Privacy Policy

Last updated: April 9, 2026

1. Introduction

This Privacy Policy explains how Perlantir AI Studio collects, uses, and protects information in connection with the Hipp0 website and Cloud service. It does not apply to self-hosted deployments — you are the data controller for your own instance.

2. What We Collect

Account information: Name, email, password for Cloud accounts. Billing information: Processed by Stripe (we don't store card numbers). Project data: Decisions, agent configs, sessions, tags in Cloud. Usage data: API calls, compile counts, feature usage for metering and improvement. Error data: Crash reports via Sentry, retained 30 days. Log data: IP addresses, timestamps, request metadata, retained 90 days. GitHub data: PR titles, descriptions, labels, file paths from authorized repos. OAuth tokens encrypted at rest. BYOK keys: Encrypted at rest (AES-256), decrypted only in memory during use. Never logged or shared.

3. How We Use Information

To provide, maintain, and improve the service; process billing; meter usage; monitor health; send service communications; respond to support; generate anonymized analytics.

4. Community Insights

If enabled, decision data contributes to anonymized patterns. All identifiers stripped. Only statistical patterns aggregated. Disable at any time.

5. Data Sharing

We do not sell data. We share only with: service providers (Stripe, Sentry) under DPAs; AI providers only when you trigger AI features; as required by law; in business transfers with notification.

6. Data Retention

Account data: Deleted within 30 days of closure request. Project data: Until you delete it. Billing records: 7 years (legal requirement). Logs: 90 days. Error traces: 30 days.

7. Self-Hosted

Perlantir has no access to self-hosted data. This policy does not apply to self-hosted instances.

8. Cookies

Minimal: session auth only. Privacy-first analytics if any. No advertising cookies. No cross-site tracking.

9. Security

TLS 1.2+, encryption at rest for sensitive fields, HMAC-SHA256 webhooks, access controls, least privilege. Report vulnerabilities to: hello@hipp0.ai

10. Your Rights

Access, correct, delete, export your data. Opt out of Community Insights. Contact: hello@hipp0.ai. Iowa residents: ICDPA rights honored.

11. Children

Not directed at children under 13. No knowing collection. Contact us to delete.

12. Changes

Material changes: 30 days notice for Cloud users.

13. EU/EEA/UK Users (GDPR)

Data controller: Perlantir AI Studio, Iowa, USA. Lawful bases: Contract (account, billing), Legal obligation (billing), Legitimate interests (error monitoring, analytics), Consent (Community Insights, marketing). International transfers via EU-US DPF, SCCs, and adequacy decisions. Sub-processors: Stripe (payments, USA, SCCs/DPF), Sentry (errors, USA, SCCs), OpenAI/Anthropic (BYOK only, USA, SCCs), GitHub (optional, USA, SCCs). Full GDPR rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), withdraw consent. Response within 30 days. Right to lodge complaint with supervisory authority. UK: ICO at ico.org.uk.

14. Contact

Perlantir AI Studio, Iowa, USA. hello@hipp0.ai