Hugging Face Privacy Policy

🗓 Effective Date: March 28, 2023

We have implemented this Privacy Policy because your privacy is important to us. This Privacy Policy (the “Policy”) describes the type of information that Hugging Face, Inc. (the “Company”) gathers from users of the Hugging Face services (the “Services”), and how the Company uses that information.

The Policy is part of the Company Terms of Use. The Policy applies to all users of the Services (“Users”).

The Company occasionally collects Personal Information from Users. “Personal Information” means any information that can, alone or associated with other information, be used to identify an individual, for instance by reference of a name, a username, an email address, an IP address, a photograph or others.

By using the Services, you consent to the terms of the Policy and to our processing of Personal Information in the manner and for the purposes set forth herein. If you do not agree with the Policy, please do not use the Services.

The Company reserves the right, at its sole discretion, to change the Policy at any time, which change will be effective 10 days following posting the revision to the Policy on the Hugging Face website (the “Website”). Your continued use of the Services 10 days following such posting means you accept those changes.

1. INFORMATION WE COLLECT

The Company collects the following information, some of which might be Personal Information.

A. Information you provide directly

The Company collects information directly provided by Users as part of using the Services, such as:

  • information provided as part of setting up an account on the Website: email address, password, username, full name, and other optional information such as an avatar, your interests, or usernames to your third-party social networks,
  • payment information provided, if you decide to upgrade your user or organization account: credit card information,
  • other information and materials that you decide to post on the Website (e.g., the discussion forum, or other),
  • communications between you and the Company, as part of using the Services.

At any time during your use of the Services, you may decide to share some information or content publicly or privately.

If you decide to share your information or content publicly, and if you decide to include Personal Information, you understand that anyone may view this information.

If you decide to keep your information private and control the access to it, you understand that only the users that you authorize will view this information. The Company also reserves the right to access this information with your consent, or without your consent only for the purposes of pursuing legitimate interests such as maintaining security on its Services or complying with any legal or regulatory obligations.

B. Information we collect from third parties

We may collect Information from third parties that help us deliver the Services or process information.

C. Information we automatically collect from your use of the Services

The Company automatically records information from your use of the Services such as:

  • information about your Use of the Services, your session (date, location), your IP address,
  • information from cookies, especially your login information, your preferences,
  • information about your device: type, model, version, operating system, browser

D. Cookies

We use cookies only for the purposes of delivering, updating, monitoring, improving the Services, and maintaining security on our Services by detecting, preventing and responding to any type of threats or incidents.

We may collect Information through those cookies. If you do not wish to accept these cookies and you decide to disable them, you will not be able to access and use the Services.

E. “Do Not Track”

On September 27, 2013, California enacted A.B. 370, amending the California Online Privacy Protection Act to require website operators to disclose how they respond to "Do Not Track Signals"; and whether third parties collect personally identifiable information about users when they use online services.

The Company honors "do not track" signals and does not track, use cookies, or use advertising when a “do not track” mechanism is in place.

The Company does not authorize the collection of personally identifiable information from our users for third party use through advertising technologies without separate member consent.

California Civil Code Section 1798.83 also permits customers who are California residents to request certain information regarding Our disclosure of Personal Information to third parties for direct marketing purposes. To make such a request, please send an email to privacy@huggingface.co. Please note that the Company is only required to respond to one request per customer each year.

2. USE OF INFORMATION

Purposes of the use of Information

The Company may use information from Users for the following purposes:

  • to deliver the Services, which may include the creation of Your account, the display of Your profile or Your content, or if applicable the upgrading of Your account to a paid account,
  • to operate and improve the Services by providing you with more effective customer service, making the Services easier to use by eliminating the need for you to enter the same information repeatedly; performing research and analysis aimed at improving the Services, or other products and technologies of the Company; automatically updating the Services; diagnosing or fixing problems with the Services,
  • to conduct analysis or research on the Services or any topics related to it, for business operations or scientific purposes,
  • to communicate with you, especially through the sending of welcome emails, information on technical service issues, security announcements, information of new services available, legal notices, response to your requests, or any other information that we think might interest or be relevant to you,
  • to ensure and maintain security on our Services or Website, which may include detecting, preventing, investigating or otherwise addressing fraud or security issues,
  • to protect against harm to the rights, property or safety of the Company, our Users, yourself or the public,
  • to enforce any applicable terms of service or agreement, including investigations of potential violations thereof,
  • to comply with any applicable law, regulation, legal process or governmental requests.

