Ihre Gespräche sind privat. Ihre Intelligenz ist geschützt.
Speech recognition runs locally on your device. Your conversation audio never leaves your control unless you explicitly share it.
You decide what's shared, what's synced, and what's deleted. Your data, your rules.
Clear documentation about how we handle data, who we work with, and what protections are in place.
Processor-side alignment with European data protection regulations, including Data Processing Agreements (DPA) and Standard Contractual Clauses (SCCs). We provide comprehensive technical and organizational measures to support your GDPR compliance.
Comprehensive security controls audit covering security, availability, processing integrity, confidentiality, and privacy. Currently undergoing certification.
Healthcare data protection compliance for medical conversations. Business Associate Agreements will be available. Currently undergoing certification.
Access comprehensive security documentation, compliance certificates, and legal agreements.
Your conversation audio stays on your device by default. Speech recognition is powered by on-device models, with audio recordings remaining on your device unless explicitly shared.
You can decide if you want to store your conversations only on your own device or sync them to our secure cloud servers so you can access them across multiple devices. If you chose the EU region, cloud-synced data is stored on servers in Europe.
Data is sent anonymously to our AI processing partners and is not stored or used for training AI models. For EU-region users, AI processing is routed through EU-based infrastructure.
As a data processor, Hedy provides the security and privacy safeguards described on this page. Organizations using Hedy remain responsible for fulfilling their obligations as data controllers under GDPR, including establishing legal basis for processing, managing user consent, and handling data subject rights. For detailed guidance on controller responsibilities, please refer to our Trust Center documentation.
New users choose where their conversation data is stored during account setup. This choice also determines where AI processing takes place.
Conversations stored and AI processed on servers in Europe. Available to users in all 27 EU member states, the EEA (Iceland, Liechtenstein, Norway), the UK, and Switzerland. Users in other countries can also choose EU.
Conversations stored and AI processed on servers in the United States. The default for users outside Europe, though any user can select either region.
Session recordings and transcripts, highlights and bookmarks, topics and chat history, custom prompts and contexts, webhook and calendar configurations, and user settings.
Account login credentials (global authentication service), subscription and billing data (US-based payment provider), error and crash reports (operational monitoring, no conversation content), and email communications (auto-recap emails may include session summaries and are sent through a US-based email provider).
When your region is set to EU, all AI analysis of your conversations is routed through EU-based servers. This applies whether or not you use Cloud Sync. Existing users can enable EU AI processing by setting their data protection region to EU in Account Settings.
New users choose their region during onboarding, and this choice cannot be changed afterward. The app suggests a region based on your location, but you can pick either option. If you need to change regions after signup, the current option is to create a new account and select the correct region during onboarding.
No. We have strict agreements with all AI providers prohibiting the use of your data for training purposes. Your conversations are processed only to provide immediate insights, then discarded.
This commitment applies to all standard Hedy features. Should any future experimental or research features require different data handling, they would be clearly marked as opt-in only with separate, explicit consent requirements.
Audio recordings: Only on your device
Transcripts & summaries: On your device, or in encrypted cloud storage if cloud sync is enabled. Stored in the EU or US depending on the region you chose during account setup.
AI processing: Routed through EU or US servers based on your region setting.
Account data: Encrypted in Google Cloud Platform data centers
New users choose their data region (EU or US) during account setup. This is a permanent, one-time choice. If you select EU, all your conversation data (sessions, transcripts, topics, highlights, chat history) is stored on servers in Europe, and all AI processing is routed through EU-based infrastructure.
Account login, billing, and error reporting remain on US-based global services for all users. Auto-recap emails are also sent through a US-based email provider and may include session summaries.
Existing users who signed up before this feature was available can set their data protection region to EU in Account Settings to route all AI processing through EU servers going forward. Existing stored data is not moved, but new data and all AI processing will use EU infrastructure.
The region choice made during account setup is permanent. Moving conversation data between regions is technically complex and risks data loss, which is why we make it a clearly communicated one-time decision rather than a setting you can toggle.
If you need to switch regions, the current option is to create a new account and select the correct region during onboarding. Contact our support team if you need help transferring your license.
No. We follow a zero-trust model with no default access to production data. Any access requires business justification, security approval, and is logged for audit.
Go to Account Settings → Delete Account. All your session data on our servers will be permanently removed within 30 days.
As a data controller using Hedy, you are responsible for:
• Legal Basis: Ensuring you have a valid legal basis for processing personal data (consent, legitimate interest, contract performance, etc.)
• Transparency: Informing data subjects about how their data is being processed
• Data Subject Rights: Handling requests for access, deletion, portability, and other rights
• Data Protection Assessments: Conducting DPIAs where required for high-risk processing
Hedy, as your data processor, provides the technical and organizational measures to support your compliance. Our Trust Center contains detailed guidance and documentation to help you meet these obligations.
