Menu
HUSTLE
Logo
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES
EXPLORE OUR SERVICES

Data Privacy Policy

Terms and Conditions

Last Updated: December 3, 2025

This Privacy Policy explains how Hustle ("we," "us," or "our") collects, uses, shares, and protects information in connection with the provision of our software services to our clients ("Clients" or "you").

1. Introduction and Scope

Hustle is committed to protecting the privacy and security of the information we process on behalf of our Clients. This policy applies to all data processing activities where we act as a Data Processor or Service Provider (processing Client Data on your behalf) and, where applicable, as a Data Controller (processing Personal Data related to our own business operations, like billing or marketing).

2. Definitions

Client Data:

Any information, including Personal Data, that our Clients submit or allow us to collect, use, or store in connection with the provision of our services.

Personal Data:

Any information relating to an identified or identifiable natural person (e.g., names, email addresses, IP addresses, etc.).

Data Controller (Client):

The entity (our Client) that determines the purposes and means of processing Personal Data.

Data Processor (Your Company):

The entity (us) that processes Personal Data on behalf of the Data Controller.

Services:

The software development, maintenance, hosting, consulting, or other related technology services we provide to you under a separate contract (e.g., Statement of Work or Service Agreement).

3. Data We Collect and Process

A. Data Processed on Behalf of Our Clients (Client Data)

As a Data Processor, we only process Client Data strictly in accordance with your documented instructions and the terms of our separate Service Agreement.

Categories of Data:

This depends entirely on the nature of the services we provide. It may include:

  • End-user account information (e.g., names, user IDs, passwords - typically hashed).
  • Customer usage data (e.g., activity logs, application metrics).
  • End-user content (e.g., text, images, files, or database records uploaded to the application we host/maintain).
  • [Customize this list based on your typical services]

Purpose of Processing:

To provide, maintain, and support the Services as agreed upon in our contract.

Legal Basis:

Processing is necessary for the performance of the contract between the Client and us. The Client is responsible for establishing the legal basis for collecting the data from their end-users.

B. Data We Collect for Our Own Business Operations (Controller Data)

We collect certain Personal Data related to our Clients' personnel for administrative and billing purposes.

Categories of Data:

  • Contact information (e.g., names, job titles, business email addresses, business phone numbers of Client representatives).
  • Billing and financial information (e.g., billing addresses, payment details).
  • Communication records (e.g., support requests, meeting notes).

Purpose of Processing:

To manage the client relationship, process payments, communicate about the Services, and comply with legal obligations.

4. How We Use the Data

We use the collected data for the following purposes:

  • To Provide Services: Executing the tasks defined in our Service Agreement, including software deployment, maintenance, and technical support.
  • To Improve Services: Analyzing technical data (often anonymized or aggregated) to enhance our service delivery and security.
  • Billing and Administration: Processing invoices and managing our contractual relationship.
  • Communication: Responding to inquiries, providing updates, and notifying Clients of service changes.

5. Data Sharing and Disclosure

We will not sell, rent, or lease Client Data to third parties. We may share data only in the following circumstances:

  • With Sub-processors (Vendors): We may engage third-party companies (e.g., cloud hosting providers, monitoring tools) to assist in providing the Services. We ensure that any sub-processors are subject to written agreements that require them to provide at least the same level of data protection as required by our agreement with the Client. A list of current sub-processors is available upon request.
  • Client's Consent/Instruction: When explicitly instructed or authorized by the Client.
  • Legal Requirements: If required to do so by law or in response to valid requests by public authorities (e.g., a court order or subpoena).
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, provided the acquiring entity agrees to adhere to this Privacy Policy.

6. Data Security

We implement and maintain reasonable and appropriate technical and organizational security measures designed to protect Client Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Access control and authorization mechanisms.
  • Encryption of data both in transit (using SSL/TLS) and at rest (where appropriate).
  • Regular security audits and vulnerability assessments.
  • Disaster recovery and backup procedures.

The specific security measures applicable to Client Data are typically detailed in a separate Security Addendum or Data Processing Agreement (DPA).

7. Data Retention

We retain Client Data only for as long as necessary to fulfill the purposes outlined in our Service Agreement or as required by applicable law.

Client Data:

We will retain Client Data according to the instructions of the Client and the terms of our contract. Upon termination of the Services, we will, at the Client's direction, return or securely delete the Client Data, unless legal obligations require longer retention.

Controller Data:

We retain administrative and billing data for the duration of the relationship and for a legally required period thereafter (e.g., tax records).

8. International Data Transfers

If the Services involve the transfer of Personal Data from one jurisdiction (e.g., EU/EEA) to another (e.g., India or the US), we will ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) as approved by the relevant regulatory authority.
  • Binding Corporate Rules (BCRs).
  • Other legally approved mechanisms.

9. Your Obligations as Data Controller (Client)

By using our Services, you acknowledge and agree to the following responsibilities:

  • You have provided all necessary notices and obtained all required consents from your end-users for the collection, processing, and transfer of Personal Data by us, as described in your own privacy policy and your agreement with us.
  • You have complied with all applicable data protection laws, including providing us with accurate and lawful instructions.

