Privacy Policy

We collect information you provide directly: your email address when you create an account, project data you input (prompts, task descriptions, board content), and payment information processed securely through Stripe.

We automatically collect usage data including pages visited, features used, timestamps, browser type, and device information. We use cookies and similar technologies to maintain your session and remember preferences.

We do not collect biometric data, precise geolocation, or information from third-party sources beyond what is necessary for authentication (e.g., OAuth providers you choose to connect).

Your project data is used solely to provide the Hilla service — generating plans, managing boards, executing tasks, and syncing with connected tools via MCP.

We use usage data to improve the service, fix bugs, and understand which features are valuable. We do not sell your data to third parties. We do not use your project content to train AI models.

We may send you transactional emails (account confirmations, billing receipts) and, with your consent, product updates. You can unsubscribe from non-essential emails at any time.

When you use AI features (plan generation, task suggestions, task execution), your prompts and project context are sent to third-party AI providers (currently Anthropic) to generate responses. These providers process your data according to their own privacy policies and do not use your data for model training.

AI-generated content (plans, tasks, suggestions) is stored in your account and treated with the same protections as any other project data.

We share data only with service providers necessary to operate Hilla: Stripe for payments, Anthropic for AI processing, Vercel for hosting, and analytics tools for usage metrics.

We may disclose information if required by law, to protect our rights, or to prevent fraud or security issues. If Hilla is acquired or merged, your data may be transferred to the successor entity with notice.

When you use collaboration features, project data is shared with team members you explicitly invite. You control who has access to your boards.

Your project data is retained as long as your account is active. When you delete a project, its data is removed from our active systems within 30 days and from backups within 90 days.

You can request full account deletion by emailing hello@hilla.ai. We will delete all your data within 30 days of the request, except where retention is required by law (e.g., billing records).

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use secure authentication, rate limiting, and regular security audits. Access to production data is restricted and logged.

Despite our efforts, no system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours.

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your data. You may also object to processing or request restriction. To exercise these rights, contact hello@hilla.ai.

California residents have additional rights under the CCPA. EU/EEA residents have rights under the GDPR. We honor all applicable data protection regulations.

We may update this policy from time to time. Material changes will be communicated via email or a notice in the app. Continued use after changes constitutes acceptance.

For privacy questions or data requests, email hello@hilla.ai.