Privacy Policy
Effective Date: September 30, 2025.
1. Who we are and scope
Zeus AI Labs, Inc. ("Hercules," "we," "our," "us") operates the web application available at hercules.app (the "Service"). This Privacy Policy explains how we collect, use, share, and protect personal data when you use the Service. It forms part of, and is governed by, our Terms of Service.
We act as the data controller for personal data described here, except where we process Content solely on behalf of a customer under a separate data‑processing addendum—in that case we act as a processor.
2. Personal data we collect and how we use it
| Category of information | What it includes | How it's being used | Source | Legal basis (GDPR / UK GDPR) |
|---|---|---|---|---|
| Account & billing | Name, email, authentication tokens, payment‑method tokens (no full card numbers), postal address, plan tier | Provide, maintain, and bill for the Service | You | Contract |
| Content | Prompts, code, files, AI‑generated outputs ("Content") | Provide the Service; improve and train our AI models | You / Service | Contract; legitimate interests (users on Team and Enterprise plans can disable training) |
| Telemetry | Device type, browser, OS, IP address, clickstream, error traces, usage frequency | Product analytics; security and fraud prevention | Automated (or after cookie consent) | Legitimate interests; legal obligation |
| Communications | Support tickets, feedback, survey responses, bug reports | Provide support; improve the Service | You | Contract; legitimate interests |
| Cookies & similar tech | First‑party session cookies (authentication state); product analytics cookies (user session data, page views, interactions); advertising technology cookies (ad targeting) | Authentication; product analytics; personalized marketing | Automated (browser) | Strictly necessary (authentication); consent where required by law (analytics and advertising technology) |
| Marketing data | Email address, communication preferences, engagement data | Send promotional emails and product updates | You | Consent where required by law; you have the right to opt‑out (CCPA/CPRA) |
| Legal & compliance | Any personal data relevant to legal proceedings or regulatory requirements | Legal compliance and dispute resolution | Various sources | Legal obligation |
We do not knowingly collect data from anyone under 13 (under 16 in the EEA/UK).
3. How we share personal data
| Recipient | Role |
|---|---|
| Cloud hosting providers | Host and store data (e.g. Amazon Web Services, Cloudflare, Fly.io) |
| Payment processors | Process payments and billing (e.g. Stripe) |
| Analytics providers | Product analytics, error monitoring, and usage insights (e.g. PostHog, Sentry, Braintrust) |
| Email service providers | Send transactional emails, newsletters, and onboarding communications (e.g. Customer.io) |
| Third‑party integrations | Provide requested functionality when you enable integrations (e.g. GitHub, Slack, Linear) |
| To the public | App data that you have explicitly designated as public through the Service settings |
| Successor entities | Business transfers (merger, acquisition, bankruptcy) |
| Legal & regulatory bodies | Courts, law enforcement, or regulators – only when compelled by valid legal process (subpoena, court order, warrant) or as required by applicable law |
| Emergency responders | Only when we have good faith belief that disclosure is necessary to prevent imminent physical harm or death |
We may also disclose your personal data to other service providers with your explicit consent or at your direction.
4. Your data rights
You have the following rights regarding your personal data:
- Access – Request confirmation of what personal data we process about you and obtain a copy, including details about categories, purposes, sources, recipients, retention periods, and any automated decision‑making
- Portability – Receive your personal data in a structured, machine‑readable format to transfer to another service
- Rectification – Correct inaccurate or incomplete data. You can update this data yourself from the app settings.
- Restriction – Limit how we process your data in certain circumstances (e.g., if accuracy is disputed)
- Object – Object to processing based on legitimate interests or opt out of marketing at any time
- Withdraw Consent – Withdraw consent where processing relies on it (although this does not affect prior lawful processing)
- Erasure – Request deletion of your data. You can delete your account yourself in app settings. Data is removed within 30 days.
5. Cookies and related technologies
We use cookies, pixels, web beacons, and similar technologies to collect usage data and provide analytics. Our third‑party partners may also use these technologies for targeted advertising based on your activity across websites and services.
Managing your preferences
Where required by law, you can manage cookie preferences using the "Cookie Preferences" link in our website footer. You can also:
- Adjust settings in your browser to block or limit cookies
- Use device settings (like Apple's App Tracking Transparency or Android's opt‑out features) to control targeted advertising
- Opt out of interest‑based ads through the Digital Advertising Alliance
Note that blocking cookies may affect your experience with the Service.
6. Security
We keep your data secure through technical, organizational, and administrative safeguards
- Encryption – TLS 1.3 for every connection, AES‑256‑GCM for data at rest and encrypted secrets
- Segregated environments – production, staging, and development run in isolated environments.
- Access controls – we mandate MFA for all services
- Secure software development – static analysis, dependency scanning, and infrastructure‑as‑code checks on every pull request; code reviews are required for all changes.
We continually refine our controls and welcome responsible disclosure of potential issues to hello@hercules.app
7. International transfers
We host primary data in the United States. For EEA/UK data we rely on Standard Contractual Clauses and the UK Addendum. Enterprise customers may choose to store Content exclusively in our EU region.
8. Children's privacy
The Service is intended for users 13 years or older.
9. Changes to this policy
We may update this Privacy Policy from time to time. Changes and policy updates will be handled in accordance with the process outlined in our Terms.
10. Contact us
If you have any questions or concerns or would like to contact our Data Protection Officer, please email hello@hercules.app or write to:
Zeus AI Labs, Inc.
221 Kearny St, Level 3
San Francisco, CA 94108 USA