Hiro Analytics | Last updated: April 30, 2026
Hiro Analytics Inc. (“Hiro Analytics,” “we,” “us,” or “our”) provides retention marketing analytics services that help agencies and brands analyze their marketing performance across channels and platforms. This Privacy Policy explains how we collect, use, store, and protect information in connection with our services.
We never sell your data — never have, never will.
This Privacy Policy applies to:
Hiro Analytics operates in two distinct capacities:
This policy does not govern the data practices of the third-party platforms you integrate with Hiro Analytics (such as Klaviyo, Shopify, Attentive, etc.). Please refer to those platforms’ privacy policies for information about their data practices.
For detailed information about how we process data from your integrations on your behalf, please refer to our Data Processing Agreement.
When you sign up for Hiro Analytics, we collect:
Why we collect this: To create and manage your account, provide customer support, process payments, and communicate about service updates and changes.
When you connect third-party platforms to Hiro Analytics, we collect and process data through their official APIs:
Why we collect this: To provide analytics, generate reports, track marketing attribution, analyze campaign performance, and deliver the retention marketing insights you contracted for.
Historical data window for integration data. Where the connected platform makes it available, Hiro Analytics ingests historical engagement data going back to January 1, 2023, and order data going back to the beginning of your integration, to support multi-year cohort, retention, and lifetime-value analyses. For your account specifically, data is retained as set out in the Retention and Deletion section below.
Hiro Analytics does not collect, process, or store the following personally identifiable information (PII) from your integrated platforms:
All profile data is processed using anonymized identifiers, ensuring we can provide analytics without accessing or storing personal information about your customers. Some custom properties, tags, or message metadata that pass through your connected platforms’ APIs may incidentally contain personal information that you or your customers placed in free-text fields (for example, a name typed into a custom property). Hiro Analytics does not request or intentionally use such fields, and we do not attempt to extract or correlate personal information from them. If you become aware that a custom property contains regulated personal data, please contact us at help@hiroanalytics.com so we can suppress that field for your account.
We automatically collect:
Why we collect this: To maintain platform security, prevent fraud, troubleshoot technical issues, and improve service performance.
We use cookies and similar tracking technologies to:
You can control cookies through your browser settings. Note that disabling cookies may limit some platform functionality.
We do not use cookies or similar technologies for cross-context behavioral advertising, and we do not share data with third-party advertising networks. The cookies we use are limited to first-party functional, analytics, and product-improvement purposes.
Hiro Analytics recognizes the Global Privacy Control (GPC) signal sent by privacy-preference-enabled browsers and extensions. When we receive a GPC signal, we treat it as a valid request to opt out of any “sale” or “share” of personal information for the corresponding browser/device, in accordance with applicable U.S. state law.
Do Not Track. Some browsers offer a “Do Not Track” (“DNT”) signal that allows users to express a preference not to be tracked across websites. Because there is no industry-standard interpretation of DNT signals, Hiro Analytics does not currently respond to DNT browser signals. We do, however, honor Global Privacy Control (GPC) signals as described above, and we do not engage in cross-context behavioral advertising or share personal information with third-party advertising networks regardless of any DNT setting.
If you contact us with questions, feedback, or support requests, we retain:
Why we collect this: To provide customer support, improve our services, and maintain records for quality assurance.
For Account Holders and Users — we use your account information to:
For Integration Data — we process integration data solely to provide analytics services contracted by you:
Data is never used for: (i) training generalized or third-party AI/ML models; (ii) building or improving any model that is used outside of your individual account; (iii) marketing to your customers or end users; (iv) cross-context behavioral advertising; (v) sharing with other Hiro Analytics customers; or (vi) any purpose other than providing the services you have contracted for. Where we use machine learning to power features within your account (for example, anomaly detection or AI search), the underlying models are scoped to your data and are not used to make automated decisions that produce legal or similarly significant effects on individuals.
