Legal

Privacy Policy

Last updated: 29 May 2026

This notice explains, in plain language, how Hashorn handles personal information on hashorn.com. We try to collect only what we need to do business with you, and we name every third-party tool we rely on so you can verify it. If anything below is unclear or you want a record of the data we hold about you, write to sales@hashorn.net.

1. Definitions

"Hashorn," "we," "our," "us" refer to the Hashorn company that operates this website. "Personal data" means information that can identify a living person, directly or in combination with other information. "Sub-processor" means a third party we use to process personal data on our behalf (for example, our email provider). "You," "your" means anyone who visits the website or contacts us through it.

2. Who we are

Hashorn is an AI-augmented engineering studio. We pair senior engineers with AI workflows across software development, Quality Assurance, MLOps, and Security. We act as the data controller for any personal data you give us through this website.

3. What we collect

From the contact form at /contact, you give us:

  • Your name.
  • Your email address.
  • Your company (optional).
  • The topic of your enquiry (build, QA, security, dedicated team, or other).
  • The message you write.

From the chat assistant in the corner of the site, we process the messages you send to the bot. We do not ask for personal data inside the chat; please do not paste anything you do not want a third party to see. The conversation is sent to our AI inference provider, Groq, for processing, then to your browser. We keep the transcript only in your browser session (sessionStorage) and do not store it server-side.

Automatically when you visit the site, our hosting provider, Vercel, processes your IP address (for security and rate limiting) and standard request metadata: requested page, referrer, user-agent, and timestamp.

If analytics is enabled for the deployment, we use either Plausible Analytics (cookie-free, no personal data) or Google Analytics 4 (cookies, pseudonymous usage data). We do not buy data about you, we do not run advertising on this site, and we do not build behavioural profiles.

4. How we use it

  • To respond to enquiries received through the contact form, and to send you the auto-confirmation reply.
  • To answer your questions in the chat assistant and to suggest relevant pages or follow-ups.
  • To understand which pages and articles are useful, in aggregate.
  • To keep the site available and secure (rate limiting, blocking abusive traffic).
  • To meet our legal and tax record-keeping obligations.

Where the EU or UK GDPR applies, our legal bases are:

  • Performing a contract or taking steps at your request: handling your enquiry.
  • Legitimate interests: running and protecting the website and using aggregate analytics to improve it.
  • Consent: where a cookie banner is required by your jurisdiction.
  • Legal obligation: tax records and replying to lawful regulator requests.

6. Sub-processors and tools we rely on

We keep the list short, and every provider is contractually obliged to protect your data.

  • Vercel, hosting and edge requests.
  • Resend, transactional email for the contact form (the confirmation we send you and the alert that goes to our sales inbox).
  • Groq, the AI inference provider behind the chat assistant. Your chat messages are sent to Groq for inference.
  • Cal.com, meeting bookings, used only if you click "Book a call."
  • Plausible Analytics or Google Analytics 4, depending on the deployment configuration.
  • GitHub, source code hosting for the website.

We do not sell your personal data to anyone. We share it only with these sub-processors and only when needed to deliver the service you asked for, or where we are required to share by law.

7. Cookies and similar technologies

Right now this site does not set any first-party cookies. The contact form is rate-limited by IP, not by cookie. The chat widget stores its transcript in your browser's sessionStorage, which is local to your tab and clears when you close it. We treat this as equivalent to a strictly-necessary cookie: it is required for the feature you are using and we do not read it from any other site.

If we later enable analytics:

  • Plausible Analytics is cookie-free. Nothing changes for you.
  • Google Analytics 4 sets pseudonymous cookies (_ga, _ga_*) to count visits and pages. Where applicable law requires it (EU, UK, and several others), we will ask for your consent before loading GA4.

8. Data retention

  • Contact-form enquiries: kept for up to 24 months from your last interaction, then deleted, unless we need to keep them longer for tax or legal reasons.
  • Chat transcripts: kept only in your browser session and not stored server-side. Groq may retain individual inference requests per their own privacy notice.
  • Server logs: kept by our hosting provider for the period stated in their privacy policy (typically 30 days).
  • Analytics: aggregated and not personally identifying after the periods set by the analytics tool we use.

9. International data transfers

Some of our sub-processors store and process personal data outside your country (typically in the United States and the European Union). For personal data subject to the EU GDPR or UK GDPR we rely on the European Commission's Standard Contractual Clauses, the UK addendum, or equivalent transfer mechanisms. We do not transfer personal data to any country where appropriate safeguards are not in place.

10. Your rights

Depending on where you live (EU, UK, California, India, UAE, Australia, Canada, and others) you may have rights to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Ask us to delete data.
  • Restrict or object to certain processing.
  • Receive a copy in a portable format.
  • Withdraw consent where we relied on it.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these, write to sales@hashorn.net. We respond within 30 days, and faster when we can.

11. Security

We use Vercel's hardened infrastructure, Resend with SPF, DKIM, and DMARC on the sending domain, and our own contact-form rate limiting, honeypot, and PII-aware logging. The chat assistant runs on the server side; the Groq API key is never exposed to the browser. No system is perfectly secure; if you believe your data has been exposed, write to us at sales@hashorn.net immediately.

12. Children

This site is not directed to children under 16, and we do not knowingly collect personal data from them.

13. Changes to this notice

We may update this notice. The "Last updated" date at the top will change. Material changes will be flagged at the top of this page for at least 30 days.

14. Contact

Hashorn, attention: Privacy
Email: sales@hashorn.net

See also our Terms of Use and Refund and Cancellation Policy.