Privacy Policy

Effective Date: July 1, 2025

Last Updated: June 23, 2026

The Short Version

We built Hapax to make your organization more productive. Here's what you actually need to know about your privacy:

  • We don't sell your data — full stop.
  • Your business data stays yours. We won't use it to train AI without your explicit permission.
  • When Hapax agents act on your behalf, you stay in control and can see exactly what they did.
  • You can ask us to access, correct, or delete your data at any time.
  • Questions? Email us: privacy@askhapax.ai

Who We Are and What This Covers

Hapax, Inc. (“Hapax,” “we,” or “us”) is the company behind the Hapax AI platform. This Privacy Policy explains what information we collect when you use our website (www.askhapax.ai) or our platform, how we use it, and what choices you have.

It applies to everyone who visits our site or uses our services — individual users and the organizations they belong to.

What We Collect

Information you give us directly

When you sign up or request access, we ask for things like:

  • Your name, work email, and phone number
  • Your company name and role
  • Payment information (handled securely by our payment provider — we never store your card number)

Some of this is essential — without it (for example, your work email and company name) we can't set up your account or provide the service. The rest is optional. If you decline to provide or later withdraw essential information, we may be unable to continue providing Hapax to you.

What happens when you use the platform

As you work with Hapax agents and workflows, we collect:

  • The prompts and instructions you give to Hapax agents
  • The outputs those agents produce for you
  • Feedback you give us (like thumbs up/down on responses)
  • Records of actions agents took on your behalf
  • Your platform settings and preferences

Your business data

You may upload documents, connect tools, and share organizational information to help Hapax understand how your business works. We call this your “Customer Data.” Your Customer Data is yours. We process it to provide the service to you, and we do not use it to train our AI models without your written permission.

Technical data we collect automatically

Like most websites and apps, we collect some basic technical information when you visit:

  • Your IP address, browser type, and device
  • Which pages you visit and how long you spend on them
  • How you found us (the link or search that brought you here)
  • Error logs and performance data that help us fix problems

Information from other sources

Occasionally we receive information about you from:

  • Partners or referral sources who suggested Hapax to you
  • Tools you connect to Hapax (when you authorize us to access them)
  • Publicly available sources like LinkedIn, when relevant to your business

How We Use Your Information

To run the service

We use your information to actually deliver Hapax to you — setting up your account, running agents on your behalf, processing payments, and helping you when something goes wrong.

To make Hapax better

We analyze how people use the platform (in aggregate, not just watching you individually) to figure out what's working and what isn't.

To personalize your experience

We use what we know about how your organization works to make Hapax more useful for you specifically — surfacing the right agents, remembering your settings, and tailoring suggestions to your context.

To keep things safe

We monitor for fraud, abuse, and security threats. If something looks wrong with your account, we need your information to investigate it and protect you.

To communicate with you

We'll send you product updates, tips, and occasional marketing emails. You can unsubscribe from marketing emails at any time — there's an unsubscribe link at the bottom of every one, or you can email us at privacy@askhapax.ai.

When Hapax Agents Act on Your Behalf

Our agents don't just answer questions — they take actions: sending messages, pulling data, updating systems, and running workflows across the tools in your stack.

Connected tools

When you authorize Hapax to connect to tools like Slack, Google Workspace, HubSpot, or Salesforce, our agents may read data from and send actions to those tools on your behalf. We only do what you've authorized us to do, and you can revoke access at any time. Keep in mind: when our agents interact with those third-party tools, the data involved is also subject to those tools' own privacy policies.

Agent activity logs

We keep records of what our agents did — what they accessed, what actions they took, and what they produced — so that:

  • You can review exactly what happened
  • You can catch and correct mistakes
  • We can debug problems if something goes wrong
  • Your organization has the audit trail it needs for compliance

You can view agent activity directly in the platform and pause or revoke agent permissions whenever you want.

The World Model

Hapax builds a “World Model” of how your organization works — your workflows, your processes, the signals that trigger work in your business. Your World Model is specific to your organization. It isn't shared with other Hapax customers, and it's deleted when you leave.

AI Training and Your Data

Your business data — no training without permission

Your Customer Data — the documents, communications, and organizational information you provide — is never used to train our AI models unless you give us explicit written permission. If you grant that permission, you can withdraw it at any time by emailing privacy@askhapax.ai, and we will stop using your data for training going forward.

Usage patterns and feedback

We may use anonymized, aggregated data about how people use the platform (not your specific content) to improve Hapax. When you give us feedback on agent outputs, that feedback may also be used to improve quality, but it's de-linked from your identity first.

Your controls

You can email privacy@askhapax.ai at any time to ask whether your data is being used for training, opt out, or request that past training data be removed.

Who We Share Your Information With

We don't sell your personal information. That's not something we do, ever.

Our vendors and service providers

We use third-party services to help us run Hapax — cloud hosting, payment processing, analytics, security tools, and customer support software. These companies can only use your data to provide those services to us, and they're contractually required to protect it.

