Privacy Policy

Effective Date: March 11, 2026

1. Overview

Loming AI Limited ("we", "us", or "our"), operating as HoEasy, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the HoEasy platform and related services (the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with the practices described here, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: When you register, we collect your name, email address, and authentication credentials (including via Google or Apple sign-in).
Payment Information: When you subscribe to a paid plan, payment details are collected and processed by our payment provider (Paddle). We do not store full payment card details on our servers.
Conversation Data: Messages, prompts, and content you send to AI agents through the Service.
Files & Attachments: Documents, images, and other files you upload to the Service.
Skills & Configuration: Custom skills, agent configurations, and project settings you create.
Communications: Information you provide when you contact our support team.

2.2 Information Collected Automatically

Usage Data: Information about how you interact with the Service, including features used, timestamps, and frequency of access.
Device Information: Browser type, operating system, device identifiers, and screen resolution.
Log Data: IP addresses, access times, pages viewed, and referring URLs.
Cookies & Similar Technologies: We use cookies and similar tracking technologies to maintain sessions and analyze usage patterns. See Section 9 for more details.

2.3 Information from Third Parties

OAuth Providers: If you sign in via Google or Apple, we receive your name, email, and profile identifier from those providers.
Connected Services: If you connect channels (Slack, WhatsApp, email), we may receive messages and metadata from those platforms as configured by you.

3. How We Use Your Information

We use the information we collect to:

Provide the Service: Process your requests, run AI agents, execute tasks, and deliver responses across channels.
Manage Accounts: Create and maintain your account, authenticate you, and manage subscriptions.
Process Payments: Handle billing, credit allocation, and subscription management through our payment provider.
Improve the Service: Analyze usage patterns, diagnose technical issues, and develop new features.
Communicate: Send you service-related notices, security alerts, and (with your consent) promotional communications.
Ensure Safety & Security: Detect, prevent, and address fraud, abuse, and security incidents.
Legal Compliance: Comply with applicable laws, regulations, and legal processes.

5. AI & Conversation Data

Given the nature of our AI-powered Service, we want to be transparent about how conversation data is handled:

Processing: Your messages and prompts are sent to AI model providers to generate responses. These are processed in real-time and according to the provider's data handling policies.
Storage: Conversation history is stored on our servers to provide continuity and context for your AI agents.
Training: We do not use your personal conversation data to train AI models. Third-party AI providers have their own policies regarding data usage for model improvement.
Knowledge Base: Content you add to your knowledge base is stored and used solely to provide contextual responses within your agents.
Agent Memory: AI agents may build memory of your preferences and past interactions to improve future responses. This data is associated with your account and not shared across accounts.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you the Service. Specific retention periods include:

Account Data: Retained while your account is active and for a reasonable period after deletion to comply with legal obligations.
Conversation Data: Retained while your account is active. You may delete individual conversations through the Service.
Payment Records: Retained as required by financial regulations and tax laws.
Log Data: Generally retained for up to 90 days for security and debugging purposes.

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

7. Security

We implement reasonable technical and organizational measures to protect your information, including:

Encryption of data in transit (TLS/SSL) and sensitive data at rest.
Encryption of API keys and service provider credentials using AES-256.
Account isolation at the database level to prevent cross-account data access.
Sandboxed execution environments for agent code and skills.
Regular security assessments and monitoring.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data, subject to legal retention requirements.
Portability: Request a portable copy of your data in a structured, machine-readable format.
Objection: Object to certain processing activities, such as direct marketing.
Withdrawal of Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at [email protected]. We will respond to your request within 30 days.

Additional Rights for EEA/UK Residents

If you are located in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local supervisory authority.

Additional Rights for California Residents

Under the California Consumer Privacy Act (CCPA), California residents have the right to know what personal information is collected, request deletion, and opt-out of the sale of personal information. We do not sell personal information.

9. Cookies & Tracking

We use the following types of cookies:

Essential Cookies: Required for the Service to function, including authentication and session management.
Analytics Cookies: Help us understand how users interact with the Service to improve it.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

10. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 16, please contact us at [email protected].

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction. When we transfer data internationally, we implement appropriate safeguards, such as standard contractual clauses, to ensure your data remains protected.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the effective date. For significant changes, we may also provide additional notice, such as an email notification. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Website: hoeasy.ai