Privacy Policy

1. Overview

Welcome to HEY YO! ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our chat platform and related services (collectively, the "Service"). We are committed to protecting your privacy and being transparent about our data practices.

🔒 Our Privacy Commitment

We believe privacy is a fundamental right. We collect only the minimum data necessary to provide our service, use end-to-end encryption for all messages, and give you complete control over your information.

Key Principles

Minimal Data Collection: We collect only what's necessary for the service to function
User Control: You decide what information to share and can delete it anytime
Transparency: We clearly explain what we do with your data
Security First: All communications are encrypted and secured
No Selling: We never sell your personal information to third parties

By using HEY YO!, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

We collect information you provide directly to us, information we obtain automatically when you use our Service, and information from third parties in limited circumstances.

Information You Provide

✅ What We Collect

• Username (chosen by you)
• Age (for safety and legal compliance)
• Messages you send (encrypted)
• Profile information (optional)
• Interests and preferences (optional)
• Support communications
• Report and safety data

❌ What We DON'T Collect

• Real names or legal names
• Email addresses (optional only)
• Phone numbers
• Physical addresses
• Government ID numbers
• Financial information
• Biometric data

Information We Collect Automatically

When you use our Service, we automatically collect certain information about your device and usage patterns:

Device Information: Device type, operating system, browser type and version
Usage Data: Features used, time spent, interaction patterns (anonymized)
Technical Data: IP address (hashed for privacy), connection timestamps
Performance Data: Error logs, crash reports, performance metrics

📍 Location Information

We do NOT collect precise location data. We may derive general location (country/region) from IP addresses for legal compliance and service optimization, but this is not linked to your identity.

Information from Third Parties

We may receive limited information from third parties only in these specific circumstances:

Social Media Integration: If you choose to connect social accounts (profile picture, username)
Payment Processors: Transaction data for premium subscriptions (no financial details stored)
Analytics Services: Aggregated, anonymized usage statistics
Safety Partners: Information about known threats or harmful content

3. How We Use Information

We use the information we collect for specific, legitimate purposes that directly benefit your experience on HEY YO!. We never use your data for purposes you haven't consented to.

💬

Service Delivery

• Enable real-time messaging
• Match you with compatible users
• Maintain chat history during sessions
• Provide customer support

🛡️

Safety & Security

• Detect and prevent abuse
• Investigate safety reports
• Enforce community guidelines
• Protect against fraud and spam

⚙️

Service Improvement

• Analyze usage patterns (anonymized)
• Develop new features
• Fix bugs and improve performance
• Optimize user experience

⚖️

Legal Compliance

• Comply with applicable laws
• Respond to legal requests
• Protect our legal rights
• Age verification for safety

🎯 Purpose Limitation

We only use your information for the specific purposes listed above. We will never use your data for unrelated purposes without your explicit consent. If we want to use your information for a new purpose, we'll ask for your permission first.

Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

Contractual Necessity: Processing necessary to provide our chat service
Legitimate Interests: Safety, security, and service improvement (balanced against your rights)
Legal Obligation: Compliance with applicable laws and regulations
Consent: For optional features like marketing communications (you can withdraw anytime)

4. Information Sharing and Disclosure

🚫 We Never Sell Your Data

HEY YO! has never sold personal information and never will. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your information only in the limited circumstances described below. We require all third parties to respect the security of your personal data and treat it in accordance with applicable law.

When We May Share Information

🔧 Service Providers

We work with trusted third-party companies to help us provide our service:

• Cloud hosting providers (encrypted data storage)
• Analytics services (anonymized usage data only)
• Customer support tools (support conversations only)
• Payment processors (transaction data only, no financial details stored)

All service providers are contractually bound to protect your data and use it only for specified purposes.

