← Back to overview

Policies

HEMIDI PRIVACY POLICY

Effective date: March 26, 2026

1. Scope of Application

This Policy describes how HEMIDI JOINT STOCK COMPANY ("Hemidi", "we") collects, uses, retains, shares, and protects personal data when you access or use Hemidi's websites, web applications, application programming interfaces (APIs), platform workspaces, artificial intelligence features, automation features, community areas, partner marketplace, and related services (collectively, the "Service").

This Policy applies to individual users, Website visitors, community members, and commercial customers, unless otherwise provided in a separate contract, data processing addendum, or separate notice for a specific Service.

2. Information About Hemidi

The entity operating the Service is HEMIDI JOINT STOCK COMPANY, with address at 483 Nguyen Oanh, Go Vap Ward, Ho Chi Minh City, Vietnam.

Hemidi's current contact information is as follows:

  • Website: https://hemidi.com
  • Support: support@hemidi.com

3. Data Hemidi May Collect

Depending on how you use the Service, Hemidi may collect the following categories of data:

  • account and profile information, including but not limited to full name, email address, organization name, role, avatar, authentication information, and verification status;
  • transaction information, including but not limited to service plans, payment history, invoices, tax information, debt status, and data provided by payment partners;
  • technical data and system logs, including but not limited to IP address, device identifiers, browser type, operating system, access time, access logs, security logs, API logs, error codes, and diagnostic data;
  • usage data, including but not limited to visit counts, features used, workspace configuration, usage quotas, credit or billing unit balances, activity history, and analytics data;
  • content data, including but not limited to text, prompts, images, source code, files, documents, outputs, feedback, bug reports, and content submitted to support;
  • community or partner marketplace data, including but not limited to public projects, shared templates, listings, reviews, comments, author profiles, and related metadata;
  • data validly provided by third parties, including but not limited to authentication information, integration information, data from an administrator organization, or data from partners you authorize to connect.

4. Purposes of Data Processing

Hemidi may process personal data in order to:

  • provide, operate, maintain, and improve the Service;
  • authenticate accounts, administer workspaces, secure systems, prevent fraud, and handle incidents;
  • process payments, reconcile transactions, issue invoices, and support payment-related issues;
  • generate and provide outputs from artificial intelligence features;
  • support Users, receive complaints, respond to requests, and enforce applicable terms or policies;
  • analyze product performance, measure usage, and develop new features;
  • comply with law, requests of competent authorities, and protect the rights, property, or safety of Hemidi, other Users, or third parties;
  • send service notices, security alerts, transaction information, and marketing information where permitted by law.

Hemidi processes data in accordance with terms agreed with you, your consent where required by law, Hemidi's legal obligations, or other legal bases permitted by applicable law.

For personal data subject to Vietnamese law, Hemidi will provide notice, obtain consent, or apply an appropriate legal basis in accordance with current regulations and the nature of each category of data, each processing purpose, and each account type.

Depending on the relevant processing activity, Hemidi may act as a data controller with respect to account data, transaction data, security data, and Hemidi's own operational data; Hemidi may also act as a data processor or in an equivalent role when processing personal data on behalf of commercial customers under the applicable agreement.

6. Data Used to Improve the Service and Artificial Intelligence Systems

Because Hemidi's Service may include integration layers, workflows, or interfaces connecting to third-party generative artificial intelligence services selected by the User or customer, input data, output data, feedback data, and safety signals may be processed differently depending on the type of Service, account type, product configuration, and relevant provider:

  • for services intended for individual users or self-service plans, Hemidi may use content data, feedback, and usage signals to improve features, orchestration quality, integration layers, safety mechanisms, or the corresponding product experience serving the same product group or related functionality, unless Hemidi publishes an opt-out mechanism or otherwise provides for that product; if a connected third-party AI provider has its own policy regarding the use of data to train, fine-tune, or improve its models, such processing is also subject to the relevant provider and applicable documentation;
  • for commercial services, team services, or enterprise services, Hemidi processes customer content primarily to provide, operate, secure, support, and maintain the very product used by the customer. Unless the customer affirmatively opts in, separately agrees, or the documentation specifically applicable to the service package clearly provides otherwise, Hemidi does not use customer content from the Commercial Service to train, fine-tune, or improve foundation models, shared models, or other artificial intelligence product lines directly provided by Hemidi for separate commercialization. If a Service or service package permits customer content to be used to improve features, safety mechanisms, orchestration quality, or, where Hemidi clearly discloses that it directly provides a model layer, to improve the model within that very product, Hemidi will clearly disclose the applicable mechanism, the scope of relevant data, the order of precedence between general documentation and specifically applicable documentation, and any opt-in or opt-out choices if any; where the customer chooses to connect a third-party AI provider, data may also be processed under that provider's applicable documentation within the scope of the relevant integration;
  • in all cases, Hemidi retains the right to use aggregated data, data processed to reasonably reduce the ability to identify individuals, security logs, and anti-abuse signals to protect the system, detect incidents, prevent fraud, and comply with law.

If a Service has a minimum data retention mode, a mode that does not use data to improve the system, or a dedicated data isolation mechanism for enterprise customers, the documentation applicable to that Service or a separate agreement shall prevail.