We Do Not Sell Your Data. Hiro Analytics has never sold customer data and never will. We do not share, rent, or sell your information to third parties for their marketing purposes.
We share data only with trusted service providers who help us deliver our services:
| Sub-processor | Purpose | Data Access |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and data storage. | Integration data and account data, stored encrypted at rest. |
| Retool | Application platform on which the Hiro Analytics web application is built, including the customer-facing reporting, analysis, and support interfaces. | All integration data processed under the Agreement; access by Hiro personnel is role-based and limited to reporting, analysis, and support. |
| Stripe | Payment processing. | Billing information only. |
All sub-processors are contractually obligated to use data only for specified purposes, implement appropriate security measures, comply with applicable data protection laws, and not share data with unauthorized parties. The current sub-processor list is published at hiroanalytics.com/sub-processors.
We may disclose information when required to:
In such cases, we will make reasonable efforts to notify you unless prohibited by law.
If Hiro Analytics is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
For Account Data (We are Controller):
For Integration Data (We are Processor):
Your responsibility: As the data controller for integration data, you are responsible for ensuring you have a lawful basis to share data with Hiro Analytics and that your customers are appropriately informed about this processing.
You have the right to:
To exercise any of these rights, contact us at help@hiroanalytics.com with subject line “Data Subject Rights Request.” We will respond within 30 days (extendable by an additional 45 days where reasonably necessary, with notice to you) and may require identity verification.
If you receive a data subject rights request from one of your customers, please contact us immediately. We will assist you in responding in accordance with applicable data protection laws.
In the preceding 12 months, Hiro Analytics has collected the following categories of personal information, as defined in Cal. Civ. Code § 1798.140: identifiers (such as name, email address, IP address), customer records (such as billing information), commercial information (such as subscription and transaction records), internet or network activity (such as platform usage logs), and professional information (such as company name and role). We collect this information directly from you, automatically through your use of our services, and from our payment processor. We use it for account creation and management, service delivery, billing, security, fraud prevention, customer support, and product improvement. We disclose it to categories of service providers including cloud infrastructure providers, payment processors, and internal tooling vendors, each bound by written contracts that restrict their use of the information.
We do not collect sensitive personal information as defined under the CCPA. We do not sell or share personal information, as those terms are defined under the CCPA, and have not done so in the preceding 12 months. We do not use personal information for cross-context behavioral advertising.
Retention periods for each category are described in the Retention and Deletion section below.
California residents have the rights described in the Your Rights and Choices section above, including the right to know, the right to delete, the right to correct, the right to opt out of sale/share, the right to limit use of sensitive personal information, the right to opt out of automated decision-making, and the right to non-discrimination. To exercise any of these rights, contact us at help@hiroanalytics.com.
California “Shine the Light” (Cal. Civ. Code § 1798.83). California residents who have an established business relationship with Hiro Analytics may request information once per calendar year about personal information (if any) we disclosed to third parties for those third parties’ own direct marketing purposes during the preceding calendar year. Hiro Analytics does not disclose personal information to third parties for their direct marketing purposes, and therefore has no information to report under this law. To submit a “Shine the Light” request, contact us at help@hiroanalytics.com with the subject line “California Shine the Light Request.”
Nevada law gives consumers the right to direct certain operators of websites and online services not to sell their “covered information.” Hiro Analytics does not sell covered information as defined under Nevada law, and we have no plans to do so. Nevada residents who wish to submit a verified request opting out of any future sale of their covered information may contact us at help@hiroanalytics.com with the subject line “Nevada Opt-Out Request.”
Residents of the above states have the rights described in the Your Rights and Choices section above, including the right to access, correct, delete, port, opt out of sale/share, opt out of targeted advertising, and (where applicable) opt out of profiling that produces legal or similarly significant effects. Residents of states whose laws provide an appeal right may appeal a denial of any rights request as described above. We do not engage in targeted advertising and do not sell personal information.
Hiro Analytics does not collect, process, or share “consumer health data” as defined by the Washington My Health My Data Act.