⚖️ Legal Requirements

We may disclose information when required by law or to protect safety:

• Valid legal process (subpoenas, court orders)
• Law enforcement requests (with proper legal authority)
• Emergency situations involving imminent harm
• Protection of our legal rights and property

We review all legal requests carefully and provide only the minimum information required by law.

🛡️ Safety and Security

To protect our community, we may share limited information:

• With safety organizations to combat abuse
• Threat intelligence to prevent harmful content
• Aggregated safety statistics (no personal identifiers)

🏢 Business Transfers

In the unlikely event of a business transaction:

• Merger, acquisition, or sale of assets
• Bankruptcy or similar proceedings

You would be notified of any such transaction, and your rights under this Privacy Policy would be preserved.

Information We Don't Share

❌ Marketing Companies: We never share your data for third-party marketing
❌ Data Brokers: We don't sell or provide data to information brokers
❌ Advertisers: We don't share personal information with advertising networks
❌ Social Media: We don't automatically share your activity on social platforms
❌ Governments: We don't provide bulk access to any government (except as legally required)

5. Data Security

Protecting your information is our top priority. We implement multiple layers of security to safeguard your data against unauthorized access, alteration, disclosure, or destruction.

🔐 Encryption

• End-to-End Encryption: All messages encrypted before leaving your device
• TLS 1.3: Secure data transmission
• AES-256: Military-grade data encryption at rest
• Key Management: Secure encryption key handling

🏰 Infrastructure Security

• Secure Data Centers: SOC 2 Type II certified facilities
• Network Security: Firewalls, intrusion detection, DDoS protection
• Access Controls: Multi-factor authentication for all staff
• Regular Audits: Third-party security assessments

👥 Access Management

• Principle of Least Privilege: Minimal necessary access only
• Role-Based Access: Permissions based on job function
• Access Logging: All data access is monitored and logged
• Regular Reviews: Quarterly access permission audits

🔍 Monitoring & Response

• 24/7 Monitoring: Continuous security monitoring
• Incident Response: Rapid response to security events
• Vulnerability Management: Regular security updates and patches
• Breach Notification: Immediate notification if data is compromised

🏆 Security Certifications

HEY YO! maintains the following security certifications and compliance standards:

• SOC 2 Type II Compliance
• ISO 27001 Information Security Management
• GDPR Data Protection Compliance
• CCPA Consumer Privacy Compliance
• Regular penetration testing by certified security firms

What You Can Do

Security is a shared responsibility. Here's how you can help protect your account:

Use Strong Passwords: If you create an account, use a unique, strong password
Keep Software Updated: Use the latest version of your browser or app
Be Cautious: Don't share personal information in chats
Report Issues: Contact us immediately if you notice suspicious activity
Log Out: Log out when using shared or public devices

6. Your Privacy Rights

You have significant control over your personal information. Depending on your location, you may have additional rights under laws like GDPR (EU), CCPA (California), or PIPEDA (Canada).

👁️ Right to Access

You can request a copy of all personal information we have about you.

✏️ Right to Rectification

You can correct any inaccurate or incomplete information.

🗑️ Right to Erasure

You can request deletion of your personal information ("right to be forgotten").

📦 Right to Portability

You can export your data in a machine-readable format.

⏸️ Right to Restrict Processing

You can limit how we process your information in certain circumstances.

🚫 Right to Object

You can object to certain types of processing, including marketing.

⚡ How to Exercise Your Rights

Exercising your privacy rights is easy and free:

• In-App: Use privacy controls in your account settings
• Email: Contact privacy@heyyo.in with your request
• Live Chat: Use our support chat for immediate assistance
• Response Time: We respond to all requests within 30 days (usually much faster)

California Privacy Rights (CCPA)

If you're a California resident, you have additional rights under the California Consumer Privacy Act:

Right to Know: What personal information we collect and how we use it
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of the sale of personal information (we don't sell data)
Right to Non-Discrimination: We won't discriminate against you for exercising your rights

European Privacy Rights (GDPR)

If you're in the European Union, you have rights under the General Data Protection Regulation, including all the rights listed above plus:

Right to Lodge a Complaint: You can complain to your local data protection authority
Right to Withdraw Consent: Withdraw consent for processing based on consent
Automated Decision-Making: Right not to be subject to automated decision-making

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, provide security, and analyze how our service is used. You have control over most cookies and can manage your preferences.

