Privacy Policy

1. Information We Collect

We collect information you provide directly and information generated by your use of the platform:

• Account information: name, email address, company name, job title, and password when you register.
• Usage data: pages visited, features used, query count, session duration, and interaction logs.
• AI query content: the questions you submit to the AI Advisor and Crane Diagnostic tools.
• Payment information: processed securely via Stripe — we do not store card numbers directly.
• Technical data: IP address, browser type, device type, operating system, and referral source.

2. How We Use Your Information

We use your information to:

• Provide, operate, and improve the HydroMind.AI platform and its features.
• Process payments and manage your subscription.
• Send transactional emails (account confirmation, password reset, billing receipts).
• Analyse usage patterns to improve AI accuracy and platform performance.
• Communicate product updates and new features (you can unsubscribe at any time).
• Comply with legal obligations and enforce our Terms of Service.

3. AI Queries & Conversation Data

Questions you submit to our AI Advisor are processed by our backend infrastructure and forwarded to large language model APIs (currently Anthropic Claude). The following applies:

• Your queries are transmitted over encrypted connections (TLS 1.3).
• We retain conversation history for session continuity (up to 10 turns in context). Full conversation logs are stored for up to 90 days for debugging and quality purposes.
• Queries are not used to train or fine-tune the underlying language model without your explicit consent.
• Sensitive operational data (pressure readings, fault codes you share) is treated as confidential and not shared externally.

For Enterprise customers, conversation data can be excluded from retention logs by default — contact your account manager.

4. Cookies & Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential cookies: required for authentication, session management, and security. Cannot be disabled.
• Analytics cookies: we use privacy-friendly analytics (no cross-site tracking) to understand how users navigate the platform. You can opt out.
• Preference cookies: store your unit preferences (metric/imperial), selected crane context, and UI settings.

We do not use third-party advertising cookies or tracking pixels.

5. Third-Party Services

We use the following third-party services to operate the platform:

• Anthropic (Claude API): processes AI query content. Subject to Anthropic's privacy policy and data processing agreement.
• Stripe: payment processing. Card data is processed and stored by Stripe under PCI-DSS compliance.
• Render: backend hosting. Data is stored in EU/US regions depending on your account location.
• Cloudflare: CDN and DDoS protection. Processes IP addresses and request metadata.

All third-party processors are bound by data processing agreements that restrict use of your data to the purposes we specify.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services:

• Account data: retained for the life of your account plus 30 days after deletion.
• Conversation logs: 90 days rolling retention (Enterprise: configurable).
• Payment records: 7 years for tax and financial compliance purposes.
• Usage analytics: aggregated and anonymised after 12 months.

You may request deletion of your account and associated data at any time — see Section 7.

7. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your account and personal data ("right to be forgotten").
• Portability: receive your data in a machine-readable format.
• Objection: object to processing of your data for marketing purposes.
• Restriction: request restriction of processing in certain circumstances.

To exercise any of these rights, email support@hydromindai.com. We will respond within 30 days. For GDPR requests, we respond within 72 hours for urgent matters.

8. Data Security

We implement industry-standard security measures to protect your data:

• All data transmitted to and from HydroMind.AI is encrypted using TLS 1.3.
• Passwords are hashed using bcrypt with per-user salts — we never store plaintext passwords.
• API keys and secrets are stored in encrypted environment variables, never in source code.
• Access to production databases is restricted to authorised personnel with audit logging.
• We perform regular security reviews and dependency audits.

In the event of a data breach affecting your personal information, we will notify you within 72 hours as required by applicable law.

9. Children's Privacy

HydroMind.AI is a professional engineering platform intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, please contact us at support@hydromindai.com and we will delete it promptly.

10. Contact Us

For privacy-related enquiries, data requests, or to report a concern:

We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes at least 14 days before they take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.