10. Rights of the Data Subject

Since we act as the Data Processor, all requests from data subjects (your end-users) regarding their rights (e.g., access, correction, deletion, restriction of processing) must be directed to you (the Data Controller). We will assist you in responding to such requests to the extent technically and commercially feasible, as stipulated in our DPA.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify our Clients of any material changes by posting the new policy on our website or by sending a direct notification.

12. Information Security Policy

Hustle is committed to maintaining the highest standards of information security to protect Client Data and our own business information. This section outlines our comprehensive security framework and practices.

Security Governance

We maintain a formal information security management program that includes:

  • Regular risk assessments and security audits.
  • Designated security personnel responsible for overseeing our security program.
  • Incident response procedures and breach notification protocols.
  • Regular security training for all personnel who handle Client Data.

Technical Security Measures

Access Controls:

  • Role-based access control (RBAC) ensuring personnel only access data necessary for their job functions.
  • Multi-factor authentication (MFA) for administrative access.
  • Regular access reviews and revocation of access for terminated employees.
  • Strong password policies and secure credential management.

Encryption:

  • Encryption in transit using TLS 1.2 or higher for all data transmissions.
  • Encryption at rest for sensitive data stored in databases and file systems.
  • Secure key management practices and key rotation procedures.

Network Security:

  • Firewall protection and network segmentation.
  • Intrusion detection and prevention systems.
  • Regular security monitoring and log analysis.
  • DDoS protection and mitigation measures.

Application Security:

  • Secure software development lifecycle (SDLC) practices.
  • Regular code reviews and security testing.
  • Vulnerability scanning and penetration testing.
  • Dependency management and patch management procedures.

Physical Security

For any physical infrastructure we manage or access:

  • Secure data center facilities with restricted access controls.
  • Video surveillance and environmental monitoring.
  • Visitor management and escort procedures.
  • Secure disposal of hardware and storage media.

Incident Response

In the event of a security incident:

  • We maintain an incident response plan and team.
  • We will notify affected Clients promptly if a breach affects their data.
  • We will cooperate with Clients and relevant authorities in investigating and remediating incidents.
  • We conduct post-incident reviews to improve our security posture.

Compliance and Certifications

We strive to maintain compliance with industry standards and regulations. Our security practices are designed to align with applicable frameworks such as ISO 27001, SOC 2, GDPR, and other relevant standards. Specific certifications and compliance details are available upon request.

13. Acceptable Use Policy

This Acceptable Use Policy ("AUP") governs the use of Hustle's Services by our Clients and their authorized users. By using our Services, you agree to comply with this policy. Violation of this AUP may result in suspension or termination of Services.

Prohibited Activities

You agree not to use the Services, or permit others to use the Services, to:

  • Violate Laws: Engage in any activity that violates any applicable local, state, national, or international law or regulation.
  • Infringe Intellectual Property: Transmit, store, or process any content that infringes upon the intellectual property rights, privacy rights, or other rights of any third party.
  • Harmful or Malicious Content: Upload, transmit, or distribute viruses, malware, worms, Trojan horses, or any other malicious code or harmful software.
  • Unauthorized Access: Attempt to gain unauthorized access to any systems, networks, accounts, or data, including through hacking, password mining, or any other means.
  • Spam and Unsolicited Communications: Send unsolicited bulk emails, messages, or communications (spam), or engage in phishing or other fraudulent activities.
  • Interference with Services: Interfere with, disrupt, or attempt to disrupt the integrity or performance of the Services or any data contained therein.
  • Reverse Engineering: Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of any software provided as part of the Services, except as permitted by applicable law.
  • Illegal Content: Store, process, or transmit any content that is illegal, obscene, defamatory, threatening, harassing, or otherwise objectionable.
  • Resource Abuse: Use the Services in a manner that consumes excessive resources, degrades system performance, or interferes with other users' access to the Services.
  • Data Mining: Use automated systems (e.g., bots, scrapers) to access the Services without our express written permission.

Client Responsibilities

As a Client, you are responsible for:

  • Ensuring that all authorized users of the Services comply with this AUP.
  • Maintaining the confidentiality of your account credentials and promptly notifying us of any unauthorized access.
  • Ensuring that any data you provide or allow us to process complies with applicable laws and does not violate third-party rights.
  • Obtaining all necessary consents and authorizations before providing us with Personal Data of third parties.
  • Using the Services only for lawful business purposes consistent with our Service Agreement.

Monitoring and Enforcement

We reserve the right to:

  • Monitor usage of the Services to ensure compliance with this AUP and our Service Agreement.
  • Investigate suspected violations of this AUP.
  • Suspend or terminate Services immediately if we determine, in our sole discretion, that you have violated this AUP.
  • Report violations to law enforcement authorities when appropriate.
  • Cooperate with law enforcement and regulatory authorities in investigating and prosecuting violations.

Reporting Violations

If you become aware of any violation of this AUP, please report it to us immediately at the contact information provided in our Service Agreement. We will investigate all reports and take appropriate action.

Changes to This Policy

We may modify this Acceptable Use Policy from time to time. Material changes will be communicated to Clients through email or other reasonable means. Continued use of the Services after such modifications constitutes acceptance of the updated policy.

© Hustle Creatives - All rights reserved.
Data Privacy Policy