Privacy Policy
Last Updated: July 17, 2025
This Privacy Policy describes how Hatchet Technologies, Inc. ("Hatchet Technologies, Inc.," "we", "us" or "our") handles personal information that we collect through our website and other digital properties that link to this Privacy Policy (collectively, the "Service"), as well as through social media, our marketing activities, and other activities described in this Privacy Policy.
Index
- Personal information we collect
- How we use your personal information
- How we share your personal information
- Your choices
- Other sites and services
- Security
- International data transfer
- Children
- Changes to this Privacy Policy
- How to contact us
- European Union privacy rights notice
- California privacy rights notice
Personal information we collect
Information you provide to us
Personal information you may provide to us through the Service or otherwise includes:
- Contact data, such as your first and last name, professional title, organizational affiliation, email address, and phone number.
- Profile data, such as the username and password that you may set to establish an online account on the Service, and any other information that you add to your account profile.
- User-generated content, such as comments, questions, feedback, messages, images, photos, videos and other content or information that you submit to, or use with, the Services.
- Communications that we exchange with you, including when you contact us through the Service, social media, or otherwise.
- Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
- Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise described at the time of collection.
Information collected through our APIs
When you use our APIs and services, we collect personal information including:
- Workflow data, such as workflow definitions, execution parameters, input/output data, and processing results that you submit through our APIs.
- API usage data, such as API endpoints accessed, request/response data, authentication tokens, and usage patterns.
- System integration data, such as configuration settings, integration parameters, and metadata from connected systems and services.
- Performance and diagnostic data, such as execution logs, error messages, timing data, and system performance metrics generated during API operations.
Third party sources
We may combine personal information we receive from you with personal information we obtain from other sources, such as:
- Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
- Data providers, such as information services and data licensors that provide demographic and other information.
- Marketing partners, such as joint marketing partners and event co-sponsors.
- Third party services, such as social media services, that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third party service that is made available to us based on your account settings on that service.
Automatic data collection
We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:
- Device data, such as your computer's or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, and general location information such as city, state or geographic area.
- Online activity data, such as pages you viewed, how long you spent on a page, the website you visited before browsing to the Service, navigation paths between pages, information about your activity on a page, access times and duration of access, and whether you have opened our emails or clicked links within them.
Cookies and similar technologies
Some of the automatic collection described above is facilitated by the following technologies:
- Cookies, which are small text files that websites store on user devices and that allow web servers to record users' web browsing activities and remember their submissions, preferences and login status as they navigate a site. Cookies used on our sites include both "session cookies" that are deleted when a session ends, "persistent cookies" that remain longer, "first party" cookies that we place and "third party" cookies that our third party business partners and service providers place.
- Web beacons, also known as pixel tags or clear GIFs, which are clear images placed in web content or HTML emails to record when a user visits a web page or views an email.
- Local storage technologies, like HTML5 and Flash, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
These technologies are used for the following purposes:
- Technical operation: To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
- Functionality: To provide enhanced functionality and personalization on the Service.
- Analytics: To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.
For detailed information about our use of cookies, please see our Cookie Policy.
Data about invitees
We may offer features that help users invite their friends or contacts to use the Service, and may collect contact details about these invitees so that we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.
How we use your personal information
We may use your personal information for the following purposes or as otherwise described at the time of collection:
Service delivery
We may use your personal information to:
- provide, operate and improve the Service and our business;
- facilitate your invitations to friends who you want to invite to join the Service;
- communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
- understand your needs and interests, and personalize your experience with the Service and our communications; and
- provide support for the Service, and respond to your requests, questions and feedback.
Research and development
We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze, improve and promote the Service and our business.
Marketing and advertising
We may collect and use your personal information to send you direct marketing communications. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
Compliance and protection
We may use your personal information to:
- comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements or our internal policies;
- enforce the terms and conditions that govern the Service; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
How we share your personal information
We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection.
Affiliates. Our corporate affiliates for purposes consistent with this Privacy Policy.
Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, payment processing, consumer research and website analytics).
Linked third party services. If you log into the Service with, or otherwise link your Service account to, a social media or other third party service, we may share your personal information with that third party service. The third party's use of the shared information will be governed by its privacy policy and the settings associated with your account with the third party service.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
Business transferees. Acquirers and other relevant participants in business transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Hatchet Technologies, Inc. or our affiliates (including in connection with a bankruptcy or similar proceedings).
Other users and the public. Your profile and other user-generated content may be visible to other users of the Service and the public. For example, if you post a comment or other content on the Service, it can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information.
Your choices
Access or update your information
If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.
Opt-out of marketing communications
You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.
Linked third party platforms
If you choose to connect to the Service through your social media account or other third party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third party platform, that choice will not apply to information that we have already received from that third party.
Other sites and services
The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control any online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other online services you use.
Security
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. We will use commercially reasonable efforts to secure the Cloud Service from unauthorized access, alteration, or use and other unlawful tampering. Security Policy available at: https://trust.hatchet.run/
International data transfer
We are headquartered in the United States and may use service providers that operate in the United States and other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.
For transfers of personal data from the European Economic Area, United Kingdom, or Switzerland to countries that do not have an adequacy decision from the European Commission, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission and additional technical and organizational security measures to protect your data.
Children
The Service is not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.
