heywa logo

Privacy Policy

Last Updated: September 5th 2025

Heywa Ltd (“Heywa”, "we" or "us") is committed to protecting your privacy. This policy explains how we collect and use your personal data when you visit www.heywa.com or other platforms and services controlled by Heywa where this privacy policy is posted. It also describes your data protection rights, including the right to object to some of the processing which we carry out. More information about your rights and how to exercise them is set out in the “Your Rights” section.

For a printable version of this privacy policy, please click here.

  1. 1. What We Collect

    Most of the data we collect comes from you directly when you use our platform:

    • Account Data: Credentials such as your username and email address, and your preferences.
    • Usage Data: Data you input into our platform, including search queries, as well as data collected automatically based on how you interact with the platform, including page views, timestamps and feedback submissions.
    • Technical Data: Device info, browser type, IP address, approximate geolocation.
    • Cookies: We use essential and analytics cookies, with user consent where required.

    We may also receive data about you from third parties, and when this is the case we will let you know where appropriate.

    For residents of California, we are required to describe the same information using the categories set out in the California Consumer Privacy Act (CCPA/CPRA):

    • Identifiers (Yes): For example, email address, username, IP address, device ID.
    • Characteristics of protected classifications (No): We do not collect characteristics such as race, gender or religion.
    • Commercial information (No): We do not currently collect purchase history or similar commercial information.
    • Biometric data (No): We do not collect biometric data.
    • Internet or other electronic network activity information (Yes): For example, search queries, page views, timestamps, interactions and cookie/analytics data.
    • Geolocation data (Yes): Approximate location from your IP address.
    • Audio, electronic, visual, thermal, olfactory or similar information (No): We do not collect this information.
    • Professional or employment-related information (No): We do not collect this information.
    • Education information (No): We do not collect this information.
    • Inferences drawn to create a profile (Limited): For example, preferences you select within your account (such as content settings).
    • Sensitive personal information (No): We do not collect sensitive personal information as defined by California law.

  2. 2. How We Use Your Data, and Our Legal Basis for Processing

    We will use your personal data for the following purposes. In each case, in the UK we must have a specific ‘legal basis’ for doing so. Our purposes and legal basis are explained below.

    • To provide, maintain and improve Heywa’s products and services: we process your personal data in order to perform our contract with you (for example under our Terms of Service).
    • To personalise and refine search experiences: we have a legitimate interest in operating our platform and improving its operation, as well as designing and building new features and products. In certain circumstances we may ask for your consent for this, in which case we rely on your consent (and will make this clear when we ask).
    • To conduct internal analytics and research: we have a legitimate interest in operating our platform and improving its operation, as well as to design and build new features and products.
    • To communicate with you, including to send you information about our services and products (for example regarding updates): where we are contacting you with a service message, we do so based on our legitimate interest in communicating with our users. Where we do so for marketing purposes, we will rely on consent where required.
    • To comply with applicable laws and respond to legal requests: where we have a direct legal obligation to do so, our legal basis is to comply with that obligation (for example to respond to statutory requests). Where we do not have a direct legal obligation, we may do so on the basis of our or a third party’s legitimate interests, including our legitimate interest in operating our business and third parties’ legal obligations.
    • To administer our business and the platform, including to prevent fraud, illegal activity, or misuse of the platform and to protect Heywa, our users and the public: where we have a direct legal obligation to do so, our legal basis is to comply with that obligation. Where we do not have a direct legal obligation, we may do so on the basis of our legitimate interests in running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise.

  3. 3. Data Retention

    We will keep your personal data for as long as reasonably necessary to fulfil the purposes we have collected it for, including for the purposes of satisfying any legal or regulatory requirements. We may also retain your personal data for a longer period in the event of any dispute.

    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure of the personal data; the purpose for which we use the personal data; whether we can achieve those purposes through other means; and the applicable legal requirements.

    Usage and analytics data is retained for up to 12 months unless otherwise required by law.

    Account data is generally retained for as long as you maintain an account with Heywa and for up to 12 months thereafter to enable us to resolve any disputes or issues. Certain minimal records (such as consent, transaction, or legal compliance records) may be retained for up to 6 years in line with UK statutory limitation periods.

    Feedback and support correspondence may be retained for 12 months, for audit or moderation purposes.

  4. 4. Your Rights

    You may request access to (including a copy of), correction, deletion, or restriction of your personal data. Where you have provided your personal data to us, you can ask us to “port” this over in certain circumstances to you or to an alternative provider, where technically feasible.

