Privacy Policy

Hey Andy, Inc. ("Hey Andy," "we," "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information about you and the individuals whose data you input into the Hey Andy platform (collectively, "Personal Data"). It applies to our website, mobile application, APIs, and related services (the "Service"). Capitalized terms not defined here have the meanings given in our Terms of Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information. Name, email address, phone number, password, and business profile details.
  • Billing Information. Payment card details and billing contact data processed by our payment processor.
  • Client Contacts. Names, phone numbers, appointment details, and any other Personal Data you upload or enter for your customers.
  • Communications. Content of SMS/MMS messages, call recordings or transcriptions, and other communications sent through the Service.

1.2 Information We Collect Automatically

  • Usage Data. Log files, timestamps, clickstream data, and feature interactions.
  • Device & Technical Data. IP address, browser type, device identifiers, operating system, and network information.
  • Cookies & Similar Technologies. We use cookies and analytics tools (e.g., Google Analytics) to understand user behavior and improve the Service. You can control cookies through your browser settings.

1.3 Information from Third Parties

We may receive information from carriers, analytics providers, advertising networks, and identity verification partners, consistent with your settings and their privacy policies.

2. How We Use Personal Data

We process Personal Data for the following purposes and legal bases:

  • Provide and Maintain the Service (performance of contract) – including scheduling, messaging, voice calls, CRM functions, and customer support.
  • Improve, Monitor, and Secure the Service (legitimate interests) – analytics, debugging, fraud prevention, and service optimization.
  • Communicate with You (legitimate interests / consent) – transactional messages, updates, and marketing communications.
  • Compliance and Protection (legal obligation) – enforce our Terms, comply with law, and protect rights, safety, and property.

3. Client Contact Data – Your Responsibilities

You act as the data “controller” for Client Contacts you upload. You represent and warrant that you have lawful grounds (e.g., express consent) to provide their Personal Data to us and to send SMS/MMS messages or voice calls via the Service. We process this data solely as your “processor” / “service provider,” following your instructions.

4. Google Workspace API and Limited Use Compliance

This application's use of information received from Google APIs adheres to the Workspace API User Data and Developer Policy, including the Limited Use requirements.

We access Google Calendar data solely to:

  • Sync your appointments with your Google Calendar
  • Check availability to prevent double-booking
  • Create, update, and delete calendar events on your behalf

We do NOT use Google Workspace data to:

  • Train, create, or improve generalized AI/ML models
  • Transfer or sell data to third parties for their AI/ML model development
  • Aggregate, anonymize, or derive data for purposes beyond providing the Service to you

Any AI/ML models that interact with your Google Calendar data are used exclusively for your personalized scheduling assistant and are not used to improve foundational models or benefit other users.

5. Sharing Personal Data

We do not sell Personal Data. We may share it only:

  • Service Providers & Vendors. Telecommunication carriers, cloud hosting, payment processors, analytics providers, and customer‑support tools, bound by confidentiality and data‑processing agreements.
  • Business Transfers. As part of a merger, acquisition, financing, or sale of assets.
  • Legal Requirements. To comply with subpoenas, court orders, or lawful requests, or to protect rights and safety.
  • With Your Consent. Where you authorize additional sharing.

5. International Transfers

We are headquartered in the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross‑border transfers.

6. Data Security

We employ administrative, technical, and physical safeguards designed to protect Personal Data. No system is 100% secure, so we cannot guarantee absolute security.

7. Data Retention

We retain Personal Data as long as necessary to fulfil the purposes described above, comply with our legal obligations, resolve disputes, and enforce our agreements. Message logs and call recordings are retained according to your account settings or our default retention schedule, unless you delete them sooner.

8. Your Choices & Rights

  • Account Settings. Access, correct, or delete certain information in your dashboard.
  • Marketing Opt‑Out. You can unsubscribe from marketing emails at any time via the link in each message.
  • Data Subject Requests. Where applicable (e.g., GDPR, CCPA, PDPA), you may request access, deletion, or portability of Personal Data, or object to processing. Email [email protected].

9. Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect Personal Data from children. If you believe a child has provided data to us, please contact us to delete it.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will post the revised version with an updated Effective Date. Material changes will be communicated through the Service or via email.

11. Contact Us

Hey Andy LLC
Attn: Legal Department
1423 Simpson St, St Paul, MN 55108
Email: [email protected]