Privacy Policy

HERO POINT Consulting LLC ("Hero Point," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and the Hero Point Command Center platform (collectively, the "Service").

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, company name, and billing information.

Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, and device/browser information.

Business Data: Data you input into the Command Center (documents, metrics, workflows) is stored securely and used solely to provide the Service to you.

Communications: If you contact us, we may collect the content of your messages, your email address, and any other information you provide.

2. How We Use Your Information

• To provide, maintain, and improve the Service
• To process transactions and send related information
• To send administrative messages, updates, and security alerts
• To respond to your comments, questions, and support requests
• To monitor and analyze usage trends to improve user experience
• To detect, prevent, and address technical issues and fraud

3. Data Sharing

We do not sell your personal information. We may share information with:

• Service Providers: Third-party vendors who assist in operating the Service (hosting, payment processing, analytics), bound by confidentiality agreements
• Legal Obligations: When required by law, subpoena, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time by contacting us.

5. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data. California residents have additional rights under the CCPA. EU/EEA residents have rights under GDPR. To exercise any rights, contact us at the address below.

6. Cookies

We use essential cookies to operate the Service and optional analytics cookies to understand usage patterns. You can control cookie preferences through your browser settings.

7. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect information from children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on the Service.

Terms of Service

These Terms of Service ("Terms") govern your access to and use of the Hero Point website and Command Center platform (the "Service") operated by HERO POINT Consulting LLC ("Hero Point," "we," "us," or "our"). By accessing or using the Service, you agree to be bound by these Terms.

1. Account Registration

To access certain features, you must create an account with accurate, complete information. You are responsible for maintaining the confidentiality of your account credentials and for all activities under your account.

2. Subscription & Billing

Paid features are billed monthly. By subscribing, you authorize us to charge your payment method on a recurring basis. You may cancel at any time; cancellation takes effect at the end of the current billing period. No refunds are issued for partial months.

Pricing: Single modules at $99/mo, Bundles at $79/mo per module. Enterprise plans are custom-quoted. We reserve the right to change pricing with 30 days' notice.

3. Acceptable Use

You agree not to:

• Use the Service for any unlawful purpose
• Attempt to reverse-engineer, decompile, or disassemble the Service
• Upload malicious code or interfere with the Service's operation
• Share account credentials with unauthorized parties
• Resell or redistribute the Service without written permission
• Use the Service to generate content that violates third-party rights

4. Intellectual Property

The Service, including all software, designs, text, and AI models, is owned by Hero Point and protected by intellectual property laws. You retain ownership of data you input. We retain ownership of all outputs, models, and platform IP.

5. Data & Privacy

Your use of the Service is also governed by our Privacy Policy. You grant us a limited license to process your data solely to provide the Service.

6. Service Availability

We strive for 99.9% uptime but do not guarantee uninterrupted access. We may perform scheduled maintenance with advance notice. We are not liable for downtime caused by factors beyond our control.

7. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, HERO POINT SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM YOUR USE OF THE SERVICE. Our total liability shall not exceed the amount you paid us in the 12 months preceding the claim.

8. Indemnification

You agree to indemnify and hold harmless Hero Point, its officers, directors, employees, and agents from any claims arising from your use of the Service or violation of these Terms.

9. Termination

We may suspend or terminate your account if you violate these Terms. Upon termination, your right to use the Service ceases immediately. You may request an export of your data within 30 days of termination.

10. Governing Law

These Terms are governed by the laws of the State of Delaware, without regard to conflict of law principles. Any disputes shall be resolved in the courts of Delaware.

11. Changes to Terms

We may modify these Terms at any time. Continued use of the Service after changes constitutes acceptance. Material changes will be communicated via email.

Security

Infrastructure

Hero Point runs on enterprise-grade cloud infrastructure with automatic failover, geographic redundancy, and continuous monitoring. All systems are containerized and deployed through automated CI/CD pipelines with security scanning at every stage.

Data Encryption

All data in transit is encrypted using TLS 1.3. All data at rest is encrypted using AES-256. Database backups are encrypted and stored in geographically separate regions. Encryption keys are managed through a dedicated key management service with automatic rotation.

Access Control

We implement the principle of least privilege across all systems. Employee access to production data requires multi-factor authentication, VPN access, and is logged and audited. Access is reviewed quarterly and revoked immediately upon role change or departure.

Application Security

• Input validation and output encoding on all user-facing endpoints
• OWASP Top 10 compliance verified through automated and manual testing
• Rate limiting, CSRF protection, and Content Security Policy headers
• Dependency scanning and automated vulnerability patching
• Regular penetration testing by qualified third-party firms

AI Model Security

Your business data is never used to train our base models. Each customer's data is logically isolated. AI inference runs in sandboxed environments with strict output filtering. Prompt injection protections are built into every interaction layer.

Incident Response

We maintain a documented incident response plan with defined severity levels, escalation procedures, and communication protocols. Security incidents are reported to affected customers within 72 hours per regulatory requirements.

Compliance

• SOC 2 certified
• GDPR compliant (EU data processing agreement available)
• CCPA compliant (California consumer rights honored)
• HIPAA-eligible configuration available for healthcare customers

Responsible Disclosure

If you discover a security vulnerability, please report it to [email protected]. We acknowledge all reports within 24 hours and work to resolve confirmed vulnerabilities promptly. We do not take legal action against good-faith security researchers.