Last Updated: January 23, 2026
1. Introduction
Hiwosy ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our semantic deduplication API and related services.
We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) for California residents, and other applicable data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
Ljubisa Kovacevic
Hiwosy
Email: contact@hiwosy.com
Website: www.hiwosy.com
3. Data We Collect
3.1 Data You Provide
| Data Type | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Email address | Account creation, communication | Contract performance |
| API key | Authentication, usage tracking | Contract performance |
| Query text | Deduplication analysis | Contract performance |
| Payment information | Billing (paid plans only) | Contract performance |
3.2 Data We Automatically Collect
- Usage data: API call counts, timestamps, response times
- Technical data: IP address (anonymized after 24 hours), user agent, error logs
- Analytics: Aggregated usage patterns (no individual tracking)
3.3 Data We Do NOT Collect
- We do NOT store the full content of your queries after processing
- We do NOT sell your data to third parties
- We do NOT use your data for advertising
- We do NOT share data with AI training services
Query Processing (Important)
When you send a query to our API, we process it in real-time to perform semantic deduplication. We only store:
- A semantic hash/fingerprint (not the original text)
- Word IDs for pattern matching
- Aggregated statistics
We do NOT store: The original query text, customer names, email content, or any personally identifiable information from ticket content.
4. How We Use Your Data
- Provide and maintain our deduplication service
- Process your API requests
- Monitor usage for billing purposes
- Improve our algorithms (using anonymized, aggregated data only)
- Send service-related communications
- Respond to support requests
- Comply with legal obligations
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| API usage logs | 90 days |
| Semantic hashes | Duration of subscription + 30 days |
| Billing records | 7 years (legal requirement) |
| Support tickets | 2 years after resolution |
6. Your Rights Under GDPR
If you are in the EEA, you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, email us at contact@hiwosy.com. We will respond within 30 days.
7. Your Rights Under CCPA
If you are a California resident, you have the right to:
- Know what personal information we collect
- Request deletion of your personal information
- Opt-out of the sale of personal information (we do NOT sell data)
- Non-discrimination for exercising your rights
8. Data Security
We implement industry-standard security measures:
- Encryption: TLS 1.3 for all data in transit
- Storage: AES-256 encryption for data at rest
- API Keys: SHA-256 hashed, never stored in plain text
- Access Control: Role-based access, audit logging
- Infrastructure: SOC 2 compliant cloud providers
- Monitoring: 24/7 security monitoring and intrusion detection
9. Data Location & Transfers
Our servers are located in:
- Primary: United States (Railway.app infrastructure)
- Backup: European Union (available for EU customers on request)
For transfers outside the EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission.
10. Third-Party Services
We use the following third-party services that may process data:
| Service | Purpose | Data Shared |
|---|---|---|
| Railway.app | Hosting infrastructure | API requests (processed, not stored) |
| Stripe | Payment processing | Billing information only |
| Freshworks | Marketplace integration | App installation data |
11. Cookies
Our API does not use cookies. Our website uses only essential cookies for functionality (no tracking cookies).
12. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect data from children.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website at least 30 days before the changes take effect.
14. Data Processing Agreement (DPA)
For enterprise customers requiring a formal Data Processing Agreement for GDPR compliance, please contact us at contact@hiwosy.com.
Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Email: contact@hiwosy.com
Website: www.hiwosy.com
Response Time: Within 2 business days
You also have the right to lodge a complaint with your local data protection authority.