Hexel Studio Privacy Policy

Last Updated: January 12, 2026

Welcome to the Privacy Policy of Hexel Studio, Inc. ("Hexel," "Company," "we," "us," or "our"). This Privacy Policy describes how we collect, use, disclose, and otherwise process information in connection with our websites, including https://hexelstudio.com, our cloud-based agent platform, dashboards, APIs, SDKs, developer tools, and related services (collectively, the "Services").

Hexel Studio provides enterprise infrastructure for governed autonomous AI agents. Our Services are designed for organizational and professional use only and are not intended for consumers or personal, household use.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to information we process when:

  • You visit our websites
  • Your organization creates an account with Hexel
  • You act as an authorized user, administrator, or developer
  • You interact with our APIs, SDKs, or agent runtime
  • You communicate with us for support, security, or legal matters

This Privacy Policy does not apply to third-party services, systems, applications, or data sources that customers connect to the Hexel platform. Those services are governed by their own privacy policies.

2. Roles Under Data Protection Laws

For purposes of applicable data protection laws (including GDPR and similar frameworks):

  • Customers are the "Data Controllers"
  • Hexel Studio is the "Data Processor"

Customers determine:

  • What data is connected or ingested
  • Which agents may access that data
  • How agents may act on that data
  • How long data is retained

Hexel processes data solely on documented instructions from customers, as described in this Privacy Policy, the Data Processing Addendum, and applicable agreements.

3. Information We Collect

3.1 Information You Provide Directly

We collect information that you or your organization voluntarily provide, including:

  • Organization name, address, and business contact details
  • Authorized user names, work email addresses, and roles
  • Account credentials and authentication data
  • Billing, payment, and tax-related information
  • Support requests, feedback, and communications

You represent that you have the authority to provide such information on behalf of your organization.

3.2 Information Collected Automatically

When you access or use the Services, we automatically collect certain information, including:

  • IP addresses and approximate location
  • Device, browser, and operating system information
  • Usage metadata, timestamps, and request identifiers
  • API call metadata and execution metrics
  • Logs, traces, and audit records generated by the platform
  • Error reports and performance telemetry

This information is used for security, observability, billing, and platform reliability.

3.3 Customer-Provided and Generated Data

In connection with agent execution, Hexel may process:

  • Data ingested from customer-configured data sources
  • Knowledge stored in customer-managed knowledge stores
  • Inputs submitted to agents
  • Outputs generated by agents
  • Execution state, checkpoints, and action metadata

As between Hexel and the customer, customers retain all rights, title, and interest in such data.

4. How We Use Information

We process information for the following purposes:

  • To provide, operate, and maintain the Services
  • To authenticate users and enforce access controls
  • To execute agents according to defined policies
  • To provide observability, auditability, and traceability
  • To calculate usage, billing, and metering
  • To detect, prevent, and respond to security incidents
  • To comply with legal and regulatory obligations

Hexel does not:

  • Sell personal data
  • Use customer data for advertising
  • Train general-purpose AI models on customer data by default

5. Artificial Intelligence and Model Providers

Hexel enables customers to use third-party and proprietary AI models as part of agent execution.

  • Customer data is not used to train models unless explicitly agreed in writing
  • Only the minimum data required is transmitted to selected model providers
  • Customers control which models are enabled per environment
  • Model providers act as subprocessors where applicable

Due to the probabilistic nature of AI systems, outputs may be inaccurate, incomplete, or misleading. Customers are responsible for validating outputs before relying on them.

6. Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Maintain authenticated sessions
  • Provide essential platform functionality
  • Improve performance and reliability
  • Understand usage patterns at an aggregate level

We do not use third-party advertising cookies.

You may control cookies through your browser settings, though disabling certain cookies may impact functionality.

7. Data Retention

We retain information for as long as necessary to:

  • Provide the Services
  • Meet contractual obligations
  • Maintain security and auditability
  • Comply with legal requirements

Retention periods may vary depending on data type and customer configuration. Upon termination of services, data is deleted or returned in accordance with contractual terms.

8. Data Sharing and Disclosure

We may share information with:

  • Cloud infrastructure providers (compute, storage, networking)
  • AI model providers selected by customers
  • Security, monitoring, and compliance vendors
  • Professional advisors (legal, audit)

We may disclose information if required by law, regulation, or valid legal process, or to protect the rights, property, or safety of Hexel, our customers, or others.

9. International Data Transfers

Information may be processed in multiple jurisdictions depending on customer configuration and infrastructure location. Where required, we implement appropriate safeguards to protect such transfers in accordance with applicable law.

10. Data Subject Rights

Depending on applicable law, individuals may have rights to access, correct, delete, or restrict processing of personal data.

Because Hexel acts primarily as a processor, requests should be directed to the relevant customer. Hexel provides reasonable assistance to customers in fulfilling valid requests.

11. Security Measures

Hexel implements administrative, technical, and organizational safeguards designed to protect information, including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Environment-level isolation
  • Immutable audit logs
  • Continuous monitoring and alerting

No system is completely secure. Customers remain responsible for managing user access and credentials.

12. Children's Privacy

The Services are intended for business use only. Hexel does not knowingly collect personal data from individuals under the age of 18.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last Updated" date reflects the effective date. Continued use of the Services after an update constitutes acceptance of the revised policy.

14. How to Contact Us

If you have questions about this Privacy Policy or our data practices, you may contact us at:

Hexel Studio, Inc.

support@hexelstudio.com

https://hexelstudio.com