B. Grounds for the use of Information

Pursuant to applicable data protection laws, and especially the European Union’s General Data Protection Regulation (EU) 2016/679 (the “GDPR”), Hugging Face remains under an obligation to notify the Users about the legal basis on which their Personal Information is processed.

Consent

By creating an account on the Website and by using the Services, you consent to disclose information, some of which might be personal, and to our processing of such Personal Information in the manner and for the purposes set forth in this Policy.

Agreement

If you or your organization enter into an agreement with Hugging Face, either by simply using the Services and abiding by the terms and conditions available on the Website, or by executing another separate agreement, you also consent to our processing of your Personal Information as pursuant the obligations of such an agreement.

Legitimate Interests

Apart from the above cases, Hugging Face will use the information collected from you to pursue legitimate interests such as legal or regulatory compliance, security control, business operations, scientific research, or any other interest reasonably held as legitimate.

3. SHARING OF INFORMATION

The Company will not sell, rent or lease your Personal Information except as provided for by this Policy. The Company may also share other information as provided by this Policy.

A. Affiliates

The Company may share User Information and Personal information collected by the Services with businesses that are legally part of the same group as the Company, or that become part of that group in the event of a change of control, merger, acquisition or sale (“Affiliates”).

B. Third Party Service Providers

The Company may occasionally hire other companies to provide limited services on its behalf, such as providing customer support, hosting websites, processing transactions, or performing statistical analysis of its Services. Those companies will be permitted to obtain only the Personal Information they need to deliver the relevant service. They will be required to maintain the confidentiality of the information and are prohibited from using it for any other purpose. Please refer to the list of Third Party Service Providers below.

At any time during your use of the Services, or upon explicit request from us, you may consent to the disclosure of your information.

D. For security and safety purposes

In the event of any fraud, security threats or incidents, we reserve the right to disclose your information without your consent for the purposes of ensuring and maintaining security on our Website and for all of our Users, and detecting, preventing, investigating or otherwise addressing fraud or security issues.

Similarly, we reserve the right to disclose your information without your consent for the purpose of protecting against harm to the rights, property or safety of the Company, our Users, yourself or the public.

We also reserve the right to disclose your information without your consent to comply with any applicable law, regulation, legal process or governmental requests.

G. Anonymous Information

The Company may use Anonymous Information (as defined below) or disclose it to third party service providers, to provide and improve the Services and other products or technologies of the Company. The Company may disclose Anonymous Information (with or without compensation) to third parties, including advertisers and partners, for purposes including, but not limited to, targeting advertisements. "Anonymous Information" means information which does not enable identification of an individual User, such as aggregated information about use of the Services.

4. YOUR RIGHTS

A. Access your Information

You may be entitled under data protection laws to access and review Personal Information the Company holds related to you.

You may access, modify or delete the Information we collected by editing your profile or controlling the content that you share at any time.

If you have any other request, all such communications regarding access to Personal Information should be addressed to: privacy@huggingface.co. Such inquiries should be clearly marked as data protection queries and you should indicate if the request is time sensitive.

B. Data retention

We retain your Information for as long as necessary to deliver the Services, to comply with any applicable legal requirements, to maintain security and prevent incidents and, in general, to pursue our legitimate interests.

You may decide to cancel your account and your content at any time by editing your profile. If you wish to request the erasure of all of your Personal Information that we process, you may do so by sending a written request to privacy@huggingface.co.