    Where we are relying on your consent, you may withdraw that consent, and you may object to certain processing (such as processing for direct marketing purposes). Please note that withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

    These rights may depend on where you are located, and may be limited by law – for example, if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. We may also take steps to confirm your identity and eligibility to exercise these rights. This is a security measure to ensure, for example, that personal data is not disclosed to any person who has no right to receive it.

    You can exercise these rights by contacting us at privacy@heywa.com.

    In the UK, you have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues, as well as to us. We would always appreciate the chance to resolve your concerns before you approach the ICO.

  5. 5. Rights for U.S. Residents

    Depending on applicable U.S. state law, you may have certain rights including:

    • The right to know and right to access information about the categories and specific pieces of personal data we have collected about you, as well as the categories of sources from which such data is collected, the purpose for collecting such data, and the categories of third parties with whom we share such data.
    • The right to know if we have sold or shared your personal data.
    • The right to request a copy of the personal data we have collected, and upon request, to receive this information in a readily-usable electronic form.
    • The right to request the deletion of your personal data, subject to certain legal exceptions.
    • The right to opt out of the “sale” or “sharing” of your personal data to third parties.
    • The right to correct your personal data if inaccurate.
    • The right to limit the use and disclosure of your sensitive personal data if we use such data to infer characteristics about you.
    • The right to not be discriminated against for exercising any of these rights.

    To exercise any of the above rights, please submit a verifiable consumer privacy request to privacy@heywa.com. You may also be able to use an online request form where this is made available on our website.

    We cannot respond to your request or provide you with personal data unless we can verify your identity and your authority to make the request and confirm that the personal data relates to you. A verifiable consumer privacy request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we have collected personal data or an authorised representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.

    You may, under certain circumstances, authorise another individual or a business, called an Authorised Agent, to make requests on your behalf. If you wish to have an Authorised Agent make a verifiable consumer request on your behalf, they will need to provide us with sufficient written proof that you have designated them as your Authorised Agent, and we will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we collected personal data.

    We do not charge a fee to process or respond to your verifiable consumer privacy request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

    You also have the right to appeal a denial of your request by contacting us using the details in the notice of denial.

    A California privacy law that went into effect on January 1, 2005, the “Shine the Light” law, allows California residents to obtain a list of third parties to whom a business has disclosed personal information if it shares such information with third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

    Residents of Nevada have the right to opt out of the sale of certain personal information to third parties. We currently do not sell your personal information as defined by Nevada law.

  6. 6. Data Sharing

    We share your personal data in the following circumstances:

    • With third party service providers we use for hosting, analytics and other support services. This includes third party AI models such as Google Gemini to power our platform, in which case your data will be sent to that third party to generate responses.
    • In the event that the business is sold or integrated with another business, in which case your data may be disclosed to our advisers and any potential purchaser’s advisers and ultimately passed to the new owners of the business.
    • With public bodies, law enforcement, courts and tribunals, including where necessary to comply with our legal obligations, and to enforce and protect our rights.

  7. 7. Data Transfers

    Due to the global nature of our business, we may transfer your personal data to and store it at a location outside of the UK, including to the United States to certain of our third party service providers. For example, data is hosted in the US by Google Cloud.

    Where these locations do not provide the same level of data protection, we ensure appropriate safeguards are in place to protect the transfer of your personal data. For the transfers to the US, we rely upon Google Cloud’s certification under the UK extension to the US-EU Data Privacy Framework.

    A copy of the relevant mechanism can be obtained for your review on request by using the contact details below.

  8. 8. Cookies

    We use a consent-based cookie management system that enables you to provide or withdraw consent for the use of cookies. Essential cookies are used by default to enable core site functionality.

    Non-essential cookies, such as analytics and performance cookies, are only activated with your explicit consent via our cookie banner.

    You can change your cookie preferences at any time by clicking “Cookie Settings” in the site sidebar menu.

    A full list of cookies in use, including their purpose, provider, and duration, is available on our cookie settings page or within the cookie banner when you first visit the site.

    In order to provide you with more personalised and relevant content, we may work with third-party analytics partners, which may be considered a "sale” or "sharing” as those terms are defined under applicable privacy laws, such as the California Consumer Privacy Act. The personal data we “sell” or “share” in this context is limited to your identifiers and internet or other electronic network activity information. At any time, you can opt out of the sale or sharing of your personal data by changing your cookies preferences using the “Cookie Settings” link in the site sidebar menu.

  9. 9. Contact

    For privacy-related inquiries or complaints, contact: privacy@heywa.com.

    In the UK, the data controller for your personal data is Heywa Ltd, registered in England and Wales at 9th Floor 107 Cheapside, London EC2V 6DN.