Ihre Gespräche sind privat. Ihre Intelligenz ist geschützt.
Speech recognition runs locally on your device. Your conversation audio never leave your control unless you explicitly share it.
You decide what's shared, what's synced, and what's deleted. Your data, your rules.
Clear documentation about how we handle data, who we work with, and what protections are in place.
Processor-side alignment with European data protection regulations, including Data Processing Agreements (DPA) and Standard Contractual Clauses (SCCs). We provide comprehensive technical and organizational measures to support your GDPR compliance.
Comprehensive security controls audit covering security, availability, processing integrity, confidentiality, and privacy. Currently undergoing certification.
Healthcare data protection compliance for medical conversations. Business Associate Agreements will be available. Currently undergoing certification.
Access comprehensive security documentation, compliance certificates, and legal agreements.
Your conversation audio stays on your device by default. Speech recognition powered by on-device models, with audio recordings remaining on your device unless explicitly shared.
You can decide if you want to store your conversations only on your own device or sync it to our secure cloud servers so you can access it across multiple devices.
Data is sent anonymously to our AI processing partners and is not stored or used for training AI models.
As a data processor, Hedy provides the security and privacy safeguards described on this page. Organizations using Hedy remain responsible for fulfilling their obligations as data controllers under GDPR, including establishing legal basis for processing, managing user consent, and handling data subject rights. For detailed guidance on controller responsibilities, please refer to our Trust Center documentation.
No. We have strict agreements with all AI providers prohibiting the use of your data for training purposes. Your conversations are processed only to provide immediate insights, then discarded.
This commitment applies to all standard Hedy features. Should any future experimental or research features require different data handling, they would be clearly marked as opt-in only with separate, explicit consent requirements.
Audio recordings: Only on your device
Transcripts & summaries: On your device, or in encrypted GCP storage if cloud sync is enabled
Account data: Encrypted in Google Cloud Platform data centers
No. We follow a zero-trust model with no default access to production data. Any access requires business justification, security approval, and is logged for audit.
Go to Account Settings → Delete Account. All your session data on our servers will be permanently removed within 30 days.
As a data controller using Hedy, you are responsible for:
• Legal Basis: Ensuring you have a valid legal basis for processing personal data (consent, legitimate interest, contract performance, etc.)
• Transparency: Informing data subjects about how their data is being processed
• Data Subject Rights: Handling requests for access, deletion, portability, and other rights
• Data Protection Assessments: Conducting DPIAs where required for high-risk processing
Hedy, as your data processor, provides the technical and organizational measures to support your compliance. Our Trust Center contains detailed guidance and documentation to help you meet these obligations.