5. DATA SECURITY

The security of your Personal Information is important to us. The Company follows generally accepted industry standards, including the use of appropriate administrative, physical and technical safeguards, to protect Personal Information. However, no method of transmission over the Internet, or method of electronic storage, is fully secure. Therefore, while the Company strives to use commercially acceptable means to protect Personal Information, the Company cannot guarantee its absolute security or confidentiality. If you have any questions about security, you can contact the Company at privacy@huggingface.co.

In the event of an incident affecting your Personal Information, we will act promptly acceptable means to identify and address the incident, and to notify you.

Please be aware that certain Personal Information and other information provided by you in connection with your use of the Services may be stored on your device (even if that Information is not collected by the Company). You are solely responsible for maintaining the security of your device from unauthorized access. Similarly, you also remain responsible for maintaining the confidentiality of your password or any other information that should reasonably be held confidential.

6. LOCATION OF PROCESSING AND DATA TRANSFERS

The Company and its servers are located in the United States.

Personal Information collected by the Services may be stored and processed in the United States or any other country in which the Company or its affiliates, subsidiaries or agents maintain facilities. By using the Services, you consent to any such transfer of information outside of your country. The Company may transfer your Personal Information to affiliated companies for the purpose of storing or processing such information on its behalf. Such information may be transferred to other countries around the world. The Company requires that these parties agree to process such information in compliance with the Policy.

In particular, if you provide Personal Information, it may be transferred to and processed on computers in the U.S. and other countries. We strive to take appropriate safeguards to ensure that your Personal Information will remain protected in a manner consistent with standard applicable data protection laws.

If you have any other question, please contact the Company at: privacy@huggingface.co.

7. CHILDREN’S PRIVACY

The Services are neither directed to nor structured to attract children under the age of 13 years. Accordingly, the Company does not intend to collect Personal Information from anyone it knows to be under 13 years of age. The Company will direct potential users under 13 years of age not to use the Services.

If the Company learns that Personal Information of persons less than 13 years of age has been collected without verifiable parental consent, the Company will take the appropriate steps to delete this information.

To make such a request, please contact the Company at: privacy@huggingface.co.

8. COMMUNICATIONS AND CAN-SPAM ACT

The Company may collect your email address in order to send information and respond to inquiries and/or other requests or questions.

The Company does not use false or misleading subjects or email addresses. The Company reasonably identifies advertisements and includes in its communications the physical address of its business location. The Company honors opt-out/unsubscribe requests. Users may follow the instructions at the bottom of an email from the Company in order to unsubscribe from correspondence.

9. CONTACT US

If you have questions about this Policy, please contact privacy@huggingface.co.

The main establishment in the European Union is Hugging Face, SAS, a French société par actions simplifiée à associé unique registered in the Paris Trade and Companies Register under the number 822 168 043, and whose headquarters are located on 9 rue des Colonnes, 75002 Paris, France. The designation of this main establishment in the European Union gives full authority to the French Data Protection Agency, la Commission Nationale de l'Informatique et des Libertés (CNIL) per the General Data Protection Regulation (GDPR).

10. LIST OF THIRD-PARTY SERVICE PROVIDERS

We may share your information with Third-Party Service Providers, and when we do, we ensure that they access your information in compliance with applicable data protection laws. The following list respects the format Subprocessor | Description of Subprocessing | Location of Subprocessing.

  • Discourse | Forum | United States
  • AWS SES | Emails | United States
  • Amazon Web Services, Inc. | Hosting/Infrastructure | United States
  • Stripe | Payment | United States
  • MongoDB Atlas | Hosting/Infrastructure | United States
  • Google Cloud Platform | Hosting/Infrastructure | United States/EMEA
  • GitHub | Hosting code | United States
  • OVHCloud | Hosting/Infrastructure | France
  • Slack Technologies | Communication | United States
  • Hugging Face SAS | All of the above | France