Legal

Privacy Policy

This Privacy Policy explains how Hashrights collects, uses, and shares information when you use our Service.

Last updated: February 17, 2026

1. Overview

Hashrights, Inc. ("Hashrights," "we," "us") provides a B2B software service designed to support privacy-preserving matching workflows between organizations (for example, an entity offering a collection and a partner verifying overlap). This Privacy Policy describes how we collect, use, disclose, and protect information when you access or use the Service.

2. Information We Collect

We collect information in the following categories:

  • Account and profile information: name, work email address, title, phone number, and organization details (such as company name and company email domain).
  • Service workflow data: collection names/descriptions, invite metadata, query and decision records, and related audit trails.
  • Customer identifier inputs: email domains and other identifiers provided for matching workflows. Where feasible, Hashrights uses deterministic hashing with a server-side salt to perform comparisons without requiring raw customer lists to be disclosed to counterparties.
  • Usage and device information: log data and telemetry generated when you use the Service (for example, timestamps, pages/features used, and basic device/browser signals). We use this information for security, reliability, and performance.
  • Billing information: subscription status, plan selection, invoices/receipts, and payment-related metadata. Payment processing is handled by our payment processor (currently Stripe), and we do not store full payment card numbers on our servers.
  • Communications: emails and support requests you send to us, and service emails we send to you (for example, magic link sign-in and operational notifications).

3. How We Use Information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Service.
  • Authenticate users, manage accounts, and enforce role-based access controls.
  • Execute matching workflows, enforce query quotas, and maintain audit trails.
  • Process payments, subscriptions, and billing-related requests.
  • Send transactional and service communications (including security and onboarding messages).
  • Detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
  • Comply with legal obligations and enforce our Terms of Service.

4. How We Share Information

We may share information as follows:

  • Service providers: We use vendors to help us provide the Service (for example, hosting, database/auth, payments, and email delivery). These vendors may process information on our behalf subject to contractual protections. Current vendors may include Supabase, Vercel, Stripe, and Resend.
  • Within the workflow: The Service may share limited workflow outputs with counterparties (for example, match/no-match outcomes and decision statuses). We design the system to reduce raw list disclosure between parties.
  • Legal and compliance: We may disclose information if required by law or if we reasonably believe disclosure is necessary to comply with a legal process or protect rights, safety, or security.
  • Business transfers: We may disclose information in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality measures.

5. Cookies and Similar Technologies

We use cookies and similar technologies as needed to operate the Service (for example, to maintain sessions and support secure authentication). If we add non-essential analytics or advertising cookies in the future, we will provide appropriate notices and choices where required.

6. Security and Access Controls

We implement administrative, technical, and physical safeguards designed to protect information. This may include role-based access controls, row-level security controls in our database, logging, and limited access procedures. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Data Retention

We retain information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security and audit requirements.

8. International Data Transfers and Hosting

Hashrights operates with a U.S.-focused hosting posture. If you access the Service from outside the United States, your information may be transferred to and processed in the United States.

9. Your Rights and Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, or obtain a copy of your personal information, or to object to or restrict certain processing. You may also be able to update certain information within the Service.

10. California (CCPA/CPRA) Disclosures

If you are a California resident, you may have rights to know/access, delete, correct, and opt out of the sale or sharing of personal information. Hashrights does not sell personal information in exchange for money. We also do not share personal information for cross-context behavioral advertising as that term is defined under California law.

You may submit requests by emailing privacy@hashrights.com. We may verify your request by confirming your association with an account and your authority to act on behalf of your organization.

11. Nevada Disclosures

Nevada residents may submit requests to opt out of the sale of certain covered information. Hashrights does not sell covered information as defined by Nevada law. You may submit requests by emailing privacy@hashrights.com.

12. Children

The Service is not directed to children and we do not knowingly collect personal information from children under 13.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service or by other reasonable means.

14. Contact

Questions about privacy? Contact us at privacy@hashrights.com.