How to contact us
Email: legal@hatchet.run
European Union privacy rights notice
This section applies to individuals in the European Union ("EU"), United Kingdom, and other jurisdictions with similar data protection laws. We process personal data in accordance with the General Data Protection Regulation ("GDPR") and other applicable data protection laws.
Legal basis for processing
We process your personal data based on the following legal bases under GDPR Article 6:
Legitimate interests (Article 6(1)(f)): For platform operations, infrastructure monitoring, security and fraud prevention, analytics, and service optimization. Our legitimate interests include providing reliable workflow orchestration services, maintaining platform security, and improving our products.
Performance of contract (Article 6(1)(b)): To provide the Service, process your workflows, manage your account, provide customer support, and fulfill our contractual obligations to you.
Compliance with legal obligations (Article 6(1)(c)): To comply with applicable laws, regulations, legal process, and government requests.
Consent (Article 6(1)(a)): For marketing communications and certain analytics cookies (where required). You may withdraw consent at any time.
Your rights under GDPR
As an EU resident, you have the following rights regarding your personal data:
Right of access: You can request a copy of the personal data we hold about you and information about how we process it.
Right to rectification: You can request that we correct or update inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten"): You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purposes for which it was collected.
Right to restrict processing: You can request that we limit how we process your personal data in certain circumstances.
Right to data portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format, and you can request that we transfer this data to another service provider.
Right to object: You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Right to withdraw consent: Where processing is based on consent, you can withdraw your consent at any time.
Right to lodge a complaint: You can file a complaint with your local data protection authority if you believe we have violated your data protection rights.
Data retention
We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:
- Account data: Retained while your account is active and for up to 12 months after account closure for customer support and legal compliance
- Workflow execution logs: Retained for up to 90 days for debugging and optimization purposes
- Billing and payment data: Retained for up to 7 years for tax and accounting purposes
- Marketing data: Retained until you opt-out or for up to 3 years from last engagement
- Support communications: Retained for up to 3 years for quality assurance and training
International data transfers
Your personal data may be transferred to and processed in countries outside the EU/UK, including the United States. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses for transfers to countries without adequacy decisions
- Adequacy decisions: We may transfer data to countries recognized by the EU as providing adequate protection
- Additional safeguards: We implement additional technical and organizational measures to protect transferred data
Contact for data protection matters
For questions about your data protection rights or to exercise your rights, please contact us at:
Email: legal@hatchet.run
Subject line: "GDPR Data Subject Request"
Please include sufficient information to verify your identity and specify which right you wish to exercise. We will respond to verified requests within 30 days as required by GDPR.
If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. You can find contact details for EU data protection authorities at: https://edpb.europa.eu/about-edpb/board/members_en
California privacy rights notice
This section describes how we collect, use, and share Personal Information of California residents and their rights with respect to that Personal Information. For purposes of this section, the term "Personal Information" has the meaning given in the California Consumer Privacy Act ("CCPA") but does not include information exempted from the scope of the CCPA.
Your California privacy rights
California residents have the rights listed below under the CCPA. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties with which we share Personal Information.
- The categories of Personal Information that we sold or disclosed for a business purpose, and for each category identified, the categories of third parties to whom the Personal Information was sold or disclosed.
Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
Deletion. You can ask us to delete the Personal Information that we have collected from you.
Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
Exercising your right to information, access and deletion
You may submit requests to exercise your right to information, access or deletion here or via email to legal@hatchet.run.
We will need to verify your identity to process your information, access and deletion requests and reserve the right to confirm your California residency. To verify your identity, we may require government identification, a declaration under penalty of perjury or other information. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
Your authorized agent may make a request on your behalf upon our verification of the agent's identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with confirmation that you have given the authorized agent permission to submit the request.
Personal information that we collect, use and disclose
The chart below summarizes the Personal Information we collect by reference to the categories of Personal Information specified in the CCPA (Cal. Civ. Code § 1798.140), and describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. The terms in the chart refer to the categories of information, sources, purposes and third parties described above in this Privacy Policy in more detail. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below. In addition to the disclosures described in the chart below, we disclose Personal Information as described in the How we share your personal information section above.
We do not sell your personal information and have not sold it during the 12 months preceding the effective date of this Privacy Policy.
Statutory category / Personal information we collect in this category | Source | Business/commercial purpose for collection | Categories of third parties to whom we disclose personal information for a business purpose |
---|---|---|---|
Identifiers (online) | You, Automatic collection | Platform operations, Infrastructure monitoring, Security & fraud prevention, Service delivery | Cloud infrastructure providers, Security service providers |
Identifiers (other) | You, Third party integrations | Account management, Service delivery, Billing & payments, Customer support | Payment processors, Cloud infrastructure providers, Customer support tools |
California Customer Records | You, Third party integrations | Platform administration, Customer support, Billing operations, Service optimization | Payment processors, Customer support platforms, Analytics providers |
Commercial Information | You, Automatic collection | Service optimization, Capacity planning, Usage-based billing, Product development | Analytics providers, Cloud infrastructure providers |
Internet or Network Information | Automatic collection | Service delivery, Performance optimization, Error debugging, Infrastructure scaling, Security monitoring | Cloud infrastructure providers, Monitoring services, Log aggregation services |
Inferences | N/A | Service optimization, Proactive support, Product recommendations, Infrastructure planning | Analytics providers, Customer success platforms |
Professional Information | You | Service customization, Technical support, Product development, Integration assistance | Customer support platforms, Technical integration partners |