PowerHour← Back to home

Last updated: March 2026

Privacy Policy

PowerHour ("we", "us", "our") is committed to protecting your personal data. This policy explains what we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

1. Who We Are

PowerHour is the data controller for personal data processed through the platform at app.pwr-hr.ai. If you have questions about your data, contact us at privacy@pwr-hr.ai.

2. Data We Collect

We collect the following categories of data:

  • Account data — your name and email address when you register.
  • Lead data — contact information for leads you find or import (names, email addresses, job titles, company names). This data is owned by you and stored on your behalf.
  • Email content — draft and sent emails generated by the AI, and replies you sync from Gmail or Outlook, stored to provide the inbox and outreach features.
  • API credentials — third-party API keys (OpenRouter, Apollo.io, OpenAI, Anthropic) which you provide. These are encrypted at rest using AES-256-GCM and are never accessible in plaintext by PowerHour staff.
  • OAuth tokens — access and refresh tokens for Gmail and Outlook accounts you connect. These are encrypted at rest and used solely to send and read emails on your behalf.
  • Agent brain files — the context documents you create or train through the onboarding chat (identity, soul, memory, etc.).
  • Usage analytics — aggregated counts of emails sent, replies received, and meetings booked, to power your analytics dashboard.
  • Billing data — your subscription status and Stripe customer ID. We do not store card details; these are handled entirely by Stripe.
  • Technical data — IP address and browser information collected automatically by our infrastructure provider (Supabase/Vercel) for security and operational purposes.

3. How We Use Your Data

  • To provide and operate the PowerHour platform.
  • To generate AI-drafted emails using the AI provider you connect via your own API key.
  • To find and enrich leads via Apollo.io using your own Apollo API key.
  • To send and receive emails via the Gmail or Outlook account you connect.
  • To process subscription payments via Stripe.
  • To send transactional emails (account confirmation, billing receipts).
  • To monitor platform health, investigate abuse, and comply with legal obligations.

We do not use your data for advertising, sell it to third parties, or use it to train AI models.

4. Legal Basis for Processing

  • Contract — processing necessary to deliver the service you subscribed to.
  • Legitimate interests — platform security, fraud prevention, and service improvement.
  • Legal obligation — compliance with applicable laws and regulations.
  • Consent — where you have explicitly opted in (e.g. marketing communications, where applicable).

5. Third-Party Services

PowerHour relies on the following sub-processors to deliver the service:

  • Supabase — database, authentication, and serverless functions. Hosted in the EU.
  • Vercel — frontend hosting and edge delivery.
  • Stripe — subscription billing and payment processing.
  • Google / Microsoft — OAuth 2.0 authentication and email sending via your connected accounts.
  • OpenRouter, Apollo.io, OpenAI, Anthropic — accessed using your own API keys. Your data is transmitted to these services solely to carry out the tasks you initiate; their use is governed by their own privacy policies.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data, leads, emails, and agent files are deleted within 30 days. Billing records may be retained for 7 years to comply with financial regulations. Anonymised, aggregated analytics data may be retained indefinitely.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Restriction — ask us to limit processing in certain circumstances.

To exercise any of these rights, email privacy@pwr-hr.ai. We will respond within 30 days. You also have the right to lodge a complaint with the ICO (ico.org.uk).

8. Cookies

PowerHour uses only essential cookies required for authentication (session tokens). We do not use tracking, advertising, or analytics cookies. No cookie consent banner is required because we only set strictly necessary cookies.

9. Security

We use industry-standard security measures including TLS encryption in transit, AES-256-GCM encryption at rest for sensitive credentials, row-level security (RLS) on the database so users can only access their own data, and regular security reviews. Despite these measures, no system is 100% secure; please notify us immediately if you suspect a breach.

10. Changes to This Policy

We may update this policy from time to time. We will notify you by email or in-app notification for material changes. Continued use of the platform after the effective date constitutes acceptance of the revised policy.

11. Contact

Questions or requests regarding this policy: privacy@pwr-hr.ai