If Hapax is acquired or merged

If Hapax is ever acquired or goes through a major corporate change, your data may be transferred to the new entity. We'll notify you if that happens and explain your options.

When the law requires it

We may share your information if we receive a valid legal request like a subpoena or court order, or if we need to prevent serious harm. Where we legally can, we'll let you know before we hand anything over.

To protect everyone

If we believe your account is involved in fraud, abuse, or illegal activity, we may share information to investigate or stop it.

De-identified data

We may share aggregated, anonymized data (data that can't identify you or your organization) for things like industry research or benchmarking reports.

For business customers

If your company has an Enterprise Agreement or Data Processing Addendum with us: you control your data, we process it on your behalf. We maintain a subprocessor list — you can request the current list anytime. Need a DPA? Email us at privacy@askhapax.ai.

How Long We Keep Your Data

  • Your account info: Kept while your account is active, plus a short window afterward in case you want to come back.
  • Platform interactions: Up to 2 years, unless you ask us to delete them sooner or your contract says otherwise.
  • Your business data: Kept for the duration of your contract. When you leave, it's deleted (by secure erasure or anonymization) or returned within 90 days.
  • Safety flags: If something triggers our safety systems, we may keep that data for up to 7 years for legal and compliance reasons.
  • Legal requirements: Sometimes the law requires us to hold onto certain data — we'll do so only as long as required.

You can delete conversations directly in the platform. To request a full data deletion, email privacy@askhapax.ai.

Cookies and Tracking

What we use and why

Like most websites, we use cookies — small files stored in your browser — to keep you logged in, remember your preferences, and understand how people use our site so we can improve it.

We also use:

  • Analytics tools (like Google Analytics) to see traffic patterns and page performance
  • Pixel tags in our emails to know if they're being read

Your options

Most browsers let you block or delete cookies in the settings. When you first visit our website, a cookie banner lets you accept or decline non-essential cookies such as analytics, and you can change your choice at any time through the “Cookie Preferences” link in our website footer. We don't set non-essential cookies until you've consented, where consent is required.

We don't currently respond to “Do Not Track” browser signals, but we do honor recognized opt-out preference signals such as the Global Privacy Control (GPC) where required by applicable law.

How We Protect Your Data

We take security seriously. Here's what we have in place:

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access to your data is limited to people who need it to do their jobs
  • We do regular security testing and assessments
  • Every Hapax employee completes security and privacy training
  • We have a plan for what to do if something goes wrong

If you ever suspect your account has been compromised, contact us at security@askhapax.ai. If a security breach affects your personal information, we will notify you and the relevant authorities without undue delay, as required by applicable law.

Your Privacy Rights

Regardless of where you live, you can:

  • Ask us what personal information we have about you
  • Ask us to correct information that's wrong
  • Ask us to delete your information
  • Opt out of marketing emails (unsubscribe link is in every one)
  • Opt out of AI training use of your data

If you're in California (CCPA/CPRA)

You have the right to know what we collect, stop us from “selling” or “sharing” your data (we don't, but the law lets you formally say so), and limit how we use sensitive personal information. Use the “Do Not Sell My Personal Information” link at the bottom of our website or email privacy@askhapax.ai.

If you're in Virginia, Colorado, Texas, or other US states

Similar rights apply — access, correction, deletion, and opting out of certain data uses. Email us and we'll honor your rights under your state's law.

If you're in the EU, UK, or Switzerland

Under GDPR (or equivalent laws), you have additional rights: data portability, the right to restrict how we process your data, the right to object, and the right to file a complaint with your local data protection authority. We process your data under lawful bases including contract performance, legal obligations, legitimate interests, and consent where applicable.

How to make a request

Email us at privacy@askhapax.aiand we'll respond within 30 days (or sooner if your local law requires it). We'll ask you to verify your identity before we action the request. Where you ask for a copy of your information, we can provide it in a portable electronic format.

If you disagree with our response

You can appeal by emailing privacy@askhapax.aiwith the subject line “Privacy Appeal.” We'll review it and get back to you.

International Users

Hapax is based in Austin, Texas. If you're accessing our platform from outside the US, your data may be transferred to and stored in the US or other countries where our vendors operate.

For users in the EU, UK, or Switzerland, we use Standard Contractual Clauses and other approved mechanisms to make sure your data stays protected even when it crosses borders.

Email us at privacy@askhapax.ai if you have questions about cross-border transfers.

Children

Hapax is a business platform designed for professionals. We don't knowingly collect information from anyone under 18. If you think a minor's data has ended up in our system, please email us and we'll delete it promptly.

When We Update This Policy

We'll update this page when our practices change. If it's a significant change, we'll also email registered users and show a notice in the platform. The “Last Updated” date at the top always reflects the most recent version.

Get in Touch

We're real people and we're happy to answer questions about your privacy.

Hapax, Inc.

Privacy questions: privacy@askhapax.ai

Security concerns: security@askhapax.ai

General support: support@askhapax.ai

Website: www.askhapax.ai