Privacy Policy
This Privacy Policy explains how HOPE (“we”, “us”) collects, uses, and protects personal data in connection with the HOPE Workspace platform (the “Service”). For personal data contained in a customer’s workspace, the customer is the controller and we act as processor on their behalf (see our Data Processing Addendum).
1. Data we collect
- Account data — name, email, workspace and role information you provide.
- Customer content — the projects, tasks, files, messages, finance records and other data you and your team put into your workspace.
- Billing data — handled by our payment processor; we store a customer identifier and subscription status, not full card numbers.
- Usage & technical data — log data, device/browser information, and diagnostic events used to operate and secure the Service.
- Integration data — where you connect a third-party account (Google, Slack, Asana, Frame.io), the tokens and the data those services return at your direction.
2. How we use data
To provide, secure, maintain, and improve the Service; to process billing; to communicate service and account notices; and to comply with legal obligations. We do not sell personal data, and we do not use Customer Content to train models.
3. Subprocessors
We use vetted subprocessors to run the Service, including Supabase (database & authentication), Stripe (payments), Vercel (application hosting), and Cloudflare (storage & network). Where you connect an integration, that provider (e.g. Google, Slack, Asana, Frame.io) also processes the relevant data at your direction. A current subprocessor list is available on request.
4. Data location & security
Data is hosted with the providers above and is encrypted in transit and at rest. Each customer workspace is logically isolated, and access is controlled by authentication and least-privilege authorisation. We maintain administrative, technical, and organisational safeguards appropriate to the risk.
5. Retention
We retain Customer Content for as long as your workspace is active. On cancellation, data is retained for a limited wind-down window and then deleted, except where longer retention is required by law (e.g. tax/invoice records held by our payment processor). You may request earlier deletion (Section 7).
6. Cookies
We use strictly necessary cookies for authentication and session management. We do not use advertising cookies.
7. Your rights
Subject to applicable law, you may access, correct, export, or delete personal data. Workspace administrators can request a full data export or deletion of their workspace; individual users may contact their workspace administrator, or us at the address below. We respond within the timeframe required by applicable law.
8. Changes & contact
We may update this Policy; the effective date above reflects the latest version, and we will give notice of material changes. Contact us at privacy@thehope.io.