Hicap Privacy Policy

This Privacy Policy describes how Hicap ("we", "us", or "our") collects, uses, and protects your personal information when you use our AI compute infrastructure services ("Services"). We are committed to protecting your privacy and handling your data with transparency and care. By using our Services, you agree to the collection and use of information in accordance with this policy.

Account Information: When you create an account, we collect your name, email address, company name (if applicable), and billing information. Usage Data: We collect information about how you interact with our Services, including API calls, token consumption, and service usage patterns for billing and analytics purposes. Technical Data: We may collect IP addresses, browser type, device information, and other technical data to ensure service security and performance. Important: Hicap does not store any customer messages, prompts, or completions sent to or received from AI models. Your requests are forwarded to the model provider and responses are returned to you without being logged or retained on our systems.

We use your information to: • Provide, maintain, and improve our Services • Process transactions and send related billing information • Respond to your inquiries and provide customer support • Monitor and analyze usage patterns for capacity planning and service optimization • Send you technical notices, updates, and administrative messages • Detect, prevent, and address technical issues and security incidents • Comply with legal obligations

We implement industry-standard security measures to protect your data: Encryption: All data in transit is protected using TLS 1.3 encryption. Data at rest is encrypted using AES-256 encryption. Access Controls: We implement strict role-based access controls and the principle of least privilege for all systems. Compliance: Hicap follows best practices aligned with SOC 2 Type II standards and can be configured to meet GDPR, HIPAA, and other regulatory requirements. Security Monitoring: We continuously monitor our systems for potential security threats and vulnerabilities.

We do not sell, trade, or rent your personal information to third parties. We may share your information with: Service Providers: We work with cloud infrastructure providers (AWS, Azure, Google Cloud) to deliver our Services. These providers process data on our behalf under strict contractual obligations. Model Providers: When you make API requests, your prompts are forwarded to the selected model provider (OpenAI, Anthropic, Google, etc.) to generate responses. Each provider has their own privacy policies governing their data handling. Legal Requirements: We may disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights or safety. Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

Account Data: We retain your account information for as long as your account is active or as needed to provide Services. Billing Records: We retain billing and transaction records as required by applicable tax and accounting laws. Usage Metadata: Aggregated and anonymized usage data may be retained indefinitely for analytics and service improvement. Prompts and Completions: As stated above, we do not store your prompts or AI model responses. These pass through our infrastructure in real-time without retention. Upon account termination, we will delete your personal data within 30 days, except where retention is required by law.

Depending on your location, you may have the following rights: Access: Request a copy of the personal data we hold about you. Correction: Request correction of inaccurate or incomplete data. Deletion: Request deletion of your personal data (subject to legal retention requirements). Portability: Request your data in a portable, machine-readable format. Objection: Object to certain processing of your personal data. Restriction: Request restriction of processing in certain circumstances. To exercise any of these rights, please contact us at privacy@hicap.ai.

For users in the European Economic Area (EEA), we process personal data under the following legal bases: • Contract performance: Processing necessary to provide our Services • Legitimate interests: Processing for fraud prevention, security, and service improvement • Legal obligations: Processing required by applicable laws • Consent: Where you have provided explicit consent You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

Your data may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer data internationally, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

Our website and platform may use cookies and similar technologies to: • Maintain your session and preferences • Analyze website traffic and usage patterns • Improve user experience You can control cookie settings through your browser preferences. Note that disabling certain cookies may affect the functionality of our Services.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically. Continued use of our Services after changes to this policy constitutes acceptance of the updated terms.

If you have any questions about this Privacy Policy or our data practices, please contact us at: Email: privacy@hicap.ai General Inquiries: contact@hicap.ai Hicap Inc. Mexico City, Mexico