At Hedy, we understand that your conversations are more than just words—they're confidential discussions, strategic planning sessions, and sensitive interactions that require the highest level of privacy protection. We've built our platform with privacy at its core, ensuring that your trust in us is well-placed through robust security measures and transparent data handling practices.
Our Privacy Commitment
Hedy is built on four fundamental privacy principles:
Zero Data Sales: We never sell your data to third parties. Your conversations and insights remain exclusively for your use.
End-to-End Security: All data is encrypted during transmission and storage, protecting your information at every step.
AI Analysis Without Training: Our AI providers analyze your conversations without using them to train their models, ensuring your data remains private.
User Control: You maintain full control over your data, including the ability to delete it at any time.
What Data We Store
Transparency about data collection is crucial for building trust. Here's a comprehensive overview of what we do and don't collect:
Essential Data:
Session metadata (time, duration)
Account information
App usage statistics
Conversation Data:
By default all conversation data is only stored on your device. If you enable Cloud Sync, we store the following session data on our secure servers in order to allow you to access it from other devices:
Transcripts of your conversations
Chat interactions with Hedy
Highlights
Summaries
Detailed Notes
We do NOT collect or store on our servers:
Audio recordings
Personal information beyond basic account details
How We Protect Your Data
Your data is protected through multiple layers of security:
Local Processing: Initial audio processing happens directly on your device, ensuring raw audio never leaves your phone
Encrypted Transmission: All data sent between your device and our servers uses industry-standard TLS encryption
Secure Storage: Data is stored in Google Cloud Platform's US-Central region, benefiting from their enterprise-grade security
Access Controls: Strict internal policies limit employee access to user data
Regular Security Reviews: We continuously monitor and update our security practices
Third-Party Partnerships and Data Security
We carefully select our technology partners and maintain strict data protection agreements with each one. Our Key Partners:
Anthropic (AI Analysis)
Enterprise-grade security and privacy standards
Contractual agreements preventing model training on user data
Regular security audits and compliance checks
To learn more about Anthropic's commitment to compliance and security, visit their Trust Center.
Google Cloud Platform (Infrastructure and AI Analysis)
US-Central region data storage
Industry-leading security certifications
Comprehensive encryption at rest and in transit
To learn more about Google Cloud Platform's security, compliance, and privacy, visit their Trust Center.
Speech Recognition
Local processing on your device
No audio data storage (unless you request it)
Privacy-first architecture
Each partner is chosen not only for their technical capabilities but also for their commitment to privacy and security.
Professional Use Cases
Different contexts require different privacy considerations:
Medical Consultations
Medical Consultations
While Hedy uses an architecture that aligns with HIPAA requirements, we are not currently HIPAA compliant as we do not have the necessary Business Associate Agreements (BAAs) with our key providers (Anthropic and Google Cloud Platform).
We recommend using Hedy primarily for note-taking and basic analysis
Enable local-only storage for sensitive patient information
Disable automatic email recaps
Manually review all AI-generated content before sharing
Journalism
Journalism
We understand the critical importance of protecting journalistic sources. For maximum source protection:
Enable local-only storage to keep all data on your device
Disable automatic email recaps
Take advantage of our highlight feature to mark key quotes
Business Meetings
Business Meetings
For business users concerned about confidentiality:
NDAs are respected through our strict data handling policies
Secure sharing options allow controlled distribution of meeting content
Our AI providers analyze your conversations without using them to train their models
Important: Always ensure you have proper consent before recording any conversation. Different jurisdictions have varying requirements for recording consent.
Your Data Control Options
We believe in giving you complete control over your data:
Individual Session Management
View and delete individual sessions
Export specific sessions in various formats
Control cloud sync settings per session
Set custom retention periods
Account-Level Controls
Manage cloud sync settings globally
Export all your data at once
Delete your entire account and associated data
Control AI analysis preferences
Need more details about specific privacy features? Check our other privacy articles or contact [email protected]