Effective date: March 13, 2026
HMU API ("we", "us", "our") operates the hmuapi.com platform. This Privacy Policy describes what data we collect, how we use it, and your rights regarding that data. By using the service, you agree to the collection and use of information as described in this policy.
Submission data
When you submit a message through any API endpoint, we collect the fields you provide — including your name, email address, and the content of your message. The specific fields vary by endpoint (e.g. question, project description, company name).
Account data
When you create an account, we collect your username, email address, and password (stored as a hashed value). Profile information such as your name, bio, and avatar URL is also stored.
Automatically collected data
We collect IP addresses, request timestamps, and user agent strings for rate limiting, abuse prevention, and security purposes.
Routing your message to the intended recipient's inbox and sending email notifications.
Verifying sender email addresses to prevent abuse and ensure message authenticity.
Scoring and prioritizing messages using AI to help recipients manage their inbox. Message content is sent to Anthropic's API for scoring.
Rate limiting, spam detection, and protecting the platform from abuse.
Messages, accounts, and related data are stored in Cloudflare D1 (SQLite at the edge). Data is retained for as long as the recipient's account is active or until a deletion request is made.
Sender verification tokens expire after use. Session cookies expire after 7 days.
Infrastructure, hosting, edge compute (Workers), and database (D1). Subject to Cloudflare's Privacy Policy.
Transactional email delivery for verification emails and message notifications. Subject to Resend's Privacy Policy.
AI-powered message scoring and priority classification. Message content is sent to Anthropic's Claude API for evaluation. Subject to Anthropic's Privacy Policy.
We do not sell your data
We will never sell, rent, or trade your personal information to third parties for marketing purposes. Data is shared only with the third-party services listed above, solely to operate the platform.
We use session cookies for dashboard authentication. These are HttpOnly, Secure cookies with a 7-day expiry. They are essential for the service to function and cannot be opted out of while using the dashboard.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
Access
You can request a copy of the data we hold about you.
Deletion
You can request deletion of your account and associated data at any time.
Correction
You can request corrections to inaccurate personal data.
For privacy-related questions, data requests, or concerns, contact us at james@hmuapi.com.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the service after changes constitutes acceptance of the revised policy.