Technical Measures:
Organizational Measures:
Data Breach Notification. In the event of a data breach affecting personal information you have provided or that we process on your behalf, we will: notify you without undue delay and, where required by applicable law or our Data Processing Agreement, within the timeframes specified therein (typically within 72 hours of becoming aware of a confirmed breach affecting your data); provide details about the breach and data affected; describe measures taken; advise on protective steps; and cooperate with any notification obligations you may have to your customers.
All data is stored and managed in the United States using Amazon Web Services (AWS) infrastructure. By using our services, you acknowledge and consent to data transfer and storage in the United States.
For customers in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs), adequacy decisions recognized by the European Commission, and other lawful transfer mechanisms as required. For UK customers, we rely on the UK International Data Transfer Addendum to the EU SCCs.
We retain personal information only for as long as necessary for the purposes described in this policy. The following schedule sets out our retention practices by category. Where multiple criteria apply, we retain data for the longer of the listed periods.
| Category | Retention period |
|---|---|
| Account profile (name, email, role) | Duration of subscription + 60 days after cancellation. |
| Authentication and security logs | 12 months from event. |
| Billing records and invoices | 7 years (tax/financial recordkeeping). |
| Support correspondence | 3 years from last interaction. |
| Integration data (engagement, orders) — active accounts | From data start date through end of subscription. |
| Integration data — canceled accounts | Inaccessible immediately on cancellation; permanently deleted within 60 days. |
| Marketing/contact records (prospects, leads) | Until you opt out + 12 months for suppression list maintenance. |
| Cookies and similar identifiers | Up to 13 months from last visit (session cookies are deleted at session end). |
| Data subject to legal hold | Duration of the hold + reasonable disposition window. |
We will notify you if a legal hold affects your data due to active litigation, regulatory investigations, or legal preservation requirements.
Hiro Analytics services are not directed to children, and our Account Holders must be 18 or older to register for an account. We do not knowingly collect personal information from anyone under 16 from our website. Through our integrations, we receive only anonymized identifiers from your platforms; we do not knowingly receive identifiable information about children under 13 (which would be subject to the Children’s Online Privacy Protection Act, COPPA), and we do not engage in any processing that would constitute the “sale” of personal information of a minor under 16. If we become aware that we have inadvertently received personal information from a minor, we will take steps to delete that information promptly. Contact us at help@hiroanalytics.com if you believe we have collected information from a child.
We may update this Privacy Policy from time to time to reflect changes to our services, legal requirements, industry best practices, or customer feedback. When we make significant changes, we will update the “Last updated” date, notify you via email, and post the updated policy at hiroanalytics.com/privacy-policy.
Continued use of our services after changes constitutes acceptance of the updated policy.
If you are located in the EEA, United Kingdom, or Switzerland, you have rights under the GDPR as outlined in the Your Rights and Choices section above. You also have the right to lodge a complaint with your local data protection authority. If we engage in processing that requires the appointment of an EU or UK representative under Article 27 of the (UK) GDPR based on the volume or nature of EEA/UK personal data we process, our representative’s contact details is listed below.
We may send you emails about service updates, security alerts, tips for using Hiro Analytics, and company news.
You can opt out of marketing communications at any time by clicking “unsubscribe” in any marketing email, contacting help@hiroanalytics.com, or updating preferences in your account settings. Note: you cannot opt out of essential service communications (which include, but are not limited to, billing notices, security alerts, material changes to this Privacy Policy or our Terms of Service, and notices reasonably necessary to provide the services you have contracted for).
Data Protection Contact: Brendan Uyeshiro, Chief Technology Officer
Email: help@hiroanalytics.com
General Inquiries:
Email: help@hiroanalytics.com
Company Address:
Hiro Analytics Inc.
1111b S Governors Ave, STE 25084
Dover, DE 19904, United States
Thank you for trusting Hiro Analytics with your data. Your privacy and security are our top priorities.
