Privacy Policy

Introduction

Hilma ("we", "our", or "us") is a service provided by Mindtrack AB, a company registered in Sweden (org.nr 559383-2859). We are committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by Hilma. This Privacy Policy applies to our website, and our associated application "Hilma" for Slack (collectively, our "Service"). By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.

What data do we collect?

When you install Hilma in your Slack workspace, we collect the following information:

• Slack User Data: Your Slack user ID, name, email address, and avatar.
• Slack Workspace Data: Your Slack team ID and team name.
• Channel Data: IDs and names of public channels where you invite Hilma.
• Interaction Data: Information you provide during check-ins (mood scores, blockers, text responses).

We do not access or store message history from your Slack workspace outside of the specific interactions with the Hilma bot and messages in channels where Hilma is explicitly invited for summary generation purposes.

How do we use your data?

We use the data we collect to:

• Provide, maintain, and improve our Service.
• Generate team summaries and health insights.
• Communicate with you, including sending service-related notices.
• Process your requests and transactions.

Data Retention

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

Data Access and Deletion

You have the right to request access to the data we hold about you. You also have the right to request that we delete your personal data. To make such a request, please contact us at [email protected]. If you uninstall the Hilma app from your Slack workspace, we will delete your workspace data upon request or after a period of inactivity.

Third-Party Services

We use third-party services for hosting (Vercel), database (Supabase), and AI processing (OpenAI, Anthropic). These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We do not sell your data to third parties.

GDPR Compliance

For users in the European Union (EU), we adhere to the General Data Protection Regulation (GDPR). We act as a Data Processor for the information provided by your Slack Workspace (the Data Controller).

Your Rights

Under GDPR, you have the following rights:

• The right to access, update, or delete the information we have on you.
• The right of rectification.
• The right to object.
• The right of restriction.
• The right to data portability.
• The right to withdraw consent.

Data Transfer

Hilma is based in Sweden. We primarily store data within the EU/EEA where possible, but our service relies on third-party infrastructure (Vercel, Supabase, OpenAI) that may process and store data in the United States. By using our Service, you acknowledge and agree to this transfer. We ensure that our sub-processors adhere to high security standards and, where applicable, we rely on mechanisms like the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) to safeguard your data.

Data Processing Agreement (DPA)

We offer a Data Processing Agreement (DPA) for our customers who need one to meet their GDPR obligations. To request a DPA, please email us at [email protected].

HIPAA Disclaimer

Hilma is not HIPAA compliant and is not intended for use with Protected Health Information (PHI) by HIPAA-covered entities or their business associates.

While Hilma implements strong security measures (encryption at rest and in transit, access controls, secure infrastructure), our third-party AI providers (OpenAI and Anthropic) do not offer Business Associate Agreements (BAAs) for standard API usage. Without BAAs from all sub-processors in the data flow, we cannot certify HIPAA compliance.

If HIPAA compliance is a requirement for your organization, please contact us at [email protected] to discuss your needs. We may be able to explore enterprise arrangements with our providers to support HIPAA-covered use cases in the future.

Email Communications

We use email addresses collected from your Slack workspace to send service-related communications. By installing Hilma, workspace administrators consent to receiving these emails on behalf of their organization:

• Transactional emails: Welcome messages, trial notifications, and team invitations sent to administrators and invited users.
• Check-in reminders: Optional email reminders for pending check-ins. Controlled by workspace settings and disabled by default.
• Summary digests: Optional email digests of team summaries. Controlled by workspace settings and disabled by default.

We do not send marketing emails or share email addresses with third parties for marketing purposes. Administrators can disable optional email features in workspace settings at any time.

Children's Privacy (COPPA)

Hilma is a business-to-business service designed for workplace use. Our Service is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us at [email protected] and we will promptly delete the information.

Customer Identity & Marketing

You agree that we may identify you as a customer of Hilma. We may use your company name and logo in our marketing materials, on our website, and in presentations to demonstrate our customer base. If you prefer not to be identified as a customer, please contact us at [email protected].

Contact Us

If you have any questions about this Privacy Policy, please contact us: