Data Privacy and Usage FAQ

warning

The following Data Privacy and Usage FAQ and answers may change at any time. The Terms and Conditions and any other Hex Service Agreements take precedence over this FAQ. Please see https://trust.hex.tech/ for additional details on Hex’s Trust Program.

Last Modified: May 13, 2024

Hex does not and will never sell customer data. Hex shares data with our subprocessors and other services that we require to provide the Hex Service and run the Hex business. Hex does not and will never share customer data for any other purpose other than providing the Hex Service and running the Hex business. Hex’s subprocessors, their purposes, and data residencies are available here: https://trust.hex.tech/#subprocessors.

How does Hex classify customer data?

Hex classifies customer data into two Data Classifications, each with their own Data Types:

Customer Data

Customer Account Data: customer personal data provided to the Hex Service, AKA Hex usernames, email addresses, and first and last names
Customer Datasets: customer databases connected to the Hex Service and files, secrets, and version control data uploaded to the Hex Service, AKA data that was created outside of Hex and was connected to or brought into the Hex Service by the customer
Customer Input Data: customer inputs into the Hex Service, AKA the data the customer inputs into code cells, SQL cells, text cells, etc.
Customer Output Data: the outputs from the Hex Service, AKA the output generated by the Hex Service when the customer runs a project and/or cells

Hex Metadata

Customer Database Metadata: aggregated column and row counts and column descriptions
Hex Aggregated or Derived Statistics: performance information and statistics related to the provision and operation of the Hex Service

How does Hex use Customer Data?

Hex does not and will never use Customer Datasets or Customer Database row-level data to improve the performance and reliability of the Hex Service.

Hex requires Customer Account Data, Customer Input Data, Customer Output Data, and Hex Metadata to provide the Hex Service, and may also use these data to improve the performance and reliability of the Hex Service.

The Hex Service interacts with Customer Datasets to perform actions on behalf of the customer. Hex does not utilize Customer Datasets to improve the performance and reliability of the Hex Service.

Hex may view Customer Data within the Hex Service during Support interactions.

Hex may use Customer Account Data for sales and marketing purposes (see How does Hex use my personal information? Is Hex GDPR and CCPA compliant?). Hex associates Customer Account Data with Hex Service Usage Data, which are then utilized to improve the performance and reliability of the Hex Service.

Customer Data submitted via Hex Magic are subject to the Hex Magic Terms and Conditions.

Full definitions of Customer Data and Hex Metadata and Hex’s usage of both are available here: https://trust.hex.tech/#data-security.

Does Hex look at Customer Data?

Hex may view Customer Data within the Hex Service during Support interactions. Customers must opt-in to sharing projects with Support. Access to Customer Data is restricted to Hex personnel on a need-to-know basis. Hex adheres to the principle of least privilege and regularly reviews who has access to Customer Data.

The Hex Service is data agnostic: customers are responsible for any GDPR, CCPA, or other regulatory requirements for Customer Datasets, Customer Input Data, and Customer Output Data provided to the Hex Service.

Hex is an active participant in the Data Privacy Framework and is both GDPR and CCPA compliant. Hex may enter into Data Processing Agreements (DPAs) with customers that require additional privacy guarantees.

Hex is compliant with the CAN-SPAM Act: Hex users may easily unsubscribe from Hex marketing and sales communications. Data subject access requests for Hex users may be sent to [email protected]. Hex’s Privacy Policy contains additional information.

How does Hex interact with OpenAI? What data is sent to OpenAI?

Hex constructs requests to OpenAI when a user uses Hex Magic. Hex only sends context based on the user’s workspace during a request. Hex never uses your data or metadata to improve other customers’ requests.

Hex sends Customer Input Data (project code) and Hex Metadata (schema information and table and column names), submitted prompts, and any resulting Magic completions to OpenAI for the purposes of delivering Hex Magic. Customer Data submitted via Hex Magic are subject to the Hex Magic Terms and Conditions.

Can we utilize PHI data within Hex Magic?

Hex has a business associate agreement (BAA) with OpenAI that enables utilizing PHI data within Hex Magic.

OpenAI does not retain any data submitted via Hex Magic.

Does OpenAI retain data sent to it via Hex Magic?

Customer's database schemas are stored in an embedding in a vector database (which is not a trained model) in Hex’s infrastructure. The embedding model we use is OpenAI’s Ada model. Your embeddings are only used for your tenant; they are not used for other customers.

OpenAI does not retain any data submitted via Hex Magic.

Does Hex utilize Customer Data to train OpenAI’s models or any other models?

Hex has not opted-in to data sharing with OpenAI and no Customer Data is utilized to train OpenAI models.

Neither Hex nor our third-party model partner (OpenAI) train models using data from Hex customers, eliminating the risk of intellectual property leakage through passed context. This means a model won’t spit out your code to another customer.

Does Hex utilize Magic prompts and corrections of Hex Magic generated queries to improve the performance and reliability of Hex Magic?

Hex employees may look at Magic Inputs and Outputs data, including prompts and relevant Customer Input Data, when necessary to fix bugs or improve the performance and reliability of Hex Magic. For example, Hex employees may utilize poorly-rated Magic completions to improve the Magic feature.

Who owns the intellectual property that Hex Magic generates?

Hex’s customers own all outputs from the Magic feature, to the extent that the customer has opted in to utilize Hex Magic. Customer Data submitted via Hex Magic are subject to the Hex Magic Terms and Conditions.

What data is the Hex Magic feature trained on? What sorts of bias risk might there be?

Hex utilizes OpenAI's state of the art models including GPT4 and GPT3.5. Those models’ training data are detailed in their technical reports.

Data Privacy and Usage FAQ

Does Hex sell or share customer data?​

How does Hex classify customer data?​

How does Hex use Customer Data?​

Does Hex look at Customer Data?​

How does Hex use my personal information? Is Hex GDPR and CCPA compliant?​

How does Hex interact with OpenAI? What data is sent to OpenAI?​

Can we utilize PHI data within Hex Magic?​

Does OpenAI retain data sent to it via Hex Magic?​

Does Hex utilize Customer Data to train OpenAI’s models or any other models?​

Does Hex utilize Magic prompts and corrections of Hex Magic generated queries to improve the performance and reliability of Hex Magic?​

Who owns the intellectual property that Hex Magic generates?​

What data is the Hex Magic feature trained on? What sorts of bias risk might there be?​

On this page

Does Hex sell or share customer data?