Privacy Policy

Hours AI ("Company," "we," "us," or "our") operates the Hours AI workforce scheduling platform ("Service"). This Privacy Policy describes how we collect, use, share, and protect information when you use the Service.

1. Information We Collect

• Account information. Name, email address, phone number, company name, and password (stored hashed).
• Employee data you upload. Information about employees you add to your organization, including names, contact details, role, pay rate, availability, preferences, and time-off requests.
• Scheduling data. Schedules, shifts, swaps, attendance records, location, and timestamps created by use of the Service.
• Billing information. Subscription and payment metadata. Card details are collected directly by our payment processor and are not stored on our servers.
• Usage and device data. Log data such as IP address, browser/device type, pages visited, and interactions, used to operate and secure the Service.
• Mobile data. If you use the mobile app, we may collect device identifiers, push notification tokens, and (with your permission) approximate location for clock-in geofencing.

2. How We Use Information

• Provide, operate, secure, and improve the Service.
• Generate AI-assisted schedules and other automated recommendations based on the data you provide.
• Send transactional communications (account, billing, and Service-related notices).
• Process payments and manage subscriptions.
• Respond to support requests and feedback.
• Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms.
• Comply with legal obligations and enforce our agreements.

3. Data Sharing and Subprocessors

We do not sell personal information. We share information only as needed to operate the Service, with the following subprocessors:

• Supabase — application database, file storage, and authentication.
• Stripe — payment processing and subscription billing.
• OpenAI — large language model inference used to generate scheduling recommendations and assistant responses. Inputs are not used to train provider models.
• Resend — transactional email delivery.
• Twilio (and Telnyx as a backup provider) — SMS delivery for notifications and verification.
• Expo — push notification delivery for the mobile app.
• Vercel — application hosting.
• Sentry — crash and error reporting.

We may also disclose information when required by law, in response to lawful requests by public authorities, to protect our rights or those of users, or in connection with a merger, acquisition, or sale of assets.

4. Data Retention

We retain personal information for the duration of your account and for a reasonable period thereafter to allow export, billing reconciliation, and dispute resolution. We may retain certain records for longer as required by law (for example, tax and payroll-adjacent records). Aggregated or de-identified data may be retained indefinitely.

5. Your Rights

Depending on where you live, you may have rights under laws such as the California Consumer Privacy Act (CCPA) and the European Union General Data Protection Regulation (GDPR), including:

• Access to the personal information we hold about you.
• Correction of inaccurate or incomplete information.
• Deletion of personal information, subject to exceptions.
• Portability — receive a copy of your data in a structured, machine-readable format.
• Objection to or restriction of certain processing activities.
• Withdrawal of consent where processing is based on consent.
• The right to lodge a complaint with a supervisory authority.

Where Hours AI processes personal information on behalf of an employer (for example, employee scheduling data uploaded by a manager), employees should direct requests to their employer first; we will assist the employer in responding.

To exercise your rights, contact support@hours-ai.com.

6. Cookies and Similar Technologies

We use cookies and similar local-storage technologies that are strictly necessary to operate the Service (for example, authentication session cookies) and functional cookies that remember your preferences (for example, your selected location). We do not use third-party advertising or cross-site tracking cookies. You may control cookies through your browser settings; doing so may affect Service functionality.

7. Security

We use commercially reasonable administrative, technical, and organizational safeguards to protect personal information, including transport-layer encryption (TLS), encryption at rest for database backups, scoped row-level security policies, and least-privilege access controls. No system is perfectly secure, and we cannot guarantee absolute security.

8. Children's Privacy

The Service is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us so we can investigate and delete the information as appropriate.

9. International Transfers

The Service is operated from the United States. If you access it from outside the United States, your information will be transferred to and processed in the United States and other countries where our subprocessors operate. We rely on recognized transfer mechanisms (such as Standard Contractual Clauses) where required by applicable law.

10. Updates to this Policy

We may update this Privacy Policy from time to time. If we make a material change, we will provide notice through the Service or by email. The "Last updated" date at the top of this page reflects the most recent version.

11. Contact

Questions about this Privacy Policy can be sent to support@hours-ai.com.