Privacy Policy

Hatch

Effective Date: 6 May 2026 Last Updated: 6 May 2026

This Privacy Policy explains how Hatch LLC ("Hatch", "we", "us", "our") collects, uses, shares, and protects personal data when you visit https://www.hatchai.tech or use our learning and training platform (the "Service").

This Policy applies to: (a) visitors to our website, (b) people who book a demo or otherwise contact us, (c) administrators, HR personnel, role managers, and workers ("End Users") who access the Service through their employer's account, and (d) anyone whose personal data appears in materials uploaded to the Service by an organizational customer.

If you have any questions, contact us at hatch.officiall@gmail.com.

1. Quick summary

  • We provide a B2B Software-as-a-Service product. Your employer, not you personally, is usually our customer.
  • For most data we hold about you as an End User, your employer is the data controller and we are the data processor acting on their instructions. Direct your access, deletion, or correction requests to your employer first; we will assist them.
  • For data you give us directly (demo bookings, support emails, marketing sign-ups, your account credentials), we are the data controller.
  • We use third-party AI services (OpenAI, ElevenLabs) and infrastructure providers (AWS, Railway) to deliver the Service. Some of these providers are based in the United States. We rely on standard contractual safeguards for these transfers.
  • We do not sell your personal data. We do not use your data, or your employer's documents, to train AI models.

2. Who is the controller?

When the relationship is direct (you contact us, book a demo, sign up for a newsletter, or are an administrator at a paying customer), Hatch LLC is the controller.

When you are a worker, manager, or HR user accessing the Service through your employer, your employer is the controller of your account data, your activity data, the documents they upload, and the learning materials and quiz results generated for you. We process that data only on their documented instructions, as set out in our Data Processing Agreement with them.

3. What personal data we collect

From website visitors and demo bookers:

  • Name, business email, organization name, phone number (if provided)
  • Time of demo booking
  • Information you choose to include in messages to us
  • Technical information (IP address, browser type, pages visited, approximate location based on IP)

From End Users (collected on behalf of your employer):

  • Account information: first name, last name, email, role designation (worker / manager / HR), profile photo, encrypted password
  • Your interactions with the Service: chapters viewed, articles read, podcasts played, language preference
  • Quiz activity: questions attempted, answers given, scores, time taken, pass/fail status
  • Chatbot conversations
  • Authentication and security logs (login times, IP address)

From content uploaded by customer organizations:

  • The contents of documents your employer uploads (which may contain text about employees, customers, products, processes, etc.)
  • Embeddings (mathematical representations) generated from those documents to power our retrieval-augmented chatbot

Generated by the Service:

  • AI-generated learning materials (articles, quizzes, podcast scripts) derived from uploaded documents
  • Translations of those materials

4. Why we use your data and on what legal basis

PurposeCategories of dataLegal basis
Operating the Service for our customer (account creation, document processing, content generation, quizzes, chatbot, analytics)All End-User data and uploaded contentPerformance of contract with the customer organization (the customer relies on its own legal basis with respect to the End User)
Authentication and securityEmail, password hash, session tokens, IP, login logsLegitimate interest in securing the Service; legal obligation
Responding to your messages and support requestsContact information, content of your messageLegitimate interest; performance of contract
Demo bookingsName, email, organization, phonePre-contractual measures at your request
Direct marketing to organizational contactsBusiness email, name, organizationConsent (where required); legitimate interest in B2B outreach (where allowed)
Service improvement, debugging, capacity planningTechnical logs, aggregated usage dataLegitimate interest
Compliance with legal obligations (tax, accounting, regulator requests)Billing data, account dataLegal obligation
Defending or asserting legal claimsWhatever is relevantLegitimate interest

5. Automated processing and AI

We use automated systems, including third-party AI services, to:

  • Extract text from uploaded documents
  • Generate summaries, learning articles, quizzes, and podcast scripts
  • Translate content
  • Answer chatbot questions using a retrieval-augmented system that searches your employer's uploaded documents
  • Produce text-to-speech audio for podcast playback

We do not use these automated systems to make decisions that produce legal or similarly significant effects on End Users. Quiz analytics are intended for measuring learning outcomes; they are not designed for, and our contract with your employer prohibits using them as the sole or primary basis for, employment decisions such as hiring, promotion, termination, or compensation.

