Privacy Policy
Last updated: April 5, 2026
This Privacy Policy describes how Hatchable ("we", "us", "our") collects, uses, and protects your information when you use the Hatchable platform ("Service").
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address (required for account creation and authentication)
- Name (optional)
Project Data
When you use Hatchable to build applications, we store:
- Project files (code, HTML, CSS, JavaScript) you write via MCP tools
- Database contents created by your applications
- Environment variables and configuration
- Function execution logs (request method, path, status code, duration, errors)
- Deployment history
Usage Data
We automatically collect:
- API request metadata (timestamps, endpoints called, response codes)
- Resource usage (function calls, database size, storage usage)
- IP addresses of API requests
End User Data
Applications you build on Hatchable may collect data from their own end users. You are the data controller for any end user data stored in your project databases. We act as a data processor for this information.
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide the Service | Account info, project data, environment variables |
| Authentication | Email address, API key hashes |
| Billing and plan enforcement | Account info, resource usage |
| Debugging and support | Function logs, error data |
| Service improvement | Aggregated usage data (anonymized) |
| Security and abuse prevention | IP addresses, request patterns |
3. Data Isolation and Security
We take data security seriously:
- Database isolation: Every project gets its own dedicated MySQL database. There is no shared access between projects or accounts.
- Encryption at rest: Environment variables marked as secrets are encrypted using AES-256 before storage.
- No credentials in VMs: Function execution environments do not have direct database or storage credentials. All data access routes through our authenticated gateway.
- API key security: API keys are stored as SHA-256 hashes. We cannot retrieve your original key after creation.
4. Data Retention
- Active accounts: Data is retained as long as your account is active.
- Function logs: Retained for 90 days, then automatically deleted.
- Deleted projects: Project data (database, files, logs) is permanently deleted within 30 days of project deletion.
- Closed accounts: All data is permanently deleted within 30 days of account closure.
5. Data Sharing
We do not sell your personal information. We may share data with:
- Infrastructure providers: AWS (hosting, database, storage), Fly.io (function execution) — as necessary to operate the Service
- Legal requirements: When required by law, subpoena, or court order
- Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
We do not use your project code or data to train AI models.
6. Your Rights
You have the right to:
- Access: View all data associated with your account via the console or API
- Export: Download your project files and database contents at any time
- Delete: Delete individual projects or your entire account
- Correct: Update your account information at any time
If you are in the EU/EEA, you also have rights under the GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.
7. Cookies
The Hatchable console uses session cookies for authentication. We do not use tracking cookies or third-party analytics on the platform. Your deployed applications may set their own cookies — you are responsible for their cookie policies.
8. International Data Transfers
Our infrastructure is hosted in the United States (AWS us-east-1). If you access the Service from outside the US, your data will be transferred to and processed in the US. We rely on standard contractual clauses for EU data transfers where applicable.
9. Children's Privacy
Hatchable is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "last updated" date at the top reflects the most recent revision.
11. Contact
For privacy-related questions or requests, contact us at privacy@hatchable.com.