Privacy Policy
HeyCatch, Inc. (“HeyCatch”, “we”, “us”) respects your privacy. This Policy explains what personal data we collect when you use heycatch.ai or the HeyCatch Service (the “Service”), why we collect it, how we share it, and what choices you have.
1. Who is responsible for your data
HeyCatch, Inc. is the data controller for personal data processed in connection with the Service. Registered office: 1111B S Governors Ave STE 59736, Dover, DE 19904, USA. Contact: privacy@heycatch.ai.
2. What we collect
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email, password hash, role | You, at sign-up |
| Billing data | Billing address, last 4 of card, country, tax ID; full card data is handled by Paddle | You, via Paddle checkout |
| Customer Content | Prompts, drafts, lists, files you upload | You, while using the Service |
| Usage data | Pages visited, features used, IP address, device and browser info, timestamps | Automatically, via cookies and server logs |
| Support data | Messages you send us and any attachments | You, when contacting support |
3. Why we use your data (purposes and legal bases)
- Provide the Service— to create your account, deliver features, generate AI output, and personalize the product. (Legal basis: contract.)
- Process payments— through Paddle as our Merchant of Record. (Legal basis: contract.)
- Improve and secure the Service— analytics, debugging, fraud prevention, abuse detection. (Legal basis: legitimate interest.)
- Communicate— service announcements, password resets, support replies. Marketing email only with your consent or where allowed by law. (Legal basis: legitimate interest / consent.)
- Comply with law— tax records, responding to lawful requests. (Legal basis: legal obligation.)
4. Who we share data with
We use a small set of trusted service providers (sub-processors) to operate the Service. They process personal data only on our instructions and under contract.
| Provider | Purpose | Region |
|---|---|---|
| Paddle.com Market Ltd. | Payment processing, Merchant of Record, invoicing, tax | UK / EU / US |
| OpenAI, Anthropic and similar AI providers | Generating AI output from your prompts; processed under enterprise/API terms with no training on your data unless you opt in | US |
| Cloud hosting and infrastructure | Hosting the Service, database, logs, backups | US / EU |
| Email and notification providers | Transactional and (where you opt in) marketing email | US / EU |
| Analytics and error tracking | Understanding product usage and diagnosing bugs | US / EU |
We do not sell your personal data. We do not share it with third parties for their own marketing.
5. International transfers
HeyCatch operates in the United States. If you are in the EEA, the UK, or another region with cross-border transfer rules, your data may be transferred to the US or other countries. Where required, we rely on Standard Contractual Clauses or other appropriate safeguards.
6. How long we keep data
We keep account and Customer Content for as long as your account is active and for a reasonable period afterwards (typically up to 12 months) so you can reactivate without losing data. Billing records are kept for 7 years to meet tax requirements. Support emails are kept for up to 3 years. Server logs are kept for up to 90 days.
7. Your rights
Depending on where you live, you may have the right to:
- access the personal data we hold about you;
- correct inaccurate or incomplete data;
- delete your data;
- restrict or object to processing;
- receive your data in a portable format;
- withdraw consent at any time without affecting prior processing;
- lodge a complaint with your local data protection authority.
To exercise any of these rights, email privacy@heycatch.ai from the address on your account. We will respond within 30 days.
8. California residents (CCPA/CPRA)
California residents have the right to know what categories of personal information we collect, the purposes for which it is used, and to request deletion or correction. We do not “sell” or “share” personal information for cross-context behavioural advertising as those terms are defined under California law.
9. Cookies
We use cookies and similar technologies for sign-in, security and basic analytics. You can disable non-essential cookies through your browser. Where required by law, we will ask for your consent before using non-essential cookies.
10. Security
We use industry-standard security measures, including TLS in transit, encryption at rest for sensitive fields, scoped access controls, and routine security reviews. No system is 100% secure; please use a strong, unique password and notify us immediately if you suspect unauthorized access.
11. Children
The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact privacy@heycatch.ai and we will delete it.
12. Changes to this Policy
We may update this Policy from time to time. If we make a material change, we will notify you by email or by posting a notice in the Service before the change takes effect.
13. Contact
Privacy questions: privacy@heycatch.ai. Postal: HeyCatch, Inc., 1111B S Governors Ave STE 59736, Dover, DE 19904, USA.