HEWA Get started
← Back to home

Privacy Policy

Last updated: 11 June 2026

This Privacy Policy explains how HEWA (“HEWA”, “we”, “us”) collects, uses, and protects your information when you use the HEWA AI IDE and related services (the “Service”). We aim to collect only what we need to run the Service and to be honest about who processes your data.

1. Who we are & where we operate

HEWA provides a browser-based AI coding environment (IDE) for builders. The Service is currently offered in Kenya, Rwanda, Ethiopia, Uganda, Somalia, Nigeria, Zambia, and Tanzania. This policy is governed by the laws of Kenya (see Section 12), and we work toward compliance with the data-protection laws applicable in the countries we serve, including Kenya’s Data Protection Act, 2019.

2. Information we collect

  • Account information — your name, email address, and authentication details when you sign up (including via GitHub or Google sign-in).
  • Your content — the code, files, prompts, and project data you create or upload to the Service.
  • Payment information — when you top up credits, your mobile-money (M-Pesa) phone number and transaction references. We do not store full card numbers.
  • Usage & device data — log data such as IP address, browser/device type, timestamps, feature usage, and error diagnostics used to operate and improve the Service.
  • Local storage — some data (e.g., open tabs, settings, offline file edits) is stored in your browser on your device.

3. How we use your information

  • To provide, maintain, and secure the Service.
  • To process AI requests — your prompts and relevant project context are sent to AI providers to generate responses (see Section 5).
  • To process credit top-ups and prevent fraud.
  • To diagnose problems, improve performance, and develop new features.
  • To communicate with you about your account, security, and material changes.

4. AI processing of your content

When you use AI features, the prompts and the project context needed to answer them are transmitted to third-party AI providers (Section 5) to generate a response. We do not sell your code, and we do not authorise providers to use your content to train their models except where you have explicitly opted in or where required to deliver the feature you requested. AI output may be inaccurate — always review generated code before relying on it.

5. Third-party providers (sub-processors)

We rely on established global providers to operate the Service. We share only the data necessary for each provider to perform its function. The current providers are:

PurposeProviders
Hosting & infrastructureVercel, Railway
Authentication & databaseSupabase
Payments (mobile money)Safaricom (M-Pesa / Daraja)
AI model & inference providersAnthropic, OpenAI, Google, Groq, Together AI, OpenRouter, Alibaba Cloud (DashScope), Moonshot AI
Embeddings & searchVoyage AI, Tavily

This list may change as the Service evolves; an up-to-date list is available on request. Some providers process data outside your country (see Section 8).

6. Data retention

We keep your account and content for as long as your account is active or as needed to provide the Service. You may delete projects at any time, and you may request deletion of your account and associated personal data, subject to legal or accounting obligations we must meet (for example, transaction records).

7. Security

We use industry-standard measures — encryption in transit, access controls, and tenant isolation so your projects are scoped to your account. No method of transmission or storage is perfectly secure, but we work to protect your data and to respond promptly to any incident.

8. International data transfers

Because we use global providers, your information may be processed in countries other than the one you live in. Where we transfer personal data across borders, we take steps to ensure an appropriate level of protection consistent with applicable law.

9. Your rights

Depending on your country, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us at the address below. You may also lodge a complaint with your local data-protection authority (for example, the Office of the Data Protection Commissioner in Kenya).

10. Children

The Service is not directed to children under 18, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

11. Cookies & local storage

We use essential cookies and browser local storage to keep you signed in and to remember your settings and offline edits. We do not use advertising trackers.

12. Governing law

This Privacy Policy is governed by the laws of Kenya, without regard to conflict-of-laws principles, and the courts of Kenya shall have jurisdiction, subject to any mandatory protections available to you under the laws of the country where you reside.

13. Changes to this policy

We may update this policy from time to time. We will post the updated version here and revise the “Last updated” date; significant changes will be communicated to you.

14. Contact

Questions or requests? Email privacy@hewa.ai.

© 2026 HEWA AI
Privacy Terms Home