Hearflow
LoginSign Up

Privacy Policy

Last Updated: November 29, 2025

This Privacy Policy explains how we collect, use, store, protect, and share personal information when you use our website, platform, and services ("Services"). We are committed to protecting your data and complying with applicable privacy laws, including GDPR, CCPA, and other relevant regulations.

1. Information We Collect

We collect the following categories of information:

1.1 Account Information

  • Name
  • Email address
  • Passwords or authentication tokens
  • Organization / company name
  • Role or workspace settings

1.2 Customer Data (User-Provided Content)

Depending on your integrations and usage, our system may process:

  • Meeting transcripts (e.g., Zoom, Fireflies, Google Meet, MS Teams)
  • CRM records (e.g., HubSpot, Salesforce)
  • Support tickets
  • Chat messages
  • Survey responses
  • Uploaded documents

This content is processed strictly to provide insights and analytics.

1.3 Technical & Usage Information

  • IP address
  • Browser type
  • Device information
  • Pages visited
  • Time spent on pages
  • Referring URLs
  • Interaction logs within the platform

1.4 Integration Tokens

If you connect third-party apps, we securely store OAuth tokens to fetch data on your behalf. We never receive your third-party passwords.

2. How We Use Your Information

We use data to:

  • Provide and improve our Services
  • Generate product insights from your customer conversations
  • Train models for your workspace only (never shared across customers)
  • Personalize dashboards and reports
  • Ensure security, fraud prevention, and service integrity
  • Provide customer support
  • Comply with legal obligations

We do not sell personal data.

3. Legal Bases for Processing (GDPR)

If you are in the EU/EEA, we process your data based on:

  • Contractual necessity (to provide the Service)
  • Legitimate interest (analytics, security, improvements)
  • Consent (for optional features, integrations, marketing)
  • Legal compliance

4. Data Storage & Security

We implement multiple layers of protection:

  • AES-256 encryption at rest
  • TLS 1.2+ encryption in transit
  • Separate encrypted storage for OAuth tokens
  • Role-based access control
  • Database row-level security (RLS)
  • Regular audits and logging
  • Strict internal access policies

Your data remains isolated within your tenant/workspace.

5. Data Retention

We retain information only as long as necessary:

Data TypeRetention
Account DataUntil your account is deleted
Customer Data (transcripts, CRM, tickets)Configurable by workspace owner
Integrations & tokensDeleted immediately upon disconnect
Analytics & logs30–180 days depending on purpose
BackupsRotated regularly with secure expiration

You may request deletion at any time.

6. Sharing & Disclosure

We do not sell or rent your data.

We may share data only with:

6.1 Service Providers (Processors)

Examples:

  • Hosting (e.g., Supabase, Vercel, Railway)
  • Cloud infrastructure
  • Email delivery
  • Error monitoring
  • Analytics

All providers are bound by strict data processing agreements.

6.2 Legal Requirements

We may disclose information if required to:

  • Comply with a valid legal request
  • Prevent fraud or harm
  • Protect the rights and safety of users

6.3 No Advertising Sharing

We do not share data with advertisers, data brokers, or unrelated third parties.

7. International Data Transfers

If data is transferred outside your region:

  • Adequate safeguards (Standard Contractual Clauses, GDPR compliance)
  • Encrypted storage & transmission
  • Strict access controls

8. Your Rights

Depending on your region (EU/EEA, UK, California), you have rights to:

  • Access your data
  • Correct inaccurate data
  • Delete your data
  • Export your data (data portability)
  • Object to or restrict certain processing
  • Withdraw consent
  • Opt-out of marketing
  • Exercise CCPA rights (no selling/sharing)

You can request these rights through our support email.

9. Children's Privacy

Our Services are not intended for individuals under 16. We do not knowingly collect personal data from minors.

10. Cookies & Tracking

We use functional and analytical cookies to:

  • Maintain sessions
  • Improve performance
  • Measure usage

You can manage cookie preferences via your browser.

We do not use advertising or cross-site tracking cookies.

11. Third-Party Integrations

When you connect an integration:

  • We fetch only the data required
  • We store only minimal metadata and tokens
  • You may disconnect at any time
  • Deleting the integration deletes all synced data

Examples: Fireflies, Zoom, HubSpot, Slack, Zendesk, Google Drive.

12. Data Deletion & Account Closure

Upon deleting your account:

  • All workspace data is permanently erased
  • Backups purge according to schedule
  • Integration tokens are revoked
  • You receive confirmation of deletion

13. Updates to This Policy

We may update this Privacy Policy when necessary. If changes are significant, we will notify you through email or the platform.

14. Contact Us

If you have any questions or data requests, contact:

Email: privacy@hearflow.io

Address: [Your Physical Business Address]