Privacy Policy

Last updated: March 22, 2026

1. Introduction

Heedb ("we", "our", "us") operates the Heedb platform, an embeddable contact widget SDK that allows businesses to collect feedback, support messages, and privacy requests from their users.

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website, dashboard, widget, or APIs.

2. Data We Collect

Account data: When you sign up, we collect your name, email address, and password (hashed). This is used to authenticate your account and manage your projects.

Submission data: When end-users submit messages through the Heedb widget, we collect their name, email address, and message content on behalf of the business operating the widget.

Usage data: We collect basic usage metrics such as API request counts and timestamps for rate limiting and analytics.

Technical data: We may collect IP addresses, browser user-agent strings, and referring domains for security and abuse prevention.

3. How We Use Your Data

  • To provide and operate the Heedb platform
  • To authenticate users and manage sessions
  • To process and route contact submissions and privacy requests
  • To send transactional emails (submission confirmations, magic link authentication, company notifications)
  • To perform AI-powered triage and classification of submissions
  • To enforce rate limits and prevent abuse

4. AI Processing

Submitted messages are processed by AI (Google Gemini) to classify them by category (bug report, feature request, question, etc.) and sentiment. This classification helps businesses prioritize and route messages. AI-generated classifications are stored alongside the original submission.

5. Data Sharing

We do not sell personal data. We share data only with:

  • Service providers: Resend (transactional email), Google Cloud (AI triage), and our hosting provider for infrastructure
  • Business customers: Submission data is shared with the business that operates the widget on their website, as they are the data controller for their end-users

6. Data Retention

Account data is retained for the lifetime of your account. Submission data is retained according to the data retention policy of the business customer. You may request deletion of your data at any time.

7. Your Rights (GDPR / CCPA)

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Request data portability
  • Object to or restrict processing
  • Withdraw consent at any time

End-users can submit privacy requests directly through the Heedb widget. Account holders can contact us at [email protected].

8. Security

We use industry-standard security measures including encrypted connections (TLS), hashed passwords, signed session tokens, and API key authentication. Data is stored in PostgreSQL with SSL-encrypted connections.

9. Cookies

We use session cookies for authentication. We do not use tracking cookies or third-party analytics cookies. The widget does not set cookies on the host website.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered account holders. The "Last updated" date at the top indicates the most recent revision.

11. Contact

For questions about this policy or to exercise your data rights, contact us at [email protected].