Skip to content
Hedy

Data Privacy Overview

At Hedy, we understand that your conversations are more than just words—they’re confidential discussions, strategic planning sessions, and sensitive interactions that require the highest level of privacy protection. We’ve built our platform with privacy at its core, ensuring that your trust in us is well-placed through robust security measures and transparent data handling practices.

Our Privacy Commitment

Hedy is built on four fundamental privacy principles:

  1. Zero Data Sales: We never sell your data to third parties. Your conversations and insights remain exclusively for your use.

  2. End-to-End Security: All data is encrypted using TLS 1.3 during transmission and AES-256 at rest, protecting your information at every step.

  3. AI Analysis Without Training: Our AI providers analyze your conversations without using them to train their models, ensuring your data remains private.

  4. User Control: You maintain full control over your data, including the ability to delete it at any time.

What Data We Store

Transparency about data collection is crucial for building trust. Here’s a comprehensive overview of what we do and don’t collect:

Essential Data:

  • Account information

  • User preferences (session type, languages, custom prompts, contexts)

  • Session metadata (time, duration)

  • App usage statistics

Conversation Data:

By default all conversation data is only stored on your device. If you enable Cloud Sync, we store the following session data on our secure servers in order to allow you to access it from other devices:

  • Transcripts of your conversations

  • Chat interactions with Hedy

  • Highlights

  • Summaries

  • Detailed Notes

We do NOT collect or store on our servers:

  • Audio recordings

  • Personal information beyond basic account details

For organizations requiring formal compliance documentation, access our Trust Center at trust.hedy.ai or through App Settings. The Trust Center includes Data Processing Agreements, Standard Contractual Clauses, Technical and Organizational Measures, and sub-processor documentation.

How We Protect Your Data

Your data is protected through multiple layers of security:

  • Local Processing: Initial audio processing happens directly on your device, ensuring raw audio never leaves your phone without your permission

  • Encrypted Transmission: All data sent between your device and our servers uses industry-standard TLS encryption

  • Secure Storage: Data is stored in Google Cloud Platform’s US-Central region, benefiting from their enterprise-grade security

  • Access Controls: Strict internal policies limit employee access to user data

  • Zero-Trust Model: Any access to user data requires business justification, security approval, and is logged for audit.

  • Regular Security Reviews: We continuously monitor and update our security practices

Third-Party Partnerships and Data Security

We carefully select our technology partners and maintain strict data protection agreements with each one. You can view the full list of partners in our Trust Center.

Our Key Partners:

Together.AI (AI Analysis)

  • Enterprise-grade security and privacy standards

  • Contractual agreements preventing model training on user data

  • Regular security audits and compliance checks

  • Multiple provider redundancy for reliability

  • Independent security assessments for each provider

To learn more about Together AI’s commitment to compliance and security, visit their Trust Center.

Google Cloud Platform (Infrastructure and AI Analysis)

  • US-Central region data storage

  • Industry-leading security certifications

  • Comprehensive encryption at rest and in transit

To learn more about Google Cloud Platform’s security, compliance, and privacy, visit their Trust Center.

Portkey (AI Request Routing)

  • Enterprise-grade security for managing AI service requests

  • Advanced request monitoring and optimization

  • Robust encryption for all data in transit

  • No persistent storage of conversation content

To learn more about Portkey’s security practices, visit their Trust Center.

RevenueCat (Subscription Management)

  • Enterprise-grade subscription and revenue management

  • PCI DSS compliant payment processing

  • Minimal data collection focused on subscription events

  • No access or storage of personal conversation content

  • Encrypted transmission of all billing data

To learn more about RevenueCat’s security and privacy practices, visit their Trust Center.

Sentry (Error Monitoring and Performance)

  • Application performance and error monitoring

  • No access or storage of personal conversation content

  • Industry-standard encryption and access controls

To learn more about Sentry’s security practices, visit their Trust Center.

Intercom (Support)

  • Messaging and Support

  • No access or storage of personal conversation content

  • Industry-standard encryption and access controls

To learn more about Intercom’s security practices, visit their Trust Center.

Speech Recognition

  • Local processing on your device

  • No audio data storage (unless you request it)

  • Privacy-first architecture

Each partner is chosen not only for their technical capabilities but also for their commitment to privacy and security.

Professional Use Cases

Different contexts require different privacy considerations:

Medical Consultations

While Hedy uses an architecture that aligns with HIPAA requirements, we are not yet HIPAA certified. HIPAA certification and Business Associate Agreements (BAAs) are expected in Q2 2026. For current compliance status and documentation, visit our Trust Center.

  1. We recommend using Hedy primarily for note-taking and basic analysis

  2. Enable local-only storage for sensitive patient information

  3. Disable automatic email recaps

  4. Manually review all AI-generated content before sharing

Journalism

We understand the critical importance of protecting journalistic sources. For maximum source protection:

  • Enable local-only storage to keep all data on your device

  • Disable automatic email recaps

  • Take advantage of our highlight feature to mark key quotes

Business Meetings

For business users concerned about confidentiality:

  • NDAs are respected through our strict data handling policies

  • Secure sharing options allow controlled distribution of meeting content

  • Our AI providers analyze your conversations without using them to train their models

Important: Always ensure you have proper consent before recording any conversation. Different jurisdictions have varying requirements for recording consent.

Your Data Control Options

We believe in giving you complete control over your data:

Individual Session Management

  • View and delete individual sessions

  • Export specific sessions in various formats

  • Control cloud sync settings per session

  • Set custom retention periods

Account-Level Controls

  • Manage cloud sync settings globally

  • Export all your data at once

  • Delete your entire account and associated data

  • Control AI analysis preferences

Regional Privacy Preferences

You can specify your data protection region in App Settings. Whether you’re under GDPR, CCPA, or other regional requirements, Hedy adapts its data handling to match your jurisdiction.

Need more details about specific privacy features? Check our other privacy articles or contact support@hedy.bot

Related Articles

Data Storage & Security Understanding Cloud vs Local Storage Data Management & Control

Did this answer your question?