Types of Cookies We Use

🔧 Essential Cookies

Required

Necessary for the service to function properly. Cannot be disabled.

• Authentication and session management
• Security and fraud prevention
• Load balancing and performance
• User preferences and settings

📊 Analytics Cookies

Optional

Help us understand how users interact with our service (anonymized data only).

• Page views and feature usage
• Performance metrics
• Error tracking and debugging
• A/B testing for improvements

⚙️ Functional Cookies

Optional

Enable enhanced functionality and personalization.

• Language and region preferences
• Theme and display settings
• Chat history and bookmarks
• Accessibility preferences

🍪 Cookie Management

You can control cookies through:

• Browser Settings: Most browsers allow you to block or delete cookies
• Privacy Settings: Use our in-app cookie preferences
• Opt-Out Tools: Industry opt-out tools for analytics cookies

Third-Party Cookies

We may use third-party services that set their own cookies. These include:

Google Analytics: Website usage analytics (anonymized)
Cloudflare: Security and performance optimization
Support Tools: Customer service chat widgets

Note: Disabling certain cookies may affect the functionality of our service. Essential cookies cannot be disabled as they are necessary for security and basic functionality.

8. International Data Transfers

HEY YO! is a global service with users worldwide. This section explains how we handle international data transfers while maintaining strong privacy protections.

🇺🇸

United States

Primary data centers with SOC 2 compliance

🇪🇺

European Union

GDPR-compliant data processing

🌏

Asia Pacific

Regional data centers for performance

Transfer Safeguards

When we transfer your data internationally, we ensure it receives the same level of protection through:

Standard Contractual Clauses (SCCs): EU-approved contract terms for data protection
Adequacy Decisions: Transfers to countries with adequate privacy laws
Binding Corporate Rules: Internal policies ensuring consistent protection
Encryption in Transit: All data encrypted during international transfers
Data Minimization: Only necessary data is transferred

🌍 Data Localization

Where legally required, we store data locally within specific regions. For example, EU user data is primarily processed within the EU, with transfers outside only when necessary and with appropriate safeguards.

Your Control Over International Transfers

You have options regarding international data transfers:

Opt-Out: You can request that your data not be transferred to specific countries
Local Processing: Request processing only within your region (may limit functionality)
Transfer Notifications: We'll notify you of any new transfer arrangements

9. Children's Privacy

🔞 Age Requirement

HEY YO! requires users to be at least 13 years old. We do not knowingly collect personal information from children under 13. If you're under 18, please get parental permission before using our service.

We take children's privacy seriously and have implemented special protections for users under 18, in compliance with COPPA (Children's Online Privacy Protection Act) and similar laws worldwide.

Special Protections for Minors

🛡️ Enhanced Safety

• Stricter content filtering and moderation
• Limited contact with adult users
• Enhanced reporting and blocking tools
• Proactive monitoring for inappropriate behavior

🔒 Privacy Controls

• Minimal data collection for minors
• No behavioral advertising to users under 18
• Parental access to account information
• Easy account deletion process

Parental Rights and Controls

If your child uses HEY YO!, you have the following rights:

Access: Review what information we have collected from your child
Deletion: Request deletion of your child's personal information
Consent Withdrawal: Withdraw consent and delete the account
No Further Collection: Prevent further collection of your child's information

👨‍👩‍👧‍👦 For Parents

To exercise parental rights or if you believe your child under 13 has provided information to us:

• Email: parents@heyyo.in
• Phone: +1 (555) 123-KIDS
• Include: Child's username, your relationship, and verification of identity

Age Verification

We use several methods to verify user age and prevent underage access:

Self-Declaration: Users must confirm their age during registration
Behavioral Analysis: AI systems detect potentially underage behavior patterns
Community Reporting: Users can report suspected underage accounts
Manual Review: Suspicious accounts are manually reviewed by trained staff

10. Data Retention

We keep your information only as long as necessary to provide our service, comply with legal obligations, and protect our legitimate interests. We believe in data minimization and automatic deletion.

