HasteKit
Get Started
Legal

Privacy Policy

Effective date: May 23, 2026 · Last updated: May 23, 2026

HasteKit ("HasteKit", "we", "us", or "our") provides an AI agent platform that lets users build, run, and observe AI agents and connect those agents to third-party services such as Google Workspace, Slack, Jira, and GitHub. This Privacy Policy explains what information we collect when you use the HasteKit website at hastekit.ai, the HasteKit application at app.hastekit.ai, and our APIs and SDKs (collectively, the "Services"), how we use that information, and the choices you have.

1. Information We Collect

1.1 Information you give us

  • Account information. Name, email address, organization name, and any credentials you provide when signing up or signing in (e.g. via Google Sign-In).
  • Configuration data. Agent configurations, prompts, knowledge-base documents, skills, workflow definitions, scheduled triggers, connector setups, and other content you upload or create on the Services.
  • Provider credentials. API keys for third-party LLM providers (OpenAI, Anthropic, Gemini, xAI, Bedrock, etc.) and OAuth tokens for connected accounts. These are stored encrypted at rest.
  • Communications. Messages you send our support team, feedback, and anything you choose to share with us.

1.2 Information from connected services (including Google)

When you connect a third-party account (such as Gmail, Google Calendar, Slack, Jira, or GitHub) through our Connectors feature, we receive data from that service only to perform the action your agent requests. The specific data depends on the connector and the scopes you grant. For example:

  • Gmail — message metadata, headers, bodies, attachments, and labels for messages your agent reads, sends, or modifies on your behalf.
  • Google Calendar — calendar lists, events, attendees, and free/busy information when your agent reads or modifies events on your behalf.
  • Slack, Jira, GitHub, and other connectors — equivalent workspace/issue/repository data scoped to the actions you authorize.

We do not collect data from connected services beyond what is necessary to execute the actions you or your agent request.

1.3 Information collected automatically

  • Usage data. IP address, browser type, device information, pages visited, referrer URLs, and timestamps.
  • Telemetry. OpenTelemetry spans we generate for every gateway call, agent run, tool invocation, and workflow node — including model, provider, latency, token counts, cost, and trace identifiers. Telemetry powers the observability features visible in your dashboard.
  • Cookies. Session cookies for authentication and a small number of functional cookies. We do not use advertising or cross-site tracking cookies.

2. How We Use Information

We use the information we collect to:

  • provide, operate, and maintain the Services;
  • execute the actions your agents perform on connected services on your behalf;
  • generate observability traces, cost reports, and dashboards for your own use;
  • communicate with you about your account, billing, security, and product updates;
  • monitor and protect the Services against fraud, abuse, and security threats;
  • comply with applicable legal obligations.

3. Google API Services User Data — Limited Use

HasteKit's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data obtained through Google APIs is:

  • Used only to provide or improve user-facing features that are prominent in the requesting app's user interface;
  • Not used for serving advertisements;
  • Not sold to third parties;
  • Not transferred to others except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets (in which case the receiving party must agree to honor this policy);
  • Not used or transferred to determine credit-worthiness or for lending purposes;
  • Not read by humans unless we have your explicit consent to read specific messages, we do so for security purposes such as investigating abuse, to comply with applicable law, or for internal operations (and even then only when the data has been aggregated and anonymized);
  • Not used to develop, improve, or train generalized AI and/or machine learning models. Your Google user data is sent to the third-party LLM provider you have chosen (e.g. OpenAI, Anthropic) only to fulfill your agent's task in real time; we do not retain or use it to train HasteKit's own models, and we do not provide it to LLM providers in any form that permits them to train on your data, where the provider offers such a setting.

4. How We Share Information

We share information only as follows:

  • LLM providers. When you or your agent invoke an LLM via the HasteKit Gateway, the prompt (including any context such as Google API content) is sent to the provider you selected, solely for the purpose of generating that response.
  • Connected services. When your agent performs an action on a connected service (e.g. send a Gmail message), we transmit the necessary payload to that service via its API.
  • Service providers. Cloud hosting, database, observability, and payment processors that we use to operate the Services. Each is bound by a written agreement requiring confidentiality and use limited to providing services to us.
  • Legal. When required by law, court order, or to protect rights, property, or safety.
  • Business transfers. In connection with a merger, acquisition, or sale of assets, subject to the surviving entity continuing to honor this policy.

We do not sell personal information or data obtained from Google APIs.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. Specifically:

  • Account and configuration data are retained for the life of your account.
  • Trace and telemetry data are retained for a rolling window (typically 30–90 days) unless you configure a longer retention period.
  • Connector tokens are retained until you revoke them or delete the connection. We refresh OAuth tokens automatically as needed to keep connections live.
  • When you delete your account or a specific resource, we delete the corresponding data from our active systems within 30 days. Backups containing the data are overwritten on our standard backup rotation.

6. Your Choices and Rights

You can, at any time:

  • access, correct, or export your account and configuration data from within the HasteKit application;
  • disconnect or delete a connector connection, which revokes the corresponding OAuth tokens we hold;
  • delete individual resources (agents, knowledge bases, workflows, traces) from the application;
  • delete your entire account by contacting us at the address below.

Depending on your jurisdiction (e.g. India, EEA, UK, California), you may have additional rights including access, correction, deletion, restriction, portability, and the right to lodge a complaint with a supervisory authority. Indian users (Data Principals under the Digital Personal Data Protection Act, 2023) may exercise the rights granted by that Act, including the right to access, correction, erasure, grievance redressal, and the right to nominate another person to exercise these rights in the event of death or incapacity. To exercise any of these rights, contact us.

7. Security

We use industry-standard administrative, technical, and physical safeguards to protect your data, including TLS in transit, encryption at rest for credentials and connector tokens, scoped access controls, and ongoing security monitoring. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. International Data Transfers

HasteKit operates from India. If you access the Services from outside India, your information will be transferred to, stored, and processed in India and in other countries where we or our service providers operate. Where personal data of users in the European Economic Area, the United Kingdom, or other jurisdictions with cross-border transfer restrictions is transferred to India, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) as required by applicable law.

9. Children's Privacy

The Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them. If you believe we have, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you (e.g. by email or an in-app notice) and update the effective date above. Your continued use of the Services after the change becomes effective constitutes acceptance of the updated policy.

11. Contact

Questions, requests, or complaints about this Privacy Policy or our data practices:
Email: privacy@hastekit.ai