Hedy AI now meets the requirements of the European Union's General Data Protection Regulation (GDPR). For our European users who've been asking about data protection standards, and for any organization with compliance requirements, here's what this means for you.
Hedy AI now meets the requirements of the European Union's General Data Protection Regulation (GDPR). This means our users—whether in Berlin, Barcelona, or Boston—can use Hedy with the confidence that their conversation data is handled according to one of the world's strictest privacy frameworks.
For our European users who've been asking about data protection standards, and for any organization with compliance requirements, here's what this means for you.
When you use an AI meeting coach like Hedy, you're sharing conversation transcripts, meeting insights, and potentially sensitive business information. GDPR compliance isn't just about checking regulatory boxes—it's about establishing concrete safeguards for this data.
For AI applications specifically, GDPR presents unique challenges. Unlike simple data storage services, AI tools process and analyze your information to generate insights. This requires careful consideration of:
Achieving GDPR compliance required us to implement a comprehensive framework that goes beyond basic privacy measures. Here's what we've established:
Our Data Processing Addendum defines exactly how we handle your data as a processor. This legally binding agreement ensures we only process data according to your instructions and for the specific purposes you've authorized—namely, providing you with real-time meeting intelligence.
Since Hedy AI LLC is based in the United States, we use EU-approved Standard Contractual Clauses to ensure your data maintains EU-level protection even when processed outside Europe. These aren't just templates—they're carefully reviewed safeguards that create enforceable rights for European users.
We've conducted a thorough Transfer Impact Assessment that evaluates the U.S. legal environment and the additional measures we've implemented to protect your data. This assessment, available in our Trust Center, demonstrates how we ensure equivalent protection for EU data even when it crosses borders.
Our documented security measures include:
We maintain a complete list of sub-processors (like our cloud infrastructure providers and AI services) in our Trust Center. You'll know exactly who might handle your data and under what conditions. We also commit to notifying users in advance of any changes to our sub-processor list.
You can now confidently use Hedy knowing it meets your legal requirements for data protection. Our GDPR framework provides the documentation your compliance team needs, from DPAs to security assessments.
GDPR compliance is a critical step toward supporting users in regulated sectors. While we're also pursuing HIPAA and SOC 2 Type 2 certifications (expected Q1 2026), GDPR provides a strong foundation for data protection that many healthcare organizations require.
Your meeting transcripts, insights, and personal data are protected by comprehensive safeguards. You have clear rights to access, export, or delete your data, and you know exactly how it's being used.
As a Hedy user, GDPR grants you specific rights regarding your data:
To exercise any of these rights, contact our data protection team through the Trust Center.
We know legal documents can be dense. To help you navigate our GDPR compliance framework, we've created a comprehensive guide that walks you through each document and your responsibilities as a data controller.
Access our "Guidance on Fulfilling Your GDPR Accountability When Using Hedy AI":
This guide provides a practical checklist for reviewing our Data Processing Addendum, Transfer Impact Assessment, Technical and Organizational Measures, and Sub-processor List. It's designed to help your compliance team efficiently complete their GDPR assessment and documentation requirements.
If you're using Hedy within your organization, here's how to ensure GDPR compliance on your end:
We provide detailed guidance in our Trust Center to help your compliance team complete these steps.
GDPR compliance represents our commitment to privacy-first development. When we built Hedy's automatic suggestions feature, we designed it to process conversations without storing unnecessary data. When we implemented Topics for organizing sessions, we ensured users maintain full control over their grouped conversations.
This approach—privacy by design rather than retrofitted compliance—means GDPR principles are embedded in how Hedy works, not just how we document it.
GDPR compliance is one milestone in our ongoing commitment to data protection. We're currently working toward:
All GDPR compliance documentation is available in our Trust Center, accessible through your Hedy account settings. If you're not yet a customer but need to review our compliance framework, request access at trust.hedy.ai.
Questions about our GDPR compliance or data protection practices? Contact our data protection team through the Trust Center or email privacy@hedy.ai.
