Skip to main content

Data Privacy and Usage FAQ

Last Modified: February 25, 2025

warning

The following Data Privacy and Usage FAQ and answers may change at any time. The Terms and Conditions and any other Hex Service Agreements take precedence over this FAQ. Please see https://trust.hex.tech/ for additional details on Hex’s Trust Program.

Does Hex sell or share customer data?

Hex does not and will never sell customer data. Hex shares data with our subprocessors and other services that we require to provide the Hex Service and run the Hex business. Hex does not and will never share customer data for any other purpose other than providing the Hex Service and running the Hex business. Hex’s subprocessors, their purposes, and data residencies are available here: https://trust.hex.tech/subprocessors.

How does Hex classify customer data?

Hex classifies customer data into two Data Classifications, each with their own Data Types:

Customer Data

  • Customer Account Data: customer personal data provided to the Hex Service, AKA Hex usernames, email addresses, and first and last names
  • Customer Datasets: customer databases connected to the Hex Service and files, secrets, and version control data uploaded to the Hex Service, AKA data that was created outside of Hex and was connected to or brought into the Hex Service by the customer
  • Customer Input Data: customer inputs into the Hex Service, AKA the data the customer inputs into code cells, SQL cells, text cells, etc.
  • Customer Output Data: the outputs from the Hex Service, AKA the output generated by the Hex Service when the customer runs a project and/or cells

Hex Metadata

  • Customer Database Metadata: aggregated column and row counts and column descriptions
  • Hex Aggregated or Derived Statistics: performance information and statistics related to the provision and operation of the Hex Service

How does Hex use Customer Data?

Hex does not and will never use Customer Datasets or Customer Database row-level data to improve the performance and reliability of the Hex Service.

Hex requires Customer Account Data, Customer Input Data, Customer Output Data, and Hex Metadata to provide the Hex Service, and may also use these data to improve the performance and reliability of the Hex Service.

The Hex Service interacts with Customer Datasets to perform actions on behalf of the customer. Hex does not utilize Customer Datasets to improve the performance and reliability of the Hex Service.

Hex may view Customer Data within the Hex Service during Support interactions.

Hex may use Customer Account Data for sales and marketing purposes (see How does Hex use my personal information? Is Hex GDPR and CCPA compliant?). Hex associates Customer Account Data with Hex Service Usage Data, which are then utilized to improve the performance and reliability of the Hex Service.

Customer Data submitted via Hex Magic are subject to the Hex Magic Product Specific Terms.

Full definitions of Customer Data and Hex Metadata and Hex’s usage of both are available here: https://trust.hex.tech/faq.

Does Hex look at Customer Data?

Hex may view Customer Data within the Hex Service during Support interactions. Customers must opt-in to sharing projects with Support. Access to Customer Data is restricted to Hex personnel on a need-to-know basis. Hex adheres to the principle of least privilege and regularly reviews who has access to Customer Data.

How does Hex use my personal information? Is Hex GDPR and CCPA compliant?

The Hex Service is data agnostic: customers are responsible for any GDPR, CCPA, or other regulatory requirements for Customer Datasets, Customer Input Data, and Customer Output Data provided to the Hex Service.

Hex is an active participant in the Data Privacy Framework and is both GDPR and CCPA compliant. Hex may enter into Data Processing Agreements (DPAs) with customers that require additional privacy guarantees.

Hex is compliant with the CAN-SPAM Act: Hex users may easily unsubscribe from Hex marketing and sales communications. Data subject access requests for Hex users may be sent to [email protected]. Hex’s Privacy Policy contains additional information.

How does Hex interact with its LLM providers? What data is sent to the LLM providers?

Hex constructs requests to its LLM providers when a user uses Hex Magic. Hex only sends context based on the user’s workspace. Hex never uses your data or metadata to improve other customers’ requests.

Hex sends Customer Input Data (project code), Customer Output Data (project/cell runs), and Hex Metadata (schema information and table and column names), submitted prompts, and any resulting Magic completions to LLM providers for the purposes of delivering Hex Magic. Customer Data submitted via Hex Magic are subject to the Hex Magic Product Specific Terms.

Who are Hex's LLM providers?

Hex uses OpenAI and Anthropic as its LLM providers with a zero retention, zero training policy.

For Hex Magic Typeahead, Hex uses Codeium with a zero retention, zero training policy.

For more information on Hex's Magic subprocessors, see Hex's Subprocessors List.

Can we utilize PHI data within Hex Magic?

Hex has a Business Associate Agreement (BAA) with its LLM providers that enables utilizing PHI data within Hex Magic.

LLM providers do not retain any data submitted via Hex Magic.

Do LLM providers retain data sent to it via Hex Magic?

Customer's database schemas are stored in an embedding in a vector database (which is not a trained model) in Hex’s infrastructure. The embedding model we use is OpenAI’s Ada model. Your embeddings are only used for your tenant; they are not used for other customers.

LLM providers do not retain any data submitted via Hex Magic.

Does Hex utilize Customer Data, input data, or output data to train LLM provider models or any other models?

Hex has not opted-in to data sharing with its LLM providers, and no Customer Data, input data, or output data is utilized to train any models.

Neither Hex nor our third-party model partners train models using data from Hex customers, eliminating the risk of intellectual property leakage through passed context.

Does Hex utilize Magic prompts and corrections of Hex Magic generated queries to improve the performance and reliability of Hex Magic?

Hex employees may look at Magic Inputs and Outputs data, including prompts and relevant Customer Input Data and Customer Output Data, when necessary to fix bugs or improve the performance and reliability of Hex Magic. For example, Hex employees may utilize poorly-rated Magic completions to improve the Magic feature.

Who owns the intellectual property that Hex Magic generates?

Hex’s customers own all outputs from the Magic feature, to the extent that the customer has opted in to utilize Hex Magic. Customer Data submitted via Hex Magic are subject to the Hex Magic Product Specific Terms.

What data is the Hex Magic feature trained on? What sorts of bias risk might there be?

Hex utilizes its LLM providers' state of the art models including OpenAI's GPT-4 and GPT-3.5 and Anthropic's Claude 3.5. Those models’ training data are detailed in their technical reports: OpenAI and Anthropic.

Can I turn off Hex Magic Typeahead but keep Magic turned on?

Yes, admins can turn off Hex Magic Typeahead in the Magic settings page.