Privacy Policy

Introduction

This Privacy Policy explains how Lets Imagine, LLC, a Delaware limited liability company doing business as HumanDeploy ("HumanDeploy," "we," "us," or "our"), collects, uses, discloses, and protects personal information in connection with the HumanDeploy platform and services (the "Service"). This Policy applies to our customers, their authorized users, visitors to our website, and individuals whose personal information we process on behalf of our customers.

HumanDeploy is an AI-native go-to-market execution platform that combines artificial intelligence with senior human specialists to deliver marketing, sales, and growth execution services through our customers' Slack workspaces. We take privacy seriously and are committed to complying with applicable data protection laws worldwide, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), Canada's PIPEDA, Australia's Privacy Act, Brazil's LGPD, and the patchwork of U.S. state privacy laws.

This Policy is incorporated into our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.

1. Scope and Our Role

1.1 Controller vs. Processor

When we process personal information about our customers' end users, employees, prospects, or other individuals submitted to the Service by our customers ("Customer Data"), we act as a data processor (or "service provider" under CCPA/CPRA) on behalf of the customer, who is the data controller. Our processing of Customer Data is governed by our Data Processing Addendum (DPA), available at humandeploy.ai/dpa.

1.2 When We Act as Controller

When we collect personal information directly from website visitors, account administrators, billing contacts, and job applicants, and when we process account, billing, support, and usage data for our own business purposes, we act as a data controller.

2. Data We Collect

2.1 Account & Billing Data

Name, email address, job title, company name, business address, phone number, billing information (processed by our payment processor, Stripe), and authentication credentials.

2.2 Customer Content

All content you submit to the Service through Slack, uploaded files, brand assets, strategy documents, work requests, feedback, and other materials. This content is stored as part of your Business Context Graph and treated as Customer Confidential Information.

2.3 Authorized Integration Data

When you connect third-party platforms (HubSpot, Salesforce, Gong, Google Analytics, and similar tools) via OAuth, we receive the data those platforms expose under the scopes you authorize. We access only what is necessary to deliver the Service.

2.4 Slack Workspace Data

When our AI agent is installed in your Slack workspace, we process messages in channels and threads where the agent is active, user profile information (names, emails, Slack IDs), workspace metadata, and files shared with the agent. We do not read messages in channels where the agent has not been invited.

2.5 Usage & Telemetry

Log data, device information, browser type, IP address, access times, pages viewed, feature usage, and AI interaction metadata (prompt lengths, model routing decisions, latency, error rates). We use this data to operate, secure, and improve the Service.

2.6 Cookies & Similar Technologies

Our website uses cookies and similar tracking technologies. See Section 11 and our Cookie Policy at humandeploy.ai/cookies for details.

2.7 Data We Do Not Intentionally Collect

We do not intentionally collect special categories of personal data (such as health, biometric, or children's data). Our Service is not directed at children under 16, and we do not knowingly collect personal information from them.

3. How We Use Your Data

We use personal information for the following purposes:

• Deliver the Service, including generating, reviewing, and delivering work product via our AI System and human Specialists.
• Maintain, secure, monitor, and improve the Platform and the AI System.
• Personalize each customer's Business Context Graph so the Service learns that customer's voice, preferences, and business context.
• Process payments, manage subscriptions, and prevent fraud.
• Communicate with you about the Service, including support, updates, security notices, and policy changes.
• Comply with legal obligations, respond to lawful requests, and enforce our agreements.
• Conduct research, analytics, and product development on aggregated and de-identified data.

4. Legal Bases for Processing (GDPR/UK GDPR)

For individuals in the European Economic Area, United Kingdom, and Switzerland, we rely on the following legal bases under Article 6 of the GDPR:

Contract. Processing necessary to perform our contract with you or take steps at your request before entering into a contract (for example, creating your account and delivering the Service).

Legitimate Interests. Processing necessary for our legitimate interests in operating, securing, and improving the Service, preventing fraud, and marketing our Service to business contacts, balanced against the rights and freedoms of data subjects.

Legal Obligation. Processing necessary to comply with applicable laws, including tax, accounting, and regulatory obligations.

Consent. Where required by law (for example, certain marketing communications or non-essential cookies), we rely on your consent, which you may withdraw at any time.

5. AI-Specific Disclosures

5.1 Per-Customer Learning

The HumanDeploy AI System learns from your interactions, feedback, and content to better serve you. This learning is confined to your Business Context Graph. We do not use your Customer Data to train our foundational or system-wide models, and we do not share your Customer Data across customer accounts.

5.2 Sub-processor AI Providers

We use third-party AI providers (including OpenAI and Anthropic) to process prompts and generate draft content. These providers are contractually prohibited from training their models on your Customer Data. We use enterprise API endpoints with zero-retention or short-retention configurations where available.

5.3 Human Review

All Deliverables are reviewed by human Specialists before delivery. Specialists are independent contractors bound by strict confidentiality, data protection, and Competitive Conflict Protocol obligations.

5.4 Automated Decision-Making

We do not use your personal information to make decisions that produce legal or similarly significant effects about you solely through automated means. The AI System drafts work product, but humans remain in the loop for decisions that affect you.

5.5 EU AI Act Transparency

Consistent with Article 50 of the EU AI Act, we disclose that Deliverables are AI-assisted. You may request information about the degree of AI involvement in any specific Deliverable.

6. Slack-Specific Disclosures

HumanDeploy operates as a Slack app within your workspace. Our handling of Slack data complies with Slack's API Terms of Service and Developer Policy:

• We access only the Slack scopes you authorize at installation.
• We do not use Slack data to train large language models.
• If you uninstall the HumanDeploy app, we will delete Slack data we obtained through the integration within 14 days, except where retention is required by law or to complete in-flight Deliverables.
• We do not sell or share Slack data with third parties for their own purposes.

