

[Insert privacy email, e.g. privacy@hashirai.com]

[Insert contact email or web form]

18. Product-specific note on verifiable records

Where customers use Hashirai to create verifiable, tamper-evident, or immutable records, those records may be designed to preserve integrity for governance, audit, or evidentiary purposes. Customers are responsible for determining what data they submit to such workflows and for ensuring that personal data included in those records is appropriate, necessary, and lawful for their intended use case.