hthr Privacy Policy

1. Introduction

2. Roles and Responsibilities for Data Processing

Customer Data

When customers use the hthr platform to communicate with leads, customers, or other contacts:

• Customer = Data Controller
• hthr = Data Processor

hthr processes this data solely to provide the Services and in accordance with the hthr Data Processing Addendum (DPA).

hthr Account Data

hthr may also act as a Data Controller for limited information related to:

• Customer account registration
• Billing and payment processing
• Platform usage analytics
• Support communications

3. Information We Collect

3.1 Account Information

When organizations register for the Services, we may collect:

• Name
• Email address
• Phone number
• Organization name
• Billing information
• Account credentials

3.2 Customer Personal Data

Customers may upload or connect personal data through integrations or communications systems. Examples include:

• First and last name
• Email address
• Phone number
• Calendar availability
• CRM or customer contact records
• Lead history and engagement metadata
• Communication content

This data is referred to as Customer Personal Data in the DPA. hthr processes this data only on behalf of the customer.

3.3 Communication Content

The Services may process communications between customers and their contacts, including:

• Phone call audio
• Call transcripts
• Emails
• SMS messages
• AI-generated summaries
• Call diagnostics
• Sentiment analysis

These features help customers analyze communication outcomes and manage customer interactions.

3.4 Training and Knowledge Base Data

Customers may upload materials used to train their AI agents, including:

• PDFs
• Documents
• Playbooks
• FAQs
• Internal documentation

These materials are isolated to the customer's account environment.

3.5 Connected Services and Integrations

Customers may connect third-party services including:

• Google Calendar
• Microsoft Outlook
• Calendly
• HubSpot
• Salesforce

hthr accesses data from these systems using secure OAuth authorization. hthr does not store third-party passwords.

4. How We Use Information

hthr uses personal data only for the following purposes:

To Provide the Services

Including:

• AI call handling
• Scheduling automation
• CRM interaction
• Communication analysis
• Platform functionality

To Maintain and Improve the Platform

Including:

• Debugging and diagnostics
• Service reliability improvements
• Product development and testing

Security and Fraud Prevention

Including:

• Protecting platform integrity
• Detecting abuse
• Preventing unauthorized access

Customer Support

Including:

• Responding to service inquiries
• Troubleshooting integrations

5. AI and Automated Processing

hthr uses machine learning and AI systems to process communications and generate outputs such as:

• Making phone calls
• Call summaries
• Sentiment analysis
• Scheduling recommendations
• Lead interaction diagnostics

These systems operate only within the scope of customer instructions and are designed to assist customer workflows.

6. Data Sharing and Disclosure

hthr does not sell or share personal data for advertising purposes.

We may disclose personal data only in the following circumstances:

Service Providers

hthr may engage trusted Subprocessors to support the Services. Examples may include providers of:

• Cloud infrastructure
• Communications processing
• Analytics
• Security monitoring

All subprocessors are contractually required to meet strict security and privacy obligations.

Voice-Based Scheduling Sub-Processor

To facilitate automated voice-based scheduling, hthr shares necessary Google Calendar availability data with our specialized voice-synthesis sub-processor, Retell AI. This partner is contractually prohibited from using your Google user data for any purpose other than providing the specific services requested by hthr, and is strictly prohibited from using your data to train their independent AI models.

A list of subprocessors is available with your hthr account at: https://www.hthr.ai/subprocessors

Legal Requirements

We may disclose information if required to:

• Comply with law
• Respond to legal process
• Protect rights or safety
• Investigate fraud or misuse

7. Data Security

hthr maintains technical and organizational safeguards designed to protect personal data, including:

• Encryption in transit and at rest
• Access controls
• Secure authentication systems
• Vulnerability management
• Network security monitoring
• Security incident response procedures

Our security practices align with recognized frameworks including:

• NIST
• ISO 27001
• CIS Controls

hthr infrastructure is designed to operate within SOC 2–aligned environments.

Use of Google API Services: hthr's use and transfer of information received from Google APIs to any other app will adhere to the Google API Service User Data Policy, including the Limited Use requirements. We only access your Google Calendar data to provide and improve the core scheduling functionality of the hthr platform (e.g., checking availability and booking appointments). We do not use this data for any other purpose, and we do not sell or share Google user data with third-party advertisers or data brokers.

8. Data Retention

hthr retains personal data only as long as necessary to:

• Provide the Services
• Comply with contractual obligations
• Satisfy legal requirements

Upon termination of the Services, hthr will delete or return Customer Personal Data in accordance with the applicable agreement and DPA unless retention is required by law.

Google Data Deletion: You may revoke hthr's access to your Google Calendar at any time via your Google Security Settings. hthr retains Google user data only for as long as your account remains active. To request the permanent deletion of your Google data from our systems, please contact legal@hthr.ai.

9. Data Subject Rights

Depending on applicable law, individuals may have rights including:

• Access to personal data
• Correction of inaccurate data
• Deletion of personal data
• Restriction of processing
• Portability
• Objection to processing

Because hthr typically acts as a processor, requests regarding Customer Personal Data should be directed to the customer organization that collected the data.

If hthr receives such a request directly, we will forward the request to the appropriate customer.

10. International Data Transfers

hthr may process personal data in the United States and other jurisdictions where our service providers operate.

Where required, hthr relies on appropriate transfer mechanisms including:

• EU Standard Contractual Clauses (SCCs)
• UK International Data Transfer Addendum
• Equivalent safeguards under applicable law

11. Compliance With Privacy Laws

hthr supports compliance with applicable data protection laws, including:

• GDPR
• UK GDPR
• Swiss FADP
• California Consumer Privacy Act (CCPA/CPRA)

hthr acts as a service provider / processor under these laws.

hthr does not:

• Sell personal information
• Share personal information for cross-context behavioral advertising
• Retain personal data for purposes outside the scope of the Services

12. Communications and Consent

Customers using the Services are responsible for ensuring they have the appropriate consent or lawful basis to communicate with their contacts.

Where required by law:

• Individuals must provide express written consent before receiving automated communications.
• Recipients may opt out at any time.

Example opt-out methods may include:

• Telling the AI agent you wish to opt out, or no longer wish to be contacted
• Contacting the relevant organization
• Emailing legal@hthr.ai

hthr maintains records necessary to support compliance with applicable communications laws.

13. Changes to This Policy

hthr may update this Privacy Policy from time to time to reflect:

• Legal changes
• Operational changes
• Improvements to the Services

Updates will be posted on our website with a revised "Last Updated" date.

14. Contact Information

If you have questions about this Privacy Policy or hthr's privacy practices, please contact: