Effective Date: March 16, 2026  |  Last Updated: May 6, 2026

Privacy Statement

Introduction

heybreez is a voice ai workflow orchestration platform.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes the heybreez’s policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

Data Protection Officer

heybreez is headquartered in 108 West 13th Street, Wilmington, DE 19801, in the United States. heybreez has appointed an internal data protection officer for you to contact if you have any questions or concerns about heybreez’s personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to heybreez’s data protection officer. heybreez’s data protection officer’s name and contact information are as follows:

Karim Malhasheybreez108 West 13th Street, Wilmington, DE 19801support@heybreez.ai

How we collect and use (process) your personal information

heybreez collects personal information about its website visitors and customers. With a few exceptions, this information is generally limited to:

  • name
  • job title
  • employer name
  • work address
  • work email
  • work phone number

We use this information to provide prospects and customers with services.

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services.

From time to time, heybreez receives personal information about individuals from third parties. Typically, information collected from third parties will include further details on your employer or industry. We may also collect your personal data from a third party website (e.g. LinkedIn).

Information We Collect

We collect the following categories of personal information, in each case as further described in the “How we collect and use” and “Voice, Audio, and Biometric Information” sections:

  • Identifiers (such as name, email address, phone number, company / employer, job title, and account credentials).
  • Commercial information (such as demo bookings, sales communications, products or services purchased, and Customer billing information).
  • Internet or other electronic network activity information (such as IP address, cookie identifiers, device identifiers, browser type, operating system, referring URLs, pages viewed, timestamps, and information about your interactions with our website and Services).
  • Audio, voice, and biometric information (such as voice recordings, transcripts, and inferences derived from voice that are submitted to or generated by the Services), as further described below.
  • Inferences and analytics derived from any of the foregoing (such as engagement scores, lead-quality signals, and aggregate usage analytics).
  • Cookies and similar tracking technologies, as further described in the “Cookies and tracking technologies” section below.

Use of Information

We use personal information for the following purposes:

  • To operate, maintain, and improve our website and the Services.
  • To respond to your inquiries, schedule and conduct demos, and provide customer support.
  • To analyze traffic, measure performance, and conduct research and development.
  • For marketing, advertising, and promotional communications, in compliance with applicable law and your preferences.
  • To detect, prevent, and respond to fraud, abuse, security incidents, and unlawful activity, and to enforce our agreements.
  • To comply with our legal, regulatory, tax, accounting, and reporting obligations.

Use of the heybreez Website

As is true of most other websites, heybreez’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of heybreez’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

heybreez has a legitimate interest in understanding how members, customers and potential customers use its website. This assists heybreez with providing more relevant products and services, with communicating value to our sponsors and corporate members, and with providing appropriate staffing to meet member and customer needs.

Voice, Audio, and Biometric Information

We process Voice Data only for the purposes of (i) providing, securing, and improving the Services to our Customer (the controller of the Voice Data); (ii) generating, transmitting, and storing transcripts and outputs the Customer has requested; (iii) detecting, preventing, and responding to fraud, abuse, security incidents, and unlawful activity; and (iv) complying with our legal obligations. We do not sell Voice Data, do not use it for cross-context behavioral advertising, and do not use it to identify or profile data subjects beyond what is required to deliver the Services.

Our enterprise Customers are responsible, as data controllers, for obtaining all consents and providing all notices required for the collection and processing of Voice Data of their end users (including, where applicable, BIPA-compliant written consent and a written data retention and destruction schedule). Voice Data is retained only as long as necessary to deliver the Services and is destroyed in accordance with the retention schedule set out below or as instructed by the Customer. Where we act as a controller of Voice Data with respect to our own employees, prospects, or website visitors, we will collect such data only with appropriate legal basis and notice and will not disclose biometric identifiers to third parties except as required to provide the Services or as required by law.

Use of Personal Data for AI/ML Model Training

heybreez does not use Customer Voice Data, Customer transcripts, or other Customer-submitted personal data to train, fine-tune, or otherwise develop generally available, customer-facing AI models without the Customer’s prior, explicit, written opt-in. Where a Customer opts in (or where we operate a free trial in which training is disclosed), we will use only data that has been de-identified and/or aggregated using techniques designed so that the data cannot reasonably be used, alone or in combination with other reasonably available information, to identify a particular individual. Customers and end users may withdraw any prior opt-in to model training at any time by contacting support@heybreez.ai; withdrawal applies prospectively and does not require destruction of model weights already trained. We do not share Customer personal data with third-party model providers for use in training their generally available models, and our written agreements with such providers prohibit such use.

Cookies and tracking technologies

heybreez and its website use cookies and similar tracking technologies (collectively, “Cookies”) to operate our Services, remember your preferences, analyze usage, and where applicable serve marketing. We use the following categories of Cookies: (i) Strictly Necessary Cookies, which are required to deliver the Services and cannot be disabled; (ii) Functional Cookies, which remember your preferences; (iii) Analytics Cookies (e.g., Google Analytics), which help us understand site usage; and (iv) Marketing Cookies, which may be set by us or our advertising partners. Where required by applicable law (including the EU/UK ePrivacy regime, the EU GDPR, and U.S. state consumer privacy laws), we will obtain your prior, freely given, specific, informed, and unambiguous consent before placing non-essential Cookies, and you may withdraw consent at any time using our cookie consent banner or by visiting our Cookie Settings page. We honor recognized opt-out preference signals, including the Global Privacy Control (GPC), as required under the California Consumer Privacy Act and similar laws. A complete, current list of the Cookies we deploy, their purposes, providers, and durations is maintained on our website.

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors (including RB2B) to associate these activities with other personal information they or others have about you, including by association with your email address. We (or service providers on our behalf) may then send communications and marketing to those email addresses. You may opt out of RB2B’s collection and use of your information at https://app.retention.com/optout, exercise the GDPR-specific opt-out (if enabled) at https://www.rb2b.com/rb2b-gdpr-opt-out, and manage your other tracking preferences at any time via our cookie banner.

Use of the heybreez services

We use information you provide and information generated by your use of the Services to deliver, secure, and improve the platform, and to fulfill our contractual and legal obligations to you and our Customers. Customer-controlled data is processed under the terms of the applicable Customer agreement and Data Processing Addendum.

When and how we share information with third parties

The personal information heybreez collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, heybreez engages third parties to send information to you, including information about our products, services, and events.

The list currently includes (without limitation): Amazon Web Services, Inc. (cloud hosting and storage; United States); a primary speech-to-text and large language model provider (model inference; United States); a customer support / ticketing provider; an analytics and product telemetry provider; an email and transactional messaging provider; a billing and payments provider; and a customer relationship management provider. We require all sub-processors to be bound by written contracts that impose data protection obligations no less protective than those set forth in this Privacy Notice and the EU Standard Contractual Clauses where applicable. We will provide reasonable advance notice of material changes to this sub-processor list and will give Customer Data controllers a reasonable opportunity to object before any new sub-processor begins processing personal data.

We do not otherwise reveal your personal data to non-heybreez persons or businesses for their independent use unless: (1) you request or authorize it; (2) it’s in connection with heybreez-hosted and heybreez co-sponsored conferences as described above; (3) the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (4) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (5) to address emergencies or acts of God; or (6) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf. We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes.

In summary, we share information with the following categories of recipients:

  • Service providers (including hosting, cloud storage, analytics, customer relationship management, ad-tech, billing, and customer support providers).
  • Marketing and analytics partners (including RB2B and similar website-visitor identification, attribution, and remarketing partners).
  • Legal, regulatory, or governmental authorities when required by law or to protect our rights or the rights, property, or safety of others.
  • Counterparties to corporate transactions (e.g., a successor entity in connection with a merger, acquisition, financing, reorganization, or sale of all or substantially all of our assets), subject to customary confidentiality protections.

We do not sell personal information for monetary consideration. However, certain disclosures of personal information for cross-context behavioral advertising may be considered “sharing” (or, in some jurisdictions, “selling”) under the California Privacy Rights Act (CPRA) and similar U.S. state privacy laws. You may opt out of any such sharing/selling using the mechanisms described in the “U.S. State Consumer Privacy Rights” section below or by emailing support@heybreez.ai.

The heybreez website connects with third party services such as Facebook, LinkedIn, X (formerly Twitter) and others. If you choose to share information from the heybreez website through these services, you should review the privacy policy of that service. If you are a member of a third party service, the aforementioned connections may allow that service to connect your visit to our site to your personal data.

Transferring personal data to the U.S.

heybreez has its headquarters in the United States. Information we collect about you will be processed in the United States. By using heybreez’s services, you acknowledge that your personal information will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, heybreez is providing for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA and the UK. These clauses have been enhanced based on the guidance of the European Data Protection Board and will be updated when the new draft model clauses are approved. Depending on the circumstance, heybreez also collects and transfers to the U.S. personal data with consent; to perform a contract with you; or to fulfill a compelling legitimate interest of heybreez in a manner that does not outweigh your rights and freedoms. heybreez endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with heybreez and the practices described in this Privacy Statement. heybreez also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate. Since it was founded, heybreez has received zero government requests for information.

For more information or if you have any questions, please contact us at support@heybreez.ai.

Data Subject rights

The European Union’s General Data Protection Regulation (GDPR) and other countries’ privacy laws provide certain rights for data subjects. Data Subject rights under GDPR include the following:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right of data portability
  • Right to object
  • Rights related to automated decision making including profiling

This Privacy Notice is intended to provide you with information about what personal data heybreez collects about you and how it is used.

If you wish to confirm that heybreez is processing your personal data, or to have access to the personal data heybreez may have about you, please contact us.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside heybreez might have received the data from heybreez; what the source of the information was (if you didn’t provide it directly to heybreez); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by heybreez if it is inaccurate. You may request that heybreez erase that data or cease processing it, subject to certain exceptions. You may also request that heybreez cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how heybreez processes your personal data. When technically feasible, heybreez will—at your request—provide your personal data to you.

Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, heybreez will provide you with a date when the information will be provided. If for some reason access is denied, heybreez will provide an explanation as to why access has been denied.

For questions or complaints concerning the processing of your personal data, you can email us at support@heybreez.ai. Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or with your nation’s data protection authority.

U.S. State Consumer Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, or another U.S. state with a comprehensive consumer privacy law (each, a “State Privacy Law”), you have certain rights with respect to your personal information, which may include: (i) the right to know or access the categories and specific pieces of personal information we have collected; (ii) the right to delete your personal information; (iii) the right to correct inaccurate personal information; (iv) the right to data portability; (v) the right to opt out of the “sale” or “sharing” of personal information and the use of personal information for cross-context behavioral advertising or targeted advertising; (vi) the right to limit the use and disclosure of sensitive personal information; (vii) the right to opt out of profiling that produces legal or similarly significant effects; (viii) the right to appeal a denial of a privacy request; and (ix) the right to non-discrimination for exercising any of these rights.

heybreez does not “sell” personal information for monetary consideration as that term is commonly understood, and we do not “share” personal information for cross-context behavioral advertising. We do not knowingly process the personal information of consumers under the age of 16 for purposes of sale or sharing. To exercise any of the rights described above, please submit a request to support@heybreez.ai. We will respond within the timeframes required by applicable law (typically within 45 days under CCPA/CPRA, with one extension for an additional 45 days where reasonably necessary). We will verify your identity using information reasonably necessary to confirm you are the consumer about whom we have collected personal information. Authorized agents may submit requests on your behalf with appropriate written authorization. If we deny your request, you have the right to appeal that decision; instructions for appeal will be provided in our response.

Categories of personal information collected, sources, business or commercial purposes for collection, and categories of recipients are described in the “How we collect and use (process) your personal information” and “Sharing information with third parties” sections above. We honor recognized opt-out preference signals (including the Global Privacy Control) when received from a known browser. California residents may also request information regarding our compliance with California’s Shine the Light law (Cal. Civ. Code § 1798.83). Nevada residents may opt out of the sale of certain “covered information” under Nevada SB 220.

Security of your information

heybreez maintains an information security program designed to protect the confidentiality, integrity, and availability of personal data, including administrative, physical, organizational, and technical safeguards appropriate to the nature of the personal data processed. These safeguards include, without limitation: (i) encryption of personal data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent); (ii) role-based access controls, least-privilege provisioning, and multi-factor authentication for production systems; (iii) network segmentation, firewalling, and intrusion detection; (iv) centralized logging and security monitoring; (v) vulnerability management, regular third-party penetration testing, and timely patching; (vi) secure software development practices including code review and dependency scanning; (vii) workforce security training and confidentiality obligations; (viii) vendor risk management and written data protection terms with all sub-processors; and (ix) documented incident response and business continuity / disaster recovery plans that are reviewed and tested at least annually. heybreez is working toward, and intends to maintain, SOC 2 and ISO 27001 certification. No security program can guarantee absolute security; data subjects share responsibility for protecting their account credentials and notifying heybreez of any suspected unauthorized access.

