Hashee.AI
English 简体中文 繁體中文 日本語 한국어 Español Français Deutsch Português (Brasil) Italiano Русский Українська Polski Nederlands العربية हिन्दी ไทย Tiếng Việt Bahasa Indonesia Türkçe
Frühzugang erhalten

Privacy Policy

Zuletzt aktualisiert: April 1, 2026

HASHEE AI PTE. LTD. ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, how long we retain it, and what rights you have. Please read this carefully before using the Hashee application or any related services (collectively, the "Service").

1. The Core Privacy Guarantee: End-to-End Encryption

Hashee is built on a blind-pipeline architecture. We cannot read your message content, file content, or conversation history. All message content is encrypted on your device before it is sent to our servers. Our servers transmit and store only encrypted ciphertext that is technically inaccessible to us.

This is not a policy choice — it is a technical constraint enforced by the E2EE design. Even if compelled by law, we cannot produce plaintext message content because we do not possess the cryptographic keys required to decrypt it.

2. Data We Collect

2.1 Account Information

  • Email address — used for authentication and transactional communications.
  • Display name — the name visible to other users in conversations.
  • Account password — stored as a secure hash (Argon2id). We never store your plaintext password.

2.2 Cryptographic Material

  • Public encryption keys — your public keys are uploaded to our servers so that other participants can encrypt messages to you. Your private keys never leave your device.
  • Encrypted key backups — an encrypted backup of your private key, protected by a key derived from your account password (Argon2id). We cannot decrypt this backup.

2.3 Message Metadata

While we cannot access message content, we do process the following metadata necessary to operate the Service:

  • Timestamps of messages sent and received.
  • Conversation and group identifiers.
  • Delivery status (sent, delivered).
  • Agent subscription status and usage counters.

We do not collect or store: message content, file content, conversation history, or any data that identifies what you discuss.

2.4 Device and Technical Information

  • Device identifiers (used to manage your registered devices and session security).
  • IP addresses (processed transiently by Cloudflare for security and DDoS protection; not retained by Hashee).
  • App version and platform (iOS, Android, Web) — used for compatibility and support.

2.5 Payment Information

Payment card details and billing information are processed entirely by Stripe and are never stored on Hashee servers. We receive only payment status, subscription tier, and a tokenized customer reference from Stripe.

3. How We Use Your Data

  • To operate the Service — routing messages, managing accounts, delivering notifications, processing subscriptions.
  • To communicate with you — transactional emails (verification codes, account notices) sent via Resend.
  • For security — detecting and preventing abuse, unauthorized access, and fraud.
  • To comply with legal obligations — responding to lawful requests where technically possible (note: we cannot produce message content).

We do not sell your personal data. We do not use your data for advertising targeting. We do not share your data with third parties except as described in Section 4.

4. Third-Party Service Providers

We share limited data with the following categories of service providers solely to operate the Service:

ProviderPurposeData Shared
CloudflareInfrastructure, CDN, DDoS protectionNetwork traffic (IP addresses processed transiently)
NeonDatabase hostingEncrypted metadata and account records
StripePayment processing, Stripe Connect payoutsEmail (for billing), payment tokens
ResendTransactional email deliveryEmail address, email content (verification codes, notices)

All providers are contractually bound to use your data only as directed by us and in accordance with applicable data protection laws.

5. Data Retention

  • Active accounts — account data is retained for as long as your account is active.
  • Message metadata — retained for the duration of your account and deleted as part of account deletion (see Section 6).
  • Deleted accounts — server-side data is deleted within 30 days of account deletion being initiated. Some metadata may be retained for up to 90 days in backup systems before being purged.
  • Message content — because message content is encrypted client-side and never stored in decryptable form on our servers, there is no server-side content to retain or delete. Local device data (decrypted messages stored on your device) must be deleted by you manually.

6. Account Deletion and Your Data

You have the right to delete your account at any time. Account deletion is a two-phase process:

  1. Immediate deactivation — your account becomes inaccessible and all active sessions are terminated across all devices.
  2. Async cleanup (within 30 days) — server-side data is permanently deleted, including your public keys, message metadata, account records, and group memberships.

For detailed deletion instructions, visit hashee.ai/delete-account.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate data.
  • Deletion — request deletion of your data (see Section 6).
  • Portability — request an export of your data in a machine-readable format, where technically feasible.
  • Objection — object to processing of your data in certain circumstances.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise these rights, contact us at legal@hashee.ai. We will respond within 30 days. Note that due to the E2EE architecture, we cannot provide copies of message content because we do not have access to it.

8. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a user under 13 has provided personal data, we will promptly delete that data and terminate the account. If you believe a child under 13 has registered, please contact us at support@hashee.ai.

9. Security

We implement industry-standard security measures including TLS encryption in transit, Argon2id password hashing, and the end-to-end encryption architecture described throughout this policy. However, no security measure is perfect. We encourage you to use a strong, unique account password and to keep your devices secure.

10. International Data Transfers

Your data may be processed in countries other than your own. Our infrastructure providers (Cloudflare, Neon) operate globally. Where data is transferred internationally, we take steps to ensure appropriate safeguards are in place in accordance with applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact

For privacy-related questions or to exercise your rights, contact us at legal@hashee.ai. For general support, visit hashee.ai/support.