Privacy Policy for hurra.ai
Effective Date: 27.6.2025
Last Updated: 27.6.2025
This Privacy Policy applies to the hurra.ai service developed and operated by Hurra Communications GmbH ("hurra.ai", "we", "us", or "our"). It outlines how we collect, use, disclose, and protect personal data when providing AI orchestration services within communication platforms like Slack and Microsoft Teams.
1. Who We Are
Hurra Communications GmbH
Lautenschlagerstraße 23a
70173 Stuttgart, Germany
Email: privacy@hurra.com
Website: www.hurra.ai
hurra.ai enables intelligent AI model selection and response delivery within enterprise communication tools. When used in an organizational context, the client organization is typically the data controller, and hurra.ai acts as a data processor under Article 28 GDPR.
When hurra.ai is used on our own websites or for our own marketing purposes, we act as the data controller.
2. What Data We Process
hurra.ai processes the following categories of personal data:
a. User and Communication Metadata
- Email address and user ID (from Slack/Teams integrations)
- Workspace or organization ID
- Messages and queries submitted to hurra.ai
- Interaction timestamps
b. Technical and Device Data
- IP address (anonymized where possible)
- Browser and operating system details
- Activity logs and error reports
c. Optional Query Data
- Data in user-submitted content which may include personal or sensitive data depending on user input
All data is processed pseudonymously unless identifiable information is explicitly included by users.
3. Purpose and Legal Basis for Processing
We process personal data for the following purposes:
a. Service Provision and Functionality
To operate and improve hurra.ai, including selecting the most appropriate AI model to respond to queries.
Legal basis: Article 6(1)(b) GDPR (performance of a contract)
b. Security, Monitoring, and Product Improvement
To protect systems, detect misuse, and analyze service usage.
Legal basis: Article 6(1)(f) GDPR (legitimate interests)
c. Consent-Based Features
Where user consent is obtained for optional features such as extended logging or marketing communication.
Legal basis: Article 6(1)(a) GDPR (consent)
4. How We Collect Data
Data is collected directly through:
- Slack/Teams integrations (via message-based triggers)
- User-submitted content
- Application logs and telemetry
5. AI Providers and Subprocessors
hurra.ai may forward queries to integrated AI models (e.g., OpenAI, Anthropic, Google Gemini) to generate responses. Only the necessary content is shared for processing.
These providers act as subprocessors, and we ensure they are contractually bound to GDPR-compliant data protection terms. A full list of subprocessors is available on request.
6. International Data Transfers
If personal data is transferred outside the European Economic Area (EEA), we implement appropriate safeguards such as:
- European Commission Standard Contractual Clauses (SCCs)
- Transfers to countries with adequacy decisions
We ensure these subprocessors do not retain or use data beyond the scope of our agreements.
7. Data Retention
Personal data is retained for the minimum period necessary to:
- Provide our services
- Fulfill contractual or legal obligations
- Resolve disputes or enforce agreements
By default, user query data is retained for no more than 90 days unless a different retention policy is agreed upon with the client organization. Aggregated or anonymized data may be retained for analytics and security purposes.
8. Data Subject Rights
You have the following rights under GDPR:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right to withdraw consent (Art. 7)
- Right to lodge a complaint with a supervisory authority (Art. 77)
To exercise your rights, contact us at privacy@hurra.com.
9. Data Security Measures
We apply technical and organizational measures to ensure the confidentiality, integrity, and availability of data:
- TLS encryption of data in transit
- Anonymization of IP addresses
- Role-based access controls and audit logging
In the event of a data breach, we will notify affected users and relevant authorities as required by GDPR.
10. Automated Processing and AI Use
hurra.ai submits query content to third-party AI models solely to generate responses. These models do not retain query data for training unless explicitly consented to. No decisions with legal or similar effects are made solely by automated processing. Third-party AI models act as subprocessors under our agreements.
11. Use of Cookies and Tracking
hurra.ai does not use tracking cookies in Slack or Teams integrations. On our marketing website, cookies may be used to:
- Store consent preferences
- Measure website performance
- Integrate analytics services such as Google Analytics (subject to your consent)
Cookie use is governed by our website Cookie Policy.
12. Changes to This Privacy Policy
We may update this policy due to legal or technical changes. We will notify users of material changes through Slack, Teams, or our website, and post the last update date prominently.
Contact
Hurra Communications GmbH
Lautenschlagerstraße 23a
70173 Stuttgart, Germany
Email: privacy@hurra.com
Date of this Privacy Policy: 27.6.2025
Previous Versions: This is the first version
