Privacy Policy
Last updated: March 5, 2026
1. Introduction
Hirecast ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data. This policy applies to all users of the Hirecast AI agent service, including those accessing the service through Slack, Google Chat, and other supported platforms.
2. Data We Collect
| Data Type | Details |
|---|---|
| Account information | Company name, contact name, email address, and messaging platform user IDs (Slack, Google Chat, Telegram). |
| Messages | Messages sent to and received from your AI agent through connected messaging platforms. These are routed through our platform to your agent's private container. |
| Workspace data | Files, documents, and configurations created by you or your agent within the agent's private workspace. |
| Usage data | Message counts, agent activity metrics, and service usage statistics. |
| Payment information | Processed by Stripe. We do not store credit card numbers or full payment details on our servers. |
| Integration credentials | API keys or OAuth tokens you provide for third-party integrations (e.g., OpenRouter API keys). These are stored encrypted within your agent's private container. |
3. How We Use Your Data
We use your data solely to provide and improve the Hirecast AI agent service:
- Service delivery: Routing messages between your messaging platform and your AI agent, executing agent tasks, and maintaining your agent's workspace.
- AI processing: Sending conversation context to LLM providers to generate agent responses (see Third-Party Services below).
- Account management: Managing subscriptions, sending service-related emails, and providing customer support.
- Service improvement: Aggregated, anonymized usage metrics to improve reliability and performance. We do not use your message content or workspace data for model training.
4. What We Do Not Do
- We do not sell your data to third parties.
- We do not share your data with third parties for their marketing or advertising purposes.
- We do not use your message content or workspace data to train AI models.
- We do not access your workspace data except when required for technical support that you have requested, or to comply with legal obligations.
5. Data Isolation
Each customer's AI agent runs in a dedicated, isolated Docker container with its own private workspace. Containers are network-isolated from each other — no customer can access another customer's data, files, or agent. Your workspace data (files, conversation history, installed tools) persists in a private storage volume that only your agent can access.
6. Third-Party Services
We use the following third-party services to operate Hirecast:
| Service | Purpose | Data Shared |
|---|---|---|
| OpenRouter | LLM API routing — sends agent conversation context to AI models for response generation | Message content and conversation context necessary for the agent to respond |
| Composio | Third-party app integrations (e.g., Gmail, Google Sheets, CRM tools) when configured by the customer | OAuth tokens and integration data as authorized by the customer |
| Stripe | Payment processing | Email address, subscription details. Stripe handles all payment card data. |
| Resend | Transactional email delivery | Email address, email content for service notifications |
| Amazon Web Services | Infrastructure hosting | All service data resides on AWS infrastructure |
When you provide your own API key (BYOK), your LLM requests are sent using your key directly. We do not log or store the content of LLM requests beyond what is necessary for rate limiting and cost tracking.
7. Data Retention
- Active accounts: Data is retained for the duration of your subscription.
- After cancellation: Workspace data and conversation history are retained for 30 days, then permanently deleted.
- Trial accounts: Trial data is retained for 30 days after the trial ends, then permanently deleted.
- Logs: Service logs (excluding message content) are retained for 90 days for operational and debugging purposes.
8. Data Security
We implement the following security measures:
- All external traffic is encrypted via TLS 1.2/1.3.
- Customer containers are network-isolated from each other and from host infrastructure.
- Containers cannot access other customers' data, host filesystem, API keys, or cloud metadata.
- API keys and credentials are stored within isolated containers, never in shared databases.
- Access to production infrastructure is restricted and authenticated.
9. Your Rights
You have the right to:
- Access: Request a copy of the data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data. We will delete your container, workspace, and account data within 30 days of a verified request.
- Export: Request an export of your workspace data at any time.
- Objection: Object to specific processing of your data.
To exercise any of these rights, contact us at support@gethirecast.com.
10. Children's Privacy
Hirecast is not intended for use by individuals under the age of 18. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes via email or through the service. The "Last updated" date at the top of this page indicates when the policy was last revised.
12. Contact
For questions about this privacy policy or our data practices, contact us at:
Hirecast
Email: support@gethirecast.com