Privacy Policy — Hureka AI
Last updated: 12 June 2026
Hureka AI (“Hureka”, “we”, “our”, “us”) is a customer-support automation platform operated by Hurekatek. We help organizations connect their support inbox, configure an AI assistant, and answer customer messages with a human in the loop. This Privacy Policy explains what information we collect, how we use, store, share, and delete it — including Google user data obtained through Google APIs — and the choices and rights you have. It applies to our website, web application, and related services (collectively, the “Service”).
1. Information we collect
a. Account & organization information
When you register, we collect your name, email address, and a securely hashed password (or your identity provider details if you sign in with a third party), along with your organization name, role, team membership, and billing/plan information.
b. Google user data
If you connect a Google account, you grant the scope https://www.googleapis.com/auth/gmail.modify plus openid, userinfo.email, and userinfo.profile. Using these, Hureka accesses:
- Gmail messages in the connected mailbox — sender/recipient/subject headers, plain-text and HTML message bodies, snippets, thread IDs, and Gmail labels — in order to read inbound customer support emails.
- The ability to send, reply to, label, and mark messages as read in that mailbox, in order to respond to customers and keep the inbox organized.
- Your Google account profile — email address, display name, and Google account identifier — solely to identify the connected mailbox.
We do not access Google Drive, Calendar, Contacts (People API), or any data outside the scopes listed above.
c. Customer & contact data you process
In the course of providing the Service, we process the content of the support conversations your organization handles — including the email addresses, names, and message content of the customers who contact you, and any information they include in their messages. Your organization is the controller of this data; Hureka processes it on your behalf to operate the Service.
d. Usage & technical data
We collect standard log and device information such as IP address, browser type, pages viewed, and timestamps, which we use for security, troubleshooting, and improving the Service.
e. Cookies
We use strictly necessary cookies to keep you signed in and to secure your session. We do not use advertising or cross-site tracking cookies.
2. How we use information
We use the information above to: provide and operate the Service (reading inbound emails, classifying their intent/topic/sentiment, drafting and — where you allow — sending replies, threading conversations, and organizing the mailbox with labels); authenticate you and secure your account; provide support; communicate service and account notices; comply with legal obligations; and maintain and improve the Service.
Hureka’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, we do not sell it, and we do not use it — or any customer data — to train generalized AI/ML models.
3. How we share information
We do not sell your personal information. We share it only with service providers (subprocessors) that help us run the Service, and only for the purposes described here:
- AI / LLM providers (e.g. Anthropic, OpenAI, Google, Groq) — the content of a message is transmitted to the provider your organization configures, for the sole purpose of generating a classification or response, under each provider’s enterprise/API terms (these providers do not train on data submitted via their APIs).
- Observability — if you enable it, prompts and responses may be logged to our self-hosted LangFuse instance for debugging and quality monitoring.
- Knowledge base — anonymized, PII-redacted exemplars may be added to your private knowledge base to improve your organization’s future responses.
- Infrastructure — cloud hosting, database, and storage providers that run our systems under confidentiality obligations.
- Legal & safety — where required by law, or to protect the rights, safety, and security of Hureka, our users, or the public; and in connection with a merger, acquisition, or sale of assets, subject to this Policy.
4. How we store and protect data
Data is stored in our PostgreSQL database. OAuth tokens and provider credentials are encrypted at rest using AES-256-GCM with per-organization keys. All data in transit is protected with TLS (HTTPS). Hureka is multi-tenant: every record is scoped to an organization and isolated using PostgreSQL Row-Level Security so one organization can never access another’s data. Access to production systems is restricted to authorized personnel. No method of transmission or storage is 100% secure, but we work to protect your information using industry-standard safeguards.
5. Data retention and deletion
We retain personal data and Google user data only as long as your account/organization remains active and the relevant integration is connected, or as needed to comply with legal obligations. You can revoke Hureka’s access to your Google account at any time from Google Account → Security → Third-party access, or by disconnecting the Gmail connection in Hureka. Deleting your organization permanently and irreversibly removes all associated messages, contacts, conversations, and credentials. To request access to, correction of, or deletion of your data, contact us at contact@hurekatek.com and we will action it within 30 days.
6. International data transfers
Your information may be processed in countries other than your own. Where we transfer personal data across borders, we use appropriate safeguards (such as standard contractual clauses) consistent with applicable law.
7. Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. Residents of the EEA/UK (GDPR) and California (CCPA/CPRA) have these rights and the right to be free from discrimination for exercising them. To make a request, email contact@hurekatek.com. If Hureka processes data on behalf of your organization, we will direct your request to that organization as the controller.
8. Children’s privacy
The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal information from children.
9. Third-party links
The Service may link to third-party sites or services that we do not control. Their privacy practices are governed by their own policies, and we encourage you to review them.
10. Changes to this Policy
We may update this Policy from time to time. We will revise the “Last updated” date above and, for material changes, provide additional notice within the Service or by email.
11. Contact us
If you have questions about this Policy or our data practices, contact us at contact@hurekatek.com (Hurekatek).