Additional information regarding categories of material providers, data processing locations, or data transfer principles may be further disclosed by Hemidi in HEMIDI SUBPROCESSOR AND DATA TRANSFER APPENDIX, the trust center, product documentation, or applicable commercial documentation.

7. Data Sharing

Hemidi may share data with the following parties:

  • affiliates, authorized entities, or contractors processing data on Hemidi's behalf;
  • infrastructure, storage, security, authentication, customer support, email delivery, payment, analytics, and operational monitoring providers;
  • artificial intelligence model providers or content processing tools to the extent necessary to provide the Service;
  • an account administrator organization if you use an account administered by that organization;
  • integration partners that you affirmatively connect;
  • government authorities or other third parties if Hemidi has a legal obligation or if sharing is reasonably necessary to protect Hemidi's or others' lawful rights and interests.

Hemidi does not represent that it sells personal data as an independent commodity. If Hemidi uses advertising or measurement partners involving personal data, Hemidi will disclose that appropriately in this Policy or in a separate notice.

Depending on the Service and customer segment, Hemidi may maintain a list or reasonable description of categories of material providers such as infrastructure providers, authentication providers, payment providers, customer support providers, security providers, analytics providers, or AI model providers. To the extent legally or commercially necessary, Hemidi may disclose that information through product documentation, the trust center, commercial documentation, or appendices specifically applicable.

8. Data Transfers Outside the National Scope

Data may be stored or processed in Vietnam or in other countries where Hemidi, its affiliates, or its service providers operate systems.

Where personal data is transferred outside Vietnam or outside the country where you reside, Hemidi will apply technical, organizational, and procedural measures consistent with applicable law. If the law requires notice, consent, data protection commitments, or additional administrative procedures, Hemidi will implement them to the extent required by that law.

Depending on the Service, Hemidi may use one or more appropriate data transfer mechanisms, including but not limited to contractual commitments, data protection clauses, supplementary technical measures, supplementary organizational measures, or other administrative procedures under applicable law.

9. Data Retention

Hemidi retains data for as long as reasonably necessary to:

  • maintain accounts and provide the Service;
  • support Users, process payments, maintain security, and investigate incidents;
  • comply with accounting, tax, recordkeeping, and other legal obligations;
  • resolve disputes and enforce agreements.

Specific retention periods may vary depending on the category of data, service plan type, account status, contractual obligations, and legal requirements. Backups and system logs may be retained for an additional reasonable period before being deleted or hidden from the primary operating environment.

Where appropriate for the type of Service, Hemidi may apply different retention schedules for:

  • account data and profile data;
  • payment data, invoices, and records;
  • security logs, access logs, and incident investigation data;
  • content data in workspaces;
  • community data or public content;
  • backups and system restoration records.

If product documentation, administrative settings, an order form, or a separate agreement provides for a more specific retention schedule, that documentation shall prevail to the relevant extent.

10. Your Rights

Depending on applicable law and account type, you may have one or more of the following rights:

  • to be informed about data processing activities relating to you;
  • to request access to or a copy of your data;
  • to request correction of inaccurate data;
  • to request deletion, restriction of processing, or withdrawal of consent in cases permitted by law;
  • to object to certain processing activities;
  • to lodge a complaint with a competent authority.

Hemidi reserves the right to require verification of identity, representative authority, and scope of request before processing. Some requests may be denied or only partially fulfilled if the law permits Hemidi to continue retaining or processing the data.

If Hemidi processes data on behalf of a commercial customer, Hemidi may refer the data subject's request to the relevant customer or require the data subject to contact the appropriate data controller directly, unless applicable law requires Hemidi to handle the request directly.

11. Cookies and Similar Technologies

Hemidi uses cookies, local device storage, tracking pixels, or similar technologies to maintain sessions, remember preferences, measure performance, and enhance security.

Further details are set out in HEMIDI COOKIE POLICY.

12. Data Security

Hemidi implements reasonable technical and organizational measures to protect data, including but not limited to access controls, internal authorization controls, logging, monitoring, encryption where appropriate, and incident response procedures. However, no system can guarantee absolute security.

13. Children

Unless Hemidi clearly publishes an exception for a specific Service, the Service is not intended for persons under eighteen (18) years of age. If Hemidi discovers data provided contrary to this condition of use, Hemidi reserves the right to, at its discretion, suspend or terminate, cancel, revoke, adjust, or temporarily lock the relevant account and process the data in accordance with internal procedures and applicable law.

14. Policy Changes

Hemidi reserves the right to update this Policy from time to time. If a change materially affects how Hemidi processes data or Users' rights, Hemidi will provide notice in an appropriate manner, including but not limited to posting on the Service, email, or in-product notice.

15. Contact

You may submit requests relating to personal data, privacy, or data complaints to support@hemidi.com or another contact point officially published by Hemidi on the Service from time to time.

Where necessary to protect personal data or comply with applicable law, Hemidi may designate a privacy contact point, data protection contact point, or other specialized intake channel and publish such contact point on the Service or in the applicable documentation.