Privacy Policy | Hey Andrew

Introduction

Hey Andrew ("we," "us," or "our") operates the heyandrew.io website and conversational AI platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

Google Account Information: When you sign in with Google, we receive your email address, name, and profile picture.
Avatar Data: Custom avatars you create, including names, personalities, voice settings, and conversation targets.
Conversation Data: Messages, transcripts, and recordings when you use the recording feature.
Payment Information: Processed securely through Stripe. We do not store your full credit card details.

1.2 Automatically Collected Information

Usage Data: Pages visited, features used, time spent on the Service.
Device Information: Browser type, operating system, device identifiers.
Local Storage: If you use the Service without signing in, data is stored locally in your browser's IndexedDB.
Cookies: Firebase Authentication and session management cookies.

1.3 Voice and Audio Data

Microphone Input: When you use voice features, your audio is processed for speech recognition.
Free Mode: Uses Web Speech API (processed by your browser or browser vendor).
Premium Mode: Audio sent to OpenAI Whisper API for transcription (see OpenAI's privacy policy).
Recordings: Optional conversation recordings are stored in Firebase Firestore (cloud) or locally (IndexedDB).

2. How We Use Your Information

Provide the Service: Process conversations, generate AI responses, manage avatars.
Authentication: Manage your account and sign-in sessions via Google Sign-In.
Payment Processing: Handle token purchases through Stripe.
Service Improvement: Analyze usage patterns to improve features and performance.
Customer Support: Respond to inquiries and troubleshoot issues.
Security: Detect and prevent fraud, abuse, and technical issues.
Legal Compliance: Comply with applicable laws and regulations.

3. Third-Party Services

We Use the Following Third-Party Services:

🤖 OpenAI

Provides GPT-4o-mini (chat), Whisper (speech-to-text), and TTS (text-to-speech) APIs.

Privacy Policy: https://openai.com/policies/privacy-policy

☁️ Google Firebase

Authentication, cloud storage (Firestore), and serverless functions (Cloud Functions).

Privacy Policy: https://firebase.google.com/support/privacy

💳 Stripe

Secure payment processing for token purchases.

Privacy Policy: https://stripe.com/privacy

🌐 Web Speech API

Browser-based speech recognition and synthesis (free mode). Processed by your browser vendor (Chrome/Google, Safari/Apple, etc.).

Note: We do not control these third-party services and are not responsible for their privacy practices. Please review their privacy policies.

4. Data Storage and Security

4.1 Where Your Data is Stored

Without Sign-In: All data stored locally in your browser's IndexedDB. We do not have access to this data.
With Google Sign-In: Avatars, conversations, and recordings stored in Firebase Firestore (Google Cloud).
OpenAI API Key: Secured server-side in Google Cloud Secret Manager. Never exposed to clients.

4.2 Security Measures

HTTPS encryption for all data in transit
Firebase Security Rules to restrict unauthorized access
API keys secured in Google Secret Manager
Stripe-certified PCI DSS compliant payment processing
Regular security audits and monitoring

Note: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

Account Data: Retained while your account is active.
Conversations: Stored until you delete them or delete your account.
Payment Records: Retained for 7 years for tax and accounting purposes.
Usage Logs: Retained for 90 days for analytics and troubleshooting.

6. Your Rights

You have the following rights regarding your personal data:

Access: Request a copy of your data.
Correction: Update or correct inaccurate data.
Deletion: Delete your account and associated data at any time.
Export: Download your conversations and avatar data.
Opt-Out: Stop using the Service to cease data collection.

To exercise these rights, delete your account from the Settings menu or contact us at heyaiandrew@gmail.com.

7. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately.

8. International Users

Your data may be transferred to and processed in the United States or other countries where our service providers operate. By using the Service, you consent to this transfer. We comply with applicable data protection laws, including GDPR for EU users.

9. Do Not Track Signals

We do not currently respond to "Do Not Track" browser signals. You can control cookies through your browser settings.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending an email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us:

Email: heyaiandrew@gmail.com
Website: https://heyandrew.io