You can find more detail about the AI systems we use, including transparency information required under emerging AI regulation, on our AI Transparency Notice.

6. Who we share data with

Service providers we use to operate the Service ("sub-processors"):

A current list of every third party that processes personal data on our behalf is published at https://www.hatchai.tech/sub-processors. The list includes our cloud infrastructure provider, our AI providers (for content generation and the chatbot), our text-to-speech provider, our email provider, and others. We have a written agreement with each of them imposing appropriate confidentiality and data-protection obligations.

Other recipients:

  • Professional advisers (lawyers, accountants, auditors) under confidentiality
  • Authorities or courts where required by law
  • An acquirer or successor in the event of a merger, acquisition, or sale of assets, subject to confidentiality

We do not sell your personal data, and we do not share it for cross-context behavioral advertising.

We do not use your personal data, your employer's uploaded documents, or generated content to train our own AI models or those of our sub-processors. Where our AI providers offer training-data opt-outs, we use them.

7. International data transfers

We are based in Georgia. Some of our sub-processors are located outside Georgia and the European Economic Area, including in the United States. Where we transfer personal data internationally, we put one or more of the following in place:

  • Standard Contractual Clauses approved by the European Commission, supplemented as needed for transfers from Georgia
  • The EU–US Data Privacy Framework (where the recipient is certified)
  • Other transfer mechanisms recognized under applicable law

You may request a copy of the safeguards in place for any specific transfer by writing to hatch.officiall@gmail.com.

8. How long we keep data

We keep personal data only as long as needed:

  • Demo bookings and unsuccessful sales contacts: up to 24 months from last contact, unless you ask us to delete sooner
  • Customer account and End-User data: for the duration of the customer's contract, plus up to 90 days after termination for return or deletion
  • Uploaded documents and embeddings: for the duration of the customer's contract, plus up to 30 days for deletion
  • Quiz results and analytics: as instructed by the customer; default of duration of contract plus 12 months
  • Audit and security logs: up to 12 months
  • Billing and tax records: as required by applicable accounting/tax law (typically 5–7 years)
  • Marketing data: until you unsubscribe, plus a short period to honor your unsubscribe request

After these periods we delete or irreversibly anonymize the data.

9. Your rights

Depending on where you are located and the legal basis for our processing, you have the following rights:

  • Access — get a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure ("right to be forgotten") — request deletion in certain circumstances
  • Restriction — limit how we use your data
  • Objection — object to processing based on legitimate interest, including direct marketing
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent — where we rely on consent, withdraw it at any time without affecting prior processing
  • Not be subject to a decision based solely on automated processing — see Section 5; we do not make such decisions, but you can ask
  • Lodge a complaint with a data protection authority (in Georgia, the Personal Data Protection Service at pdps.ge; in the EU/EEA, your local supervisory authority)

To exercise any of these rights, email hatch.officiall@gmail.com. If your relationship is through your employer, please contact your employer's HR or admin first; we will support them.

We will respond within 30 days. We may verify your identity before fulfilling a request.

10. Security

We use industry-standard measures including:

  • Passwords hashed with bcrypt
  • Encryption in transit (TLS) for all data
  • Encryption at rest for stored documents and database backups
  • Role-based access control inside the Service
  • JWT-based authentication
  • Secure secrets management
  • Logging and monitoring of administrative access
  • Annual review of our security posture

No system is perfectly secure. If we become aware of a security incident affecting your personal data, we will notify the relevant data controller and authorities as required by law (and, where applicable, you directly).

11. Children

The Service is intended for working adults aged 18 and over. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this Policy

We may update this Policy from time to time. The "Last Updated" date at the top reflects the most recent change. Material changes will be highlighted on our website or sent to your registered email address.

13. Contact

Hatch LLC Georgia, Kareli district, administrative unit Agara, plot 994. Privacy contact: hatch.officiall@gmail.com. Data Protection Officer: Not appointed; primary privacy contact below (hatch.officiall@gmail.com)