Privacy Policy
This Privacy Policy explains how Exhort Technologies LLC (“Exhort Technologies,” “we,” “us”) collects, uses, shares, and safeguards information when you use Hitch and related websites and services (the “Service”). It applies to information about visitors to our marketing site, account holders, and end users of customer accounts. By using the Service you agree to this Policy. If you do not agree, do not use the Service.
1. Information we collect
1.1 Information you provide
- Account information: name, email address, organization name, password (stored hashed), role, and verification status.
- Customer Content: the prompts, instructions, files, agent configurations, brand voice examples, contact lists, knowledge-base entries, and other content you or your team submit to the Service for the AI agents to use.
- Communications: messages you send to support, feedback you submit, and survey responses.
- Billing information: if and when you subscribe to a paid plan, billing details are collected and processed by our payment processor; we receive limited transaction metadata (such as plan, amount, last-four card digits, and billing email) but not full card numbers.
1.2 Information generated through your use
- Usage and audit logs: task history, agent reasoning steps, tool invocations, approval decisions, timestamps, and other operational events the Service records to provide audit trails and to operate the platform.
- Generated output: drafts, documents, presentations, recommendations, and other AI-generated content created within your account.
- Device and connection data: IP address, browser type, device identifiers, language, timezone, referrer, and pages viewed.
- Cookies and similar technologies: we use a small number of strictly necessary cookies to keep you signed in and to operate the Service. We do not use third-party advertising or cross-site tracking cookies.
1.3 Information from third parties
If you connect a third-party tool or account to the Service (for example, an integration platform or an external service one of your agents uses), we receive information from that third party as necessary to make the integration work. The information we receive depends on the integration and on the permissions you grant.
2. How we use information
We use information to:
- operate, maintain, and secure the Service and the accounts we host;
- provide AI-powered features by transmitting prompts and Customer Content to AI/ML model providers as needed to generate responses;
- execute tools, integrations, and approvals on your behalf as you direct;
- generate audit trails and notifications, including the “Needs Your Attention” queue;
- communicate with you about your account, security, billing, and changes to the Service;
- diagnose problems, debug, monitor performance, prevent fraud and abuse, and enforce our Terms of Service;
- comply with legal obligations and respond to lawful requests; and
- understand how the Service is used so we can improve it.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We do not use Customer Content to train foundation AI models.
3. AI processing and third-party model providers
To deliver AI-powered features, the Service sends prompts and the Customer Content needed to fulfill your request to third-party AI/ML providers under contracts that prohibit those providers from using your data to train their general-purpose models. These providers process the data on our behalf as service providers / processors. We choose providers we believe meet reasonable security and confidentiality practices, but we cannot guarantee any third party’s practices.
4. Categories of recipients
We share information with:
- Service providers that operate the Service on our behalf, including AI/ML model providers, cloud hosting and database providers, transactional email and notification providers, payment processors, error-monitoring and observability providers, and integration platforms used to connect external tools you have authorized.
- Other users in your organization, to the extent your account is part of a shared workspace and the information is intended to be visible inside that workspace (for example, team-visible assets and audit history).
- Recipients you direct, such as customers and contacts to whom you choose to send content the Service has produced.
- Authorities and other parties when we believe in good faith that disclosure is required by law, legal process, or a valid governmental request, or is necessary to protect the rights, property, or safety of Exhort Technologies, our users, or others.
- Successors in connection with a merger, acquisition, financing, reorganization, or sale of all or a portion of our assets, in which case we will continue to protect the information consistent with this Policy or notify you of any material change.
For a current list of the specific subprocessors we use, contact customers@exhort.tech.
5. Data retention
We retain account information for as long as your account is active and for a reasonable period afterward to resolve disputes, enforce our agreements, and comply with legal obligations. Customer Content is retained for as long as you keep it in the Service; you can delete content from within the Service or request account deletion by emailing customers@exhort.tech. After deletion, residual copies may persist in encrypted backups for a limited period before being overwritten in the ordinary course. We may retain de-identified or aggregated data indefinitely.
6. Security
We use commercially reasonable administrative, technical, and physical safeguards designed to protect information, including encryption in transit, hashed password storage, access controls, and audit logging. No system is perfectly secure, however, and we cannot guarantee the security of any information you transmit to or store in the Service. You are responsible for keeping your account credentials secure and for promptly notifying us at customers@exhort.tech of any suspected unauthorized access.
7. Your choices and rights
You may:
- access and update your account information from within the Service;
- delete content you have submitted, or request deletion of your account;
- opt out of non-essential email communications using the unsubscribe link in those emails (we will continue to send service-related messages);
- opt out of the arbitration agreement in our Terms of Service within the time window described there.
Depending on where you live, you may have additional rights described below.
7.1 California residents (CCPA / CPRA)
If you are a California resident, you have the right to (a) know what personal information we collect, use, disclose, and (when applicable) sell or share; (b) request deletion of your personal information; (c) request correction of inaccurate personal information; and (d) be free from discrimination for exercising these rights. We do not sell personal information and we do not share it for cross-context behavioral advertising. To exercise your rights, email customers@exhort.tech from the email address on your account; we may need to verify your identity before fulfilling your request. You may use an authorized agent to make a request on your behalf, subject to verification.
7.2 Other U.S. state privacy laws
Residents of states with comprehensive consumer privacy laws (such as Virginia, Colorado, Connecticut, Utah, and Texas) have rights similar to those described above, including rights of access, correction, deletion, and portability, and the right to opt out of certain processing. To exercise these rights, contact us at customers@exhort.tech.
7.3 Residents of the European Economic Area, United Kingdom, and Switzerland
If applicable to you, our legal bases for processing personal data include performance of a contract (operating the Service for you), legitimate interests (securing the Service, preventing fraud, improving features), consent (where required), and compliance with legal obligations. You have rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local data-protection authority. International transfers, where they occur, rely on appropriate safeguards (such as standard contractual clauses) where required by law.
8. Children
The Service is not directed to children under 18 and we do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, contact us at customers@exhort.tech and we will take reasonable steps to delete it.
9. International users
The Service is operated from the United States and is processed by service providers that may be located in the United States or other jurisdictions. By using the Service you understand that your information will be transferred to and processed in the United States, which may have data-protection laws different from those of your country.
10. Third-party links
The Service may link to or interoperate with third-party websites and services. We are not responsible for the privacy practices of those third parties. Review their policies before providing them with information.
11. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will give reasonable notice (for example, by email to your account address or by posting a notice in the Service) and update the version and effective date above. Your continued use of the Service after the new Policy takes effect constitutes your acceptance of it.
12. Contact
Exhort Technologies LLC
Email: customers@exhort.tech