Privacy Policy — Hureka AI

Last updated: 12 June 2026

Hureka AI (“Hureka”, “we”, “our”, “us”) is a customer-support automation platform operated by Hurekatek. We help organizations connect their support inbox, configure an AI assistant, and answer customer messages with a human in the loop. This Privacy Policy explains what information we collect, how we use, store, share, and delete it — including Google user data obtained through Google APIs — and the choices and rights you have. It applies to our website, web application, and related services (collectively, the “Service”).

1. Information we collect

a. Account & organization information

When you register, we collect your name, email address, and a securely hashed password (or your identity provider details if you sign in with a third party), along with your organization name, role, team membership, and billing/plan information.

b. Google user data

If you connect a Google account, you grant the scope https://www.googleapis.com/auth/gmail.modify plus openid, userinfo.email, and userinfo.profile. Using these, Hureka accesses:

We do not access Google Drive, Calendar, Contacts (People API), or any data outside the scopes listed above.

c. Customer & contact data you process

In the course of providing the Service, we process the content of the support conversations your organization handles — including the email addresses, names, and message content of the customers who contact you, and any information they include in their messages. Your organization is the controller of this data; Hureka processes it on your behalf to operate the Service.

d. Usage & technical data

We collect standard log and device information such as IP address, browser type, pages viewed, and timestamps, which we use for security, troubleshooting, and improving the Service.

e. Cookies

We use strictly necessary cookies to keep you signed in and to secure your session. We do not use advertising or cross-site tracking cookies.

2. How we use information

We use the information above to: provide and operate the Service (reading inbound emails, classifying their intent/topic/sentiment, drafting and — where you allow — sending replies, threading conversations, and organizing the mailbox with labels); authenticate you and secure your account; provide support; communicate service and account notices; comply with legal obligations; and maintain and improve the Service.

Hureka’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, we do not sell it, and we do not use it — or any customer data — to train generalized AI/ML models.

3. How we share information

We do not sell your personal information. We share it only with service providers (subprocessors) that help us run the Service, and only for the purposes described here:

4. How we store and protect data

Data is stored in our PostgreSQL database. OAuth tokens and provider credentials are encrypted at rest using AES-256-GCM with per-organization keys. All data in transit is protected with TLS (HTTPS). Hureka is multi-tenant: every record is scoped to an organization and isolated using PostgreSQL Row-Level Security so one organization can never access another’s data. Access to production systems is restricted to authorized personnel. No method of transmission or storage is 100% secure, but we work to protect your information using industry-standard safeguards.

5. Data retention and deletion

We retain personal data and Google user data only as long as your account/organization remains active and the relevant integration is connected, or as needed to comply with legal obligations. You can revoke Hureka’s access to your Google account at any time from Google Account → Security → Third-party access, or by disconnecting the Gmail connection in Hureka. Deleting your organization permanently and irreversibly removes all associated messages, contacts, conversations, and credentials. To request access to, correction of, or deletion of your data, contact us at contact@hurekatek.com and we will action it within 30 days.

6. International data transfers

Your information may be processed in countries other than your own. Where we transfer personal data across borders, we use appropriate safeguards (such as standard contractual clauses) consistent with applicable law.

7. Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. Residents of the EEA/UK (GDPR) and California (CCPA/CPRA) have these rights and the right to be free from discrimination for exercising them. To make a request, email contact@hurekatek.com. If Hureka processes data on behalf of your organization, we will direct your request to that organization as the controller.

8. Children’s privacy

The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal information from children.

9. Third-party links

The Service may link to third-party sites or services that we do not control. Their privacy practices are governed by their own policies, and we encourage you to review them.

10. Changes to this Policy

We may update this Policy from time to time. We will revise the “Last updated” date above and, for material changes, provide additional notice within the Service or by email.

11. Contact us

If you have questions about this Policy or our data practices, contact us at contact@hurekatek.com (Hurekatek).