Privacy Policy

Last updated: 2026-05-08

This Privacy Policy describes how Hourdini ("we", "us", "our") collects, uses, and shares personal data when you use the service at hourdini.app, the hourdini CLI, and the MCP server at /api/mcp (together, the "Service").

For users in the European Economic Area, the United Kingdom, and Switzerland, Hourdini is the data controller for personal data about you (the account holder) and the data processor for personal data you put into the Service about your clients and projects. Your role for the latter is data controller; you are responsible for having a lawful basis to process that data.

1. What we collect

1.1 Information you give us

• Account details. Your email address and password (stored as a one way hash by our auth provider). Optionally a display name.
• Workspace data. Organization name, default currency, locale, and similar settings.
• Your Content. Clients, projects, time entries, invoices, notes, and any files you upload (e.g. invoice PDFs). This may include personal data about your clients (names, email addresses, billing addresses) that you have chosen to enter.
• Personal access tokens. Token names and the hashed token value. We never store the plaintext token after issuance.
• Support correspondence. Anything you send us by email or through a support form.

1.2 Information we collect automatically

• Authentication and session data. Cookies set by Supabase Auth to keep you signed in, plus an active organization cookie.
• Operational logs. Timestamps, IP address, user agent, the API endpoint or page hit, and the result. Used for security, abuse prevention, and debugging. Retained for up to 30 days unless tied to a security investigation.
• Error reports. When the Service errors, we send a stack trace and a small amount of context (URL, user ID, organization ID) to Sentry. We strip request bodies and known sensitive fields before sending.
• Audit log. Within the Service, we keep an audit log of write actions (who did what, from which surface: web, CLI, or MCP). This is shown to you under Activity and is retained for the life of the account.

1.3 Information from third parties

If you connect the Service through OAuth (where available) or sign in through a third party identity provider, we receive the basic profile information that provider shares with us under your authorization (typically email address and provider user ID).

2. How we use it

We use personal data to:

• Provide the Service (authenticate you, persist your data, render pages, generate invoices, send the emails you ask us to send).
• Operate the AI assistant features you trigger.
• Send you transactional notifications you have enabled (timer reminders, invoice events, budget thresholds).
• Keep the Service secure (rate limiting, abuse prevention, responding to security incidents).
• Comply with legal obligations.
• Communicate with you about the Service (service announcements, security notices). Marketing email, if and when we send any, will be opt in and separately controllable.

We do not sell your personal data. We do not use Your Content for advertising. We do not train AI models on Your Content (see section 4).

3. Sub-processors

We use the following sub-processors to operate the Service:

Confirm these regions match your actual deployment configuration before publishing. If you change providers or regions, update this list.

We require sub-processors to handle personal data under contractual obligations consistent with this Policy and applicable law (including Standard Contractual Clauses for international transfers where required).

4. AI processing

When you use an AI feature (the assistant, draft cover notes, time entry parsing from natural language), the prompt and the minimum context needed to answer the request are sent to our AI model provider (currently Anthropic). Under our contract with that provider, prompts and outputs are not retained for model training and are deleted from the provider's systems after the operational retention window required for abuse monitoring.

You can disable AI features for your account from Settings → Assistant. With AI disabled, no prompts leave the Service for model inference, but features that rely on AI will be unavailable.

5. Cookies

We use a small number of cookies, all strictly necessary or functional:

• Authentication cookies set by Supabase Auth to keep you signed in across requests.
• Active organization cookie to remember which workspace you last selected.
• Theme cookie (where applicable) to remember UI preferences.

We do not use advertising cookies or third party analytics cookies that profile you across sites.

6. Where data is stored

Your account data and Your Content are stored in the regions listed in section 3. International transfers (e.g. between EU and US providers) are covered by the safeguards described above.

7. Retention

• Active account. We retain Your Content for as long as your account is active.
• Account closure. On closure, we delete Your Content from production systems within 30 days. Encrypted backups are retained for up to 30 days after that, then expire automatically.
• Operational logs and error reports. Up to 30 days, unless required for a security investigation.
• Audit log. For the life of the account, then deleted with the account.
• Legal holds. We may retain specific records for longer if required by law (e.g. tax or accounting legislation that applies to invoicing data).

8. Your rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Delete your personal data.
• Export your personal data in a portable format.
• Restrict or object to certain processing.
• Withdraw consent where we rely on consent.
• Lodge a complaint with your local data protection authority.

You can exercise most of these rights yourself from Settings: edit your profile, export your data (CSV / JSON), or close your account. For anything you cannot do in app, email privacy@hourdini.app and we will respond within 30 days.

9. Security

We protect personal data with measures including: TLS in transit, encryption at rest at the database level, hashed passwords and PATs, row level security policies that scope reads and writes to the caller's organization, audit logging of write actions, and the principle of least privilege for our own staff. No system is perfect. If you discover a vulnerability, please report it to security@hourdini.app.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. International users

If you are accessing the Service from outside the country where our infrastructure is located, your information may be transferred to, stored, and processed in that country. By using the Service, you consent to such transfers, subject to the safeguards described above.

12. Changes to this policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top and, for material changes, notify you through the Service or by email at least 14 days before the change takes effect.

13. Contact

Privacy questions, rights requests, or complaints: privacy@hourdini.app.

Security disclosures: security@hourdini.app.

If our operating jurisdiction requires it, our registered business address and any appointed data protection representative will be listed here: [Address / DPO / EU representative].