Privacy Policy - HeyCue.ai

1. Introduction

Welcome to HeyCue.ai ("HeyCue," "we," "us," or "our"). HeyCue is an AI-powered personal assistant platform operated by RippleCue LLC. We are committed to protecting your privacy and ensuring you understand how we collect, use, and safeguard your personal information.

This Privacy Policy explains our practices regarding data collection, use, and disclosure when you use our AI services, mobile applications, web applications, and related services (collectively, the "Services").

Our Core Privacy Commitment: We will never sell your personal data to third parties. Your data is used solely to provide and improve our AI services for you.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: Name, email address, phone number, and password when you create an account
Profile Information: Profile picture, preferences, and settings you configure
Communications: Messages, queries, and content you submit through our AI chat interface
Payment Information: Billing address, payment method details (processed securely through third-party payment processors)
Support Requests: Information you provide when contacting our customer support

2.2 Information from Connected Services

When you authorize HeyCue to connect with third-party services, we may collect:

Email Services (Gmail, Outlook): Email metadata, subject lines, sender/recipient information, and email content to enable search and AI assistance
Calendar Services (Google Calendar, Outlook Calendar): Event titles, dates, times, locations, attendees, and descriptions
Cloud Storage (Google Drive, OneDrive, Dropbox): File names, metadata, and content for files you explicitly grant access to
Financial Services (via Plaid): Account balances, transaction history, merchant names, and categories
Communication Platforms (Slack, WhatsApp Business): Messages and metadata necessary to provide AI assistance

2.3 Information Collected Automatically

Device Information: Device type, operating system, unique device identifiers, browser type
Usage Data: Features used, queries made, interaction patterns, timestamps
Log Data: IP address, access times, pages viewed, app crashes, and system activity
Location Data: General location based on IP address (we do not collect precise GPS location unless explicitly enabled)

2.4 AI-Generated Information

Derived Insights: Patterns, summaries, and insights generated by our AI from your connected data
Conversation History: Your interactions with our AI assistant to provide context and improve responses
Embeddings and Vectors: Mathematical representations of your data used for semantic search and retrieval

3. How We Use Your Information

Purpose	Data Used	Legal Basis
Provide AI Assistant Services	All connected data, queries, conversation history	Contract performance
Account Management	Account information, profile data	Contract performance
Process Payments	Payment and billing information	Contract performance
Improve Our Services	Usage data, anonymized interactions	Legitimate interest
Customer Support	Account info, support communications	Contract performance
Security & Fraud Prevention	Device info, log data, usage patterns	Legitimate interest
Legal Compliance	As required by applicable law	Legal obligation

4. AI Processing and Machine Learning

4.1 How Our AI Processes Your Data

HeyCue uses artificial intelligence and machine learning to provide personalized assistance. This includes:

Natural Language Processing: Understanding and responding to your queries in natural language
Semantic Search: Finding relevant information across your connected services using context and meaning, not just keywords
Pattern Recognition: Identifying trends in your financial data, scheduling patterns, and communication habits
Personalization: Adapting responses based on your preferences and interaction history

4.2 AI Model Training

Important: We do NOT use your personal data to train our general AI models. Your data is used solely to provide personalized services to you and is not shared with or used to improve models for other users.

4.3 Third-Party AI Services

We may use third-party AI services (such as large language model APIs) to process your queries. When we do:

Data is transmitted securely using encryption
We have data processing agreements with these providers
These providers are contractually prohibited from using your data for their own purposes
We minimize the personal data sent to only what's necessary for the request

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We will never sell, rent, or lease your personal information to third parties for their marketing purposes.

5.2 Service Providers

We share data with trusted service providers who assist us in operating our Services:

Cloud Infrastructure: Microsoft Azure, Google Cloud Platform for secure data storage and processing
Payment Processing: Stripe for secure payment handling
Financial Data: Plaid for secure bank account connections
Analytics: Privacy-focused analytics to improve our services
Customer Support: Help desk platforms for support ticket management

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Valid legal process (subpoenas, court orders)
Government requests that meet legal requirements
Protect our rights, privacy, safety, or property
Enforce our Terms of Service

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will provide notice before your data becomes subject to a different privacy policy.

6. Data Security

We implement comprehensive security measures to protect your data:

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Strict role-based access controls for our team members
Authentication: OAuth 2.0 for third-party service connections; optional two-factor authentication for your account
Infrastructure Security: Enterprise-grade cloud infrastructure with SOC 2 compliance
Regular Audits: Periodic security assessments and penetration testing
Monitoring: 24/7 security monitoring and incident response procedures

7. Data Retention

Active Account Data: Retained while your account is active and as needed to provide Services
Conversation History: Retained for 2 years or until you delete it, whichever comes first
Connected Service Data: Synced data is refreshed regularly; cached data is retained for up to 90 days after disconnection
Account Deletion: Upon account deletion request, we delete your data within 30 days, except where retention is required by law
Backup Retention: Encrypted backups may be retained for up to 90 days for disaster recovery purposes

8. Your Rights and Choices

8.1 Access and Portability

You can request a copy of your personal data in a portable format at any time through your account settings or by contacting us.

8.2 Correction

You can update or correct your account information through your account settings.

8.3 Deletion

You can delete your account and associated data at any time. This action is irreversible.

8.4 Disconnect Services

You can disconnect any third-party service at any time through your account settings. We will stop accessing new data immediately and delete cached data within 90 days.

8.5 Opt-Out of Communications

You can opt out of marketing communications by clicking "unsubscribe" in any email or updating your notification preferences.

8.6 Additional Rights for EEA/UK Residents

If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR including:

Right to restrict processing
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

8.7 California Residents (CCPA)

California residents have the right to:

Know what personal information is collected
Know if personal information is sold or disclosed and to whom
Opt out of the sale of personal information (we do not sell your data)
Access your personal information
Request deletion of your personal information
Non-discrimination for exercising these rights

9. Children's Privacy

HeyCue is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will delete that information promptly.

10. International Data Transfers

HeyCue is operated from the United States. If you are accessing our Services from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers from the EEA/UK, we use Standard Contractual Clauses approved by the European Commission and implement appropriate safeguards.

11. Third-Party Links and Services

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending you an email notification for significant changes

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@heycue.ai
Mail: RippleCue LLC, Attn: Privacy Team

For data protection inquiries from EEA/UK residents, you may also contact our Data Protection Officer at dpo@heycue.ai.