This Privacy Policy explains how HEWA (“HEWA”, “we”, “us”) collects, uses, and protects your information when you use the HEWA AI IDE and related services (the “Service”). We aim to collect only what we need to run the Service and to be honest about who processes your data.
1. Who we are & where we operate
HEWA provides a browser-based AI coding environment (IDE) for builders. The Service is currently offered in Kenya, Rwanda, Ethiopia, Uganda, Somalia, Nigeria, Zambia, and Tanzania. This policy is governed by the laws of Kenya (see Section 12), and we work toward compliance with the data-protection laws applicable in the countries we serve, including Kenya’s Data Protection Act, 2019.
2. Information we collect
- Account information — your name, email address, and authentication details when you sign up (including via GitHub or Google sign-in).
- Your content — the code, files, prompts, and project data you create or upload to the Service.
- Payment information — when you top up credits, your mobile-money (M-Pesa) phone number and transaction references. We do not store full card numbers.
- Usage & device data — log data such as IP address, browser/device type, timestamps, feature usage, and error diagnostics used to operate and improve the Service.
- Local storage — some data (e.g., open tabs, settings, offline file edits) is stored in your browser on your device.
3. How we use your information
- To provide, maintain, and secure the Service.
- To process AI requests — your prompts and relevant project context are sent to AI providers to generate responses (see Section 5).
- To process credit top-ups and prevent fraud.
- To diagnose problems, improve performance, and develop new features.
- To communicate with you about your account, security, and material changes.
4. AI processing of your content
When you use AI features, the prompts and the project context needed to answer them are transmitted to third-party AI providers (Section 5) to generate a response. We do not sell your code, and we do not authorise providers to use your content to train their models except where you have explicitly opted in or where required to deliver the feature you requested. AI output may be inaccurate — always review generated code before relying on it.
5. Third-party providers (sub-processors)
We rely on established global providers to operate the Service. We share only the data necessary for each provider to perform its function. The current providers are:
| Purpose | Providers |
|---|---|
| Hosting & infrastructure | Vercel, Railway |
| Authentication & database | Supabase |
| Payments (mobile money) | Safaricom (M-Pesa / Daraja) |
| AI model & inference providers | Anthropic, OpenAI, Google, Groq, Together AI, OpenRouter, Alibaba Cloud (DashScope), Moonshot AI |
| Embeddings & search | Voyage AI, Tavily |
This list may change as the Service evolves; an up-to-date list is available on request. Some providers process data outside your country (see Section 8).
6. Data retention
We keep your account and content for as long as your account is active or as needed to provide the Service. You may delete projects at any time, and you may request deletion of your account and associated personal data, subject to legal or accounting obligations we must meet (for example, transaction records).
7. Security
We use industry-standard measures — encryption in transit, access controls, and tenant isolation so your projects are scoped to your account. No method of transmission or storage is perfectly secure, but we work to protect your data and to respond promptly to any incident.
8. International data transfers
Because we use global providers, your information may be processed in countries other than the one you live in. Where we transfer personal data across borders, we take steps to ensure an appropriate level of protection consistent with applicable law.
9. Your rights
Depending on your country, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us at the address below. You may also lodge a complaint with your local data-protection authority (for example, the Office of the Data Protection Commissioner in Kenya).
10. Children
The Service is not directed to children under 18, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.
11. Cookies & local storage
We use essential cookies and browser local storage to keep you signed in and to remember your settings and offline edits. We do not use advertising trackers.
12. Governing law
This Privacy Policy is governed by the laws of Kenya, without regard to conflict-of-laws principles, and the courts of Kenya shall have jurisdiction, subject to any mandatory protections available to you under the laws of the country where you reside.
13. Changes to this policy
We may update this policy from time to time. We will post the updated version here and revise the “Last updated” date; significant changes will be communicated to you.
14. Contact
Questions or requests? Email privacy@hewa.ai.