💬 Chat Messages

• Active Chats: Stored during conversation
• Auto-Delete: Deleted after 30 days of inactivity
• User Control: Delete messages anytime
• Safety Reports: Reported content kept for investigation

👤 Account Information

• Active Accounts: Kept while account is active
• Inactive Accounts: Deleted after 2 years of inactivity
• Deleted Accounts: Immediately removed (30-day grace period)
• Backup Systems: Purged within 90 days

📊 Analytics Data

• Usage Statistics: Anonymized and aggregated
• Retention Period: 26 months maximum
• Personal Identifiers: Removed after 90 days
• Research Data: Fully anonymized, no time limit

⚖️ Legal & Safety Data

• Safety Reports: 7 years or until resolved
• Legal Holds: Until legal matter concludes
• Compliance Records: As required by law
• Audit Logs: 3 years for security purposes

🗓️ Retention Schedule Summary
                                    
                                                Data Type
                                                Retention Period
                                                User Control
                                            
                                                Chat Messages
                                                30 days
                                                Delete anytime
                                            
                                                Profile Info
                                                While account active
                                                Edit/delete anytime
                                            
                                                Usage Analytics
                                                26 months (anonymized)
                                                Opt-out available
                                            
                                                Safety Reports
                                                7 years
                                                Contact support

Data Type	Retention Period	User Control
Chat Messages	30 days	Delete anytime
Profile Info	While account active	Edit/delete anytime
Usage Analytics	26 months (anonymized)	Opt-out available
Safety Reports	7 years	Contact support

Factors Affecting Retention

We may retain information longer than the standard periods in these circumstances:

Legal Requirements: Laws may require longer retention for certain data
Safety Investigations: Ongoing safety or abuse investigations
Legal Disputes: Litigation or regulatory proceedings
User Requests: You can request longer retention for your own records

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We are committed to keeping you informed about any changes.

How We Notify You of Changes

📧

Email Notification

For significant changes affecting your rights

🔔

In-App Notice

Prominent notification when you next use the service

🌐

Website Banner

Notice on our website and help pages

Types of Changes

✅ Minor Changes

Clarifications, formatting, or non-substantive updates

Notice: Updated policy posted with revision date

⚠️ Moderate Changes

New features, updated practices, or expanded explanations

Notice: In-app notification and email to registered users

🚨 Major Changes

Significant changes to data use, sharing, or your rights

Notice: 30-day advance notice via email, in-app, and website

📋 Your Options When We Update

When we make significant changes, you can:

• Continue Using: Acceptance of new terms by continued use
• Adjust Settings: Update your privacy preferences
• Contact Us: Ask questions about the changes
• Delete Account: If you don't agree with the changes

Version History

We maintain a history of significant policy changes:

December 15, 2024: Current version - Enhanced CCPA compliance, updated cookie policy
September 1, 2024: Added children's privacy protections, expanded user rights section
June 15, 2024: Initial privacy policy published

12. Contact Us

We're here to help with any questions about this Privacy Policy or how we handle your personal information. Our privacy team is dedicated to protecting your rights and ensuring transparency.

🔒 Privacy Team

📧 privacy@heyyo.in

📞 +1 (555) 123-PRIV

⏰ Response within 48 hours

⚖️ Data Protection Officer

📧 dpo@heyyo.in

📍 EU Representative Available

🛡️ GDPR & CCPA Specialist

Table of Contents

Quick Summary