HeyAgents

Privacy Policy

Last updated: May 22, 2026

HeyAgents (“HeyAgents,” “we,” “us,” or “our”) provides an AI agent platform that helps teams automate marketing, sales, and customer operations. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using HeyAgents, you agree to the practices described here.

1. Information We Collect

Information you provide

  • Account data — name, email, password hash, workspace name, and billing details when you sign up.
  • Workspace content — messages, tasks, agent instructions, brand voice, files, and any data you connect from third-party services (Gmail, Google Analytics, Search Console, WhatsApp, Twitter/X, LinkedIn, etc.).
  • Communications — support requests, feedback, and any other content you send us.

Information collected automatically

  • Usage data — pages viewed, features used, actions taken by agents, and timestamps.
  • Device and log data — IP address, browser type, operating system, and diagnostic logs.
  • Cookies and similar technologies — to keep you signed in, remember preferences, and measure performance.

Information from third parties

When you connect an external service, we receive the data you authorize that service to share (e.g. emails, analytics, social posts, contacts). We only request the scopes needed to deliver the feature you enabled.

2. How We Use Information

  • Provide, operate, and improve the HeyAgents platform.
  • Run AI agents that act on your behalf (drafting messages, scheduling posts, analyzing performance, etc.).
  • Process payments and manage subscriptions.
  • Detect, prevent, and respond to fraud, abuse, and security issues.
  • Communicate with you about your account, product updates, and support.
  • Comply with legal obligations.

3. AI Processing

HeyAgents uses large language models from providers such as Anthropic and OpenAI to power agent behavior. When an agent runs, relevant context from your workspace may be sent to these providers to generate a response. We:

  • Do not allow providers to train their foundation models on your data through their commercial APIs.
  • Let you choose between our managed LLM mode or bring your own Anthropic / OpenAI key (BYOC), in which case requests go directly from our infrastructure to your provider.

4. How We Share Information

We share data only as needed and never sell it. Categories:

  • Service providers — Supabase (database, auth), Stripe (payments), Anthropic and OpenAI (LLM inference), Twilio (messaging), and other infrastructure vendors bound by confidentiality and data-processing terms.
  • Integrations you connect — data flows to and from the third-party services you explicitly authorize.
  • Legal and safety — when required by law, to enforce our Terms, or to protect rights, safety, and property.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to affected users.

5. Data Retention

We retain personal data while your account is active and as needed to provide the service. Logs and message history are retained per your plan tier (7 days on Free, 30 days on Pro, 90 days on Team, 1 year on Scale). You may request deletion at any time; some data may be retained where required by law or for legitimate business purposes (e.g. financial records).

6. Security

We use industry-standard safeguards including TLS in transit, encryption at rest, row-level security in our database, secret storage in Supabase Vault for credentials and API keys, and access controls for our staff. No system is perfectly secure; you are responsible for using a strong password and keeping your account credentials confidential.

7. Your Rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. You can exercise most rights directly from the dashboard or by contacting us at the address below. We will respond within the timeframes required by applicable law (e.g. GDPR, UK GDPR, CCPA/CPRA).

8. International Transfers

HeyAgents is operated from, and data may be processed in, the United States and other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.

9. Children

HeyAgents is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-product notice. The “Last updated” date at the top reflects the most recent revision.

11. Contact

Questions or requests about this policy can be sent to privacy@heyagents.ai.