Data Breach Notification

In the event of a confirmed personal data breach (as defined under the GDPR or applicable U.S. state law), heybreez will notify the relevant supervisory authority and affected Customer data controllers without undue delay and, where feasible, no later than seventy-two (72) hours after becoming aware of the breach, in accordance with Article 33 of the GDPR and applicable state breach-notification laws. Where required, we will also notify affected data subjects without undue delay and provide the information required under Article 34 of the GDPR (or its equivalent), including the nature of the breach, the categories and approximate number of data subjects and personal data records concerned, the likely consequences, and the measures taken or proposed to mitigate possible adverse effects. Customers acting as controllers remain responsible for any required notifications to their end users.

Marketing Communications and Your Choices

heybreez may send you marketing emails about our products and services where permitted by law, either based on your consent or our legitimate interests in marketing similar products to existing customers. Each marketing email will include an unsubscribe link in compliance with the U.S. CAN-SPAM Act, Canada’s Anti-Spam Legislation (CASL), and EU/UK ePrivacy rules; we will honor unsubscribe requests within ten (10) business days. You may also opt out of all marketing communications at any time by emailing support@heybreez.ai. Where we use your phone number for marketing or service-related calls or text messages, we will comply with the Telephone Consumer Protection Act (TCPA) and obtain any required prior express consent. Opting out of marketing will not affect transactional communications that are necessary to provide the Services (such as billing, security alerts, and product changes).

Data storage and retention

Your personal data is stored by heybreez on its servers, and on the servers of the cloud-based database management services heybreez engages, located in the United States. heybreez retains personal data only for as long as necessary to fulfill the purposes for which it was collected, to provide the Services, to comply with our legal, regulatory, tax, accounting, and reporting obligations, and to resolve disputes and enforce our agreements. The criteria used to determine retention periods include: (i) the duration of the Customer relationship and applicable contractual commitments; (ii) the existence of legal or regulatory obligations to retain data; (iii) whether retention is advisable in light of legal positions (such as in connection with applicable statutes of limitation, litigation, or regulatory investigations); and (iv) operational and security needs.

Indicative retention periods are as follows:

  • Account, billing, and contact data — duration of the Customer relationship plus seven (7) years.
  • Voice Data and call recordings — as configured by the Customer in the Services (default ninety (90) days, customizable down to thirty (30) days for enterprise plans).
  • Transcripts and conversation metadata — as configured by the Customer (default thirteen (13) months).
  • Marketing prospect data — up to twenty-four (24) months from last engagement absent a renewed lawful basis.
  • Security and audit logs — up to thirteen (13) months.
  • Backup data — up to thirty-five (35) days from creation.
  • Aggregated and de-identified data — may be retained indefinitely.

All personal data that heybreez controls may be deleted upon verified request from Data Subjects or their authorized agents, subject to limited exceptions permitted by law (e.g., legal hold, fraud prevention, or completion of a contract). For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at support@heybreez.ai.

Children’s data

We do not knowingly attempt to solicit or receive information from children. The Services are intended for business use and are not directed to children. We do not knowingly collect personal information from children under the age of 13 (or under the age of 16 in jurisdictions where the GDPR applies, or such higher age as may be required by local law). Consistent with the U.S. Children’s Online Privacy Protection Act (COPPA), Article 8 of the EU GDPR, and equivalent laws in other jurisdictions, if we become aware that we have collected personal information from a child without verifiable parental or guardian consent, we will delete that information promptly. If you believe a child has provided us with personal information, please contact support@heybreez.ai and we will investigate and take appropriate action.

Questions, concerns or complaints

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at:

heybreez108 West 13th Street, Wilmington, DE 19801support@heybreez.ai

Changes to This Privacy Notice; Version History

We may update this Privacy Notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The “Last Updated” date at the top of this Notice indicates when it was last revised. Material changes will be communicated to data subjects in advance, where feasible, by email or by a prominent notice on the Services.

Build What Works.