Accelerated by Canopy

Legal

Privacy Policy

Effective date: April 16, 2026

Overview

Hintas, Inc. (“Hintas,” “we,” “us,” or “our”) operates the Hintas platform — workflow-first MCP infrastructure for AI agents. This policy describes what data we collect, how we use it, and your rights regarding that data.

Hintas is intended for use by individuals who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we become aware that we have done so, we will delete that information immediately.

Information We Collect

Account and identity data

When you create an account, we collect your name and email address. If you sign in with Google, we receive the profile information Google provides (name, email, profile photo). We do not receive or store your Google password.

Team and organization data

We collect the team names, member email addresses, and role assignments you create within the platform.

Customer-provided content

To operate the service, we process the OpenAPI specifications, runbooks, Cypress/Playwright test suites, and other workflow documentation you upload. This content is used to extract, validate, and deploy your workflow knowledge as an MCP server.

Third-party API credentials

Hintas stores the third-party API credentials you configure for workflow execution. These credentials are encrypted at rest using vault-level encryption and stored in a dedicated secrets manager. They are accessible only to the execution layer at runtime and are never exposed to Hintas personnel.

Usage and telemetry data

We collect logs of tool calls made to your MCP server (workflow IDs invoked, timestamps, success/failure status, and error types). We do not log the payload contents of your agent’s requests or any customer end-user data passing through your workflows.

Billing data

Payment and card information is processed by Stripe. We store only a token reference and your billing plan details — we never hold raw card numbers.

Technical data

We collect standard web server logs including IP address, user agent, and request metadata for security monitoring and abuse prevention.

How We Use Your Information

  • Provision and operate the Hintas platform
  • Process payments and manage your subscription
  • Send transactional emails (account confirmation, billing receipts, team invitations)
  • Provide customer support
  • Monitor service health and investigate security incidents
  • Improve the platform using aggregated, de-identified usage patterns — such as which workflow types are most commonly used or which configurations frequently fail. We may also use customer-provided content in de-identified form to improve our extraction and validation capabilities.

We do not sell your data or use it for advertising.

LLM API Keys and Inference

Runtime workflow execution uses LLM inference keys you supply. We use your keys only to execute the MCP calls you initiate — we do not store them beyond the duration of a request, and we do not use them for any other purpose. Offline extraction and validation pipelines run on Hintas-owned inference keys and process only your uploaded documentation, not live request data.

Third-Party Service Providers

We share data with the following processors to operate the service:

  • Supabase — database, authentication infrastructure, and secrets management
  • Google — OAuth sign-in
  • Stripe — payment processing and subscription management
  • Email provider — transactional email delivery (invitations, billing, account notices)
  • Cloud infrastructure — hosting and managed compute for MCP server deployment

Each provider processes data only as needed to perform services on our behalf and is bound by a data processing agreement.

Data Retention

We do not retain your data beyond its active use. When you delete a project, all associated content — specifications, workflows, and configurations — is permanently and immediately removed. When you delete your account, all of your data is permanently deleted at that moment.

Billing records are managed by Stripe and subject to their retention policies.

Security

All data in transit is encrypted with TLS. Data at rest is encrypted using AES-256. Third-party API credentials you configure are stored using vault-level encryption in a dedicated secrets manager, accessible only to the execution layer at runtime.

Access to production systems is restricted to authorized Hintas personnel. We conduct periodic security reviews.

If you discover a security vulnerability, please report it to legal@hintas.com.

Your Rights

You may request access to, correction of, or deletion of the personal data we hold about you at any time. To make a request, contact us at legal@hintas.com. We will respond within 30 days.

California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. We do not sell your personal information. We do not share it for cross-context behavioral advertising. You may request to know what personal information we have collected, to have it corrected, or to have it deleted by contacting us at legal@hintas.com.

Cookies

We use cookies and similar technologies only to maintain your authentication session and store your preferences (such as theme). We do not use third-party tracking or advertising cookies.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you via email or an in-product notice at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the revised policy.

Contact

If you have questions about this policy or how we handle your data, contact us at legal@hintas.com.