Privacy Policy

For workspace data (your team's account, persona configuration, knowledge documents, session recordings) Hudson is the processor and your organisation is the controller. For visitor data captured during a Hudson session, your organisation is the controller and Hudson processes it on your behalf under the Master Services Agreement.

• Account data: name, email, workspace name, role, billing details.
• Workspace content: Hudson persona configuration, knowledge documents, walkthrough videos.
• Session data (visitor-facing): audio + video recording, transcript, expression / tone perception notes, the visitor's stated name, role, goal, and any custom answers they give Hudson.
• Usage data: log lines, page views, error reports, IP address (truncated to /24 within 24h).

• Run the service you've signed up for (host the sessions, generate insights, push CRM updates you've configured).
• Improve session quality at the workspace level — never to train cross-customer models without an explicit, signed addendum.
• Bill you accurately and prevent abuse.

Application data is hosted in the EU (Frankfurt). Session media (recordings) is hosted by our video-AI provider in the United States (us-east-1) with encryption at rest. We do not currently offer a single-region US-only or single-region EU-only deployment for the recording pipeline — if you need that, contact us before signing.

• Video-AI provider — powers the live conversation. Receives the live audio/video stream and returns the recording, transcript, and perception analysis.
• Database & storage provider — managed Postgres and object storage for everything else.
• Edge runtime provider — serves the application and runs server-side compute.
• Transactional email provider — sends invites and weekly digests.
• LLM orchestration provider — routes requests across frontier language models, selected per request.
• Your configured integrations — CRM, a webhook URL you provide, etc. — only when you switch them on.

A current, named sub-processor list (with entity, jurisdiction, and purpose) is available on request under NDA — email privacy@hudson.ai and we'll respond within 5 business days. Enterprise customers receive the named list as part of the DPA.

We do not sell personal data. We do not share it with advertisers.

Workspace owners pick a retention window between 7 and 365 days in Settings → Compliance (default: 90 days). After that, the recording, transcript and perception notes are nulled. The session row itself remains for billing-cap math, with all identifying fields removed.

Every Hudson session page shows a "Delete this session" link in the footer. Clicking it queues the session for full deletion (recording + transcript + perception); the sweep job applies it within 24 hours. Workspace admins can also delete any session immediately from the dashboard.

To remove your whole workspace, email privacy@hudson.ai from the workspace owner's email. We respond within 5 business days.

You can request access, correction, deletion, restriction of processing, and data portability. EU users can lodge a complaint with their local data protection authority; California residents have the rights described in CCPA §§1798.100–.199.

All data is encrypted in transit (TLS 1.2+) and at rest. Row-level security gates every read in our Postgres database. Production access is limited to a small on-call team with hardware MFA. We run automated vulnerability scans on every deploy.

Hudson is not directed at children under 16. We do not knowingly collect data from them.

If we materially change this policy we'll notify workspace owners by email 14 days in advance.

Privacy questions or requests: privacy@hudson.ai. We aim to respond within 5 business days.