7. MCP and API Disclosures

HumanDeploy may offer a Model Context Protocol (MCP) server and APIs that allow you or authorized third-party AI agents to access your Business Context Graph. MCP and API access is strictly opt-in and requires explicit, informed authorization from an account administrator. When you enable MCP or API access:

• You are responsible for the third-party agents or tools you authorize and for their handling of data they retrieve.
• We log all MCP and API requests for security and audit purposes.
• You may revoke access at any time through your account settings.
• We do not share your Business Context Graph with any third party without your express authorization.

8. Data Sharing and Sub-processors

We share personal information only as described below. We do not sell personal information and we do not share it for cross-context behavioral advertising.

8.1 Sub-processors

We engage trusted sub-processors to operate the Service, including cloud infrastructure providers, AI model providers, payment processors, communication tools, and analytics providers. A current list of sub-processors is available at humandeploy.ai/sub-processors. All sub-processors are bound by written agreements requiring confidentiality, security, and data protection obligations consistent with this Policy and our DPA.

8.2 Specialists

Human Specialists are independent contractors bound by confidentiality and data protection obligations. Specialists access Customer Data only as necessary to deliver assigned work.

8.3 Legal and Safety

We may disclose personal information to comply with applicable law, valid legal process, or lawful government requests, to enforce our agreements, to protect the rights, property, or safety of HumanDeploy or others, or in connection with a merger, acquisition, financing, or sale of assets (subject to standard protections).

8.4 With Your Direction

We share Customer Data with third parties at your direction, including through Authorized Integrations you enable and MCP or API access you authorize.

9. International Data Transfers

HumanDeploy is based in the United States. If you access the Service from outside the United States, your personal information will be transferred to, stored in, and processed in the United States and other countries where our sub-processors operate.

For transfers of personal data from the European Economic Area, United Kingdom, and Switzerland to the United States, we rely on the following transfer mechanisms, as applicable:

• Standard Contractual Clauses (SCCs) approved by the European Commission, and the UK International Data Transfer Addendum.
• The EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. Data Privacy Framework, where we or our sub-processors are certified.
• Supplementary technical, organizational, and contractual measures, including encryption in transit and at rest and access controls.

You may request a copy of the relevant transfer mechanism by contacting privacy@humandeploy.ai.

10. Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Customer Data and Business Context Graph: retained for the duration of your Subscription and deleted within 30 days after termination, except where longer retention is required by law.
• Account and billing records: retained for up to 7 years to comply with tax and accounting obligations.
• Security and access logs: retained for up to 24 months.
• Slack data after uninstallation: deleted within 14 days.

You may request deletion at any time, subject to legal retention obligations, by contacting privacy@humandeploy.ai.

11. Cookies and Tracking

We use cookies and similar technologies on our website to operate the site, remember your preferences, analyze usage, and (where you consent) deliver marketing. Categories of cookies we use include strictly necessary, functional, analytics, and marketing cookies.

You can manage your cookie preferences through our cookie banner and through your browser settings. For details, see our Cookie Policy at humandeploy.ai/cookies.

12. Your Privacy Rights

Depending on where you live, you may have the following rights with respect to your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information, subject to legal exceptions.
• Portability: Request a copy of your information in a structured, commonly used format.
• Restriction and Objection: Request that we restrict or object to certain processing.
• Withdraw Consent: Withdraw consent where processing is based on consent.
• Opt out of Sale/Sharing: We do not sell personal information or share it for cross-context behavioral advertising, but you may opt out at any time.
• Non-Discrimination: We will not discriminate against you for exercising your rights.
• Lodge a Complaint: You may lodge a complaint with your local data protection authority.

12.1 How to Exercise Your Rights

To exercise any of these rights, email privacy@humandeploy.ai. We will respond within the timeframes required by applicable law (typically within 30–45 days). We may need to verify your identity before acting on your request. If you are an end user of one of our customers, please direct your request to that customer, and we will assist the customer as their processor.

12.2 California Residents

California residents have specific rights under the CCPA/CPRA, including the right to know, delete, correct, and limit the use of sensitive personal information, and the right to opt out of sale or sharing. We do not sell or share personal information. California residents may designate an authorized agent to submit requests on their behalf.

12.3 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosures of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

13. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Our security practices include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access controls and least-privilege principles.
• Multi-factor authentication for administrative access.
• Secure software development lifecycle, code review, and vulnerability management.
• Regular security audits, penetration testing, and incident response procedures.
• Vendor security reviews for sub-processors.

No method of transmission or storage is 100% secure. In the event of a security incident affecting your personal information, we will notify you and applicable regulators as required by law. For details, see humandeploy.ai/security.

14. Changes and Contact

14.1 Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service and update the "Last Updated" date above. Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance of the changes.

14.2 Children's Privacy

The Service is intended for business use and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact privacy@humandeploy.ai and we will take appropriate action.

14.3 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Lets Imagine, LLC (d/b/a HumanDeploy)
727 Madison Avenue, Covington, KY 41011, United States
Attn: Privacy Team
Email: privacy@humandeploy.ai
Legal inquiries: legal@humandeploy.ai
Website: humandeploy.ai

14.4 EU/UK Representative

Where required by Article 27 of the GDPR or UK GDPR, HumanDeploy will designate a representative in the EU and UK. Contact details for our representatives, once designated, will be posted at humandeploy.ai/privacy.