1. Introduction

This Privacy Policy explains how huumaan ("we", "us", or "our") collects, uses, and protects information about you when you use our website, platform, and AI agent services (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this policy. We are committed to handling your personal data responsibly and in compliance with applicable data protection laws, including the UK GDPR, EU GDPR, and the California Consumer Privacy Act (CCPA). This policy applies to all users of the huumaan platform, including account holders, team members, and end customers whose data is processed through our agents.

2. Information We Collect

We collect several categories of information to provide and improve the Service. Account data includes your name, email address, billing information, and organisational details provided during registration. Usage data includes records of how you interact with the platform — agent configurations, message volumes, feature usage, and dashboard activity. Communications data includes the content of messages sent or received through our AI agents, which may include information about your customers. Technical data includes IP addresses, browser type, device identifiers, and access logs collected automatically when you use our services. We collect only what we need to operate and improve the Service, and we are transparent about how each category is used.

3. How We Use Your Information

We use your information for four primary purposes. First, service delivery: to operate our AI agents, process messages, provide the dashboard, and maintain your account. Second, service improvement: to train and refine our agent models using anonymised and aggregated interaction data, improve response quality, and develop new features. Third, security: to detect fraud, abuse, and unauthorised access, and to protect the integrity of the platform. Fourth, communications: to send transactional emails, product updates, and — where you have consented — marketing communications. We do not use your data for any purpose incompatible with these stated purposes without first obtaining your consent.

4. Data Sharing

We do not sell your personal data to any third party, and we never will. We share data only with sub-processors who help us deliver the Service — including cloud infrastructure providers (AWS, Google Cloud), analytics platforms, and email delivery services — each of whom is bound by a Data Processing Agreement (DPA) that restricts their use of data to the services they provide to us. We may also disclose data when required by law, court order, or regulatory authority. All sub-processors are vetted for compliance with applicable data protection standards, and a full list is available upon request.

5. Data Retention

We retain your personal data for as long as your account is active and for 90 days after account closure, during which time you may request a data export or deletion. Certain data may be retained for longer periods where required by applicable law or regulatory obligations — for example, billing records may be retained for up to seven years for tax compliance purposes. Anonymised and aggregated data used for model improvement may be retained indefinitely, as it cannot be used to identify any individual. You may request deletion of your personal data at any time by contacting us at privacy@huumaan.ai.

6. Your Rights

Depending on your jurisdiction, you may have a number of rights in relation to your personal data. These include: the right to access the data we hold about you; the right to correct inaccurate data; the right to request deletion of your data; the right to data portability (receiving your data in a machine-readable format); and the right to object to or restrict certain types of processing. If you are in the EU or UK, you also have the right to lodge a complaint with your local supervisory authority. California residents have additional rights under the CCPA, including the right to know, delete, and opt out of the sale of personal information. To exercise any of these rights, please contact privacy@huumaan.ai.

7. Security

We take security seriously and implement technical and organisational measures designed to protect your data against unauthorised access, loss, or disclosure. huumaan maintains SOC 2 Type II certification, and all data is encrypted both at rest (AES-256) and in transit (TLS 1.2+). Access to production systems is restricted to authorised personnel and governed by least-privilege principles, multi-factor authentication, and regular access reviews. We conduct regular penetration testing and vulnerability assessments. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.

8. Cookies

We use cookies and similar technologies to operate the Service and improve your experience. Functional cookies are strictly necessary for the platform to work — including session management and security features. Analytics cookies (where consented) help us understand how users interact with our platform so we can improve it. Preference cookies remember your settings and configurations across sessions. We do not use marketing or advertising cookies for third-party ad targeting. You can manage your cookie preferences at any time through our cookie banner or browser settings. For more detail, please see our Cookie Policy.

9. Contact

If you have any questions about this Privacy Policy, want to exercise your data rights, or have a concern about how we handle your personal data, please contact our privacy team at privacy@huumaan.ai. We will respond to all requests within 30 days. If you are not satisfied with our response, you have the right to escalate your complaint to the relevant supervisory authority in your jurisdiction.