Data Privacy Policy

Terms and Conditions

Last Updated: December 3, 2025

This Privacy Policy explains how Hustle ("we," "us," or "our") collects, uses, shares, and protects information in connection with the provision of our software services to our clients ("Clients" or "you").

1. Introduction and Scope

Hustle is committed to protecting the privacy and security of the information we process on behalf of our Clients. This policy applies to all data processing activities where we act as a Data Processor or Service Provider (processing Client Data on your behalf) and, where applicable, as a Data Controller (processing Personal Data related to our own business operations, like billing or marketing).

2. Definitions

Client Data:

Any information, including Personal Data, that our Clients submit or allow us to collect, use, or store in connection with the provision of our services.

Personal Data:

Any information relating to an identified or identifiable natural person (e.g., names, email addresses, IP addresses, etc.).

Data Controller (Client):

The entity (our Client) that determines the purposes and means of processing Personal Data.

Data Processor (Your Company):

The entity (us) that processes Personal Data on behalf of the Data Controller.

Services:

The software development, maintenance, hosting, consulting, or other related technology services we provide to you under a separate contract (e.g., Statement of Work or Service Agreement).

3. Data We Collect and Process

A. Data Processed on Behalf of Our Clients (Client Data)

As a Data Processor, we only process Client Data strictly in accordance with your documented instructions and the terms of our separate Service Agreement.

Categories of Data:

This depends entirely on the nature of the services we provide. It may include:

  • End-user account information (e.g., names, user IDs, passwords - typically hashed).
  • Customer usage data (e.g., activity logs, application metrics).
  • End-user content (e.g., text, images, files, or database records uploaded to the application we host/maintain).
  • [Customize this list based on your typical services]

Purpose of Processing:

To provide, maintain, and support the Services as agreed upon in our contract.

Legal Basis:

Processing is necessary for the performance of the contract between the Client and us. The Client is responsible for establishing the legal basis for collecting the data from their end-users.

B. Data We Collect for Our Own Business Operations (Controller Data)

We collect certain Personal Data related to our Clients' personnel for administrative and billing purposes.

Categories of Data:

  • Contact information (e.g., names, job titles, business email addresses, business phone numbers of Client representatives).
  • Billing and financial information (e.g., billing addresses, payment details).
  • Communication records (e.g., support requests, meeting notes).

Purpose of Processing:

To manage the client relationship, process payments, communicate about the Services, and comply with legal obligations.

4. How We Use the Data

We use the collected data for the following purposes:

  • To Provide Services: Executing the tasks defined in our Service Agreement, including software deployment, maintenance, and technical support.
  • To Improve Services: Analyzing technical data (often anonymized or aggregated) to enhance our service delivery and security.
  • Billing and Administration: Processing invoices and managing our contractual relationship.
  • Communication: Responding to inquiries, providing updates, and notifying Clients of service changes.

5. Data Sharing and Disclosure

We will not sell, rent, or lease Client Data to third parties. We may share data only in the following circumstances:

  • With Sub-processors (Vendors): We may engage third-party companies (e.g., cloud hosting providers, monitoring tools) to assist in providing the Services. We ensure that any sub-processors are subject to written agreements that require them to provide at least the same level of data protection as required by our agreement with the Client. A list of current sub-processors is available upon request.
  • Client's Consent/Instruction: When explicitly instructed or authorized by the Client.
  • Legal Requirements: If required to do so by law or in response to valid requests by public authorities (e.g., a court order or subpoena).
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, provided the acquiring entity agrees to adhere to this Privacy Policy.

6. Data Security

We implement and maintain reasonable and appropriate technical and organizational security measures designed to protect Client Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Access control and authorization mechanisms.
  • Encryption of data both in transit (using SSL/TLS) and at rest (where appropriate).
  • Regular security audits and vulnerability assessments.
  • Disaster recovery and backup procedures.

The specific security measures applicable to Client Data are typically detailed in a separate Security Addendum or Data Processing Agreement (DPA).

7. Data Retention

We retain Client Data only for as long as necessary to fulfill the purposes outlined in our Service Agreement or as required by applicable law.

Client Data:

We will retain Client Data according to the instructions of the Client and the terms of our contract. Upon termination of the Services, we will, at the Client's direction, return or securely delete the Client Data, unless legal obligations require longer retention.

Controller Data:

We retain administrative and billing data for the duration of the relationship and for a legally required period thereafter (e.g., tax records).

8. International Data Transfers

If the Services involve the transfer of Personal Data from one jurisdiction (e.g., EU/EEA) to another (e.g., India or the US), we will ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) as approved by the relevant regulatory authority.
  • Binding Corporate Rules (BCRs).
  • Other legally approved mechanisms.

9. Your Obligations as Data Controller (Client)

By using our Services, you acknowledge and agree to the following responsibilities:

  • You have provided all necessary notices and obtained all required consents from your end-users for the collection, processing, and transfer of Personal Data by us, as described in your own privacy policy and your agreement with us.
  • You have complied with all applicable data protection laws, including providing us with accurate and lawful instructions.

10. Rights of the Data Subject

Since we act as the Data Processor, all requests from data subjects (your end-users) regarding their rights (e.g., access, correction, deletion, restriction of processing) must be directed to you (the Data Controller). We will assist you in responding to such requests to the extent technically and commercially feasible, as stipulated in our DPA.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify our Clients of any material changes by posting the new policy on our website or by sending a direct notification.

© Hustle.dev - All rights reserved.Data Privacy Policy