PRIVACY · BY ARCHITECTURE

Your conversations
are yours.

Last updated · 21 May 2026 · v1.0

Privacy isn’t a policy at Hearby. It’s the architecture. The other person’s voice never leaves your phone — and we wrote the code that way before we wrote this page.

The boundary, in one table

Every byte plotted against where it lives. The privacy claim isn’t marketing; it’s a table that maps to the codebase.

On-device Backend At rest

Other-party audio ✓ — —

Other-party transcript ✓ — —

Extracted facts ✓ ✓ —

Your calendar event title ✓ title —

Whisper text returned — stream —

Audit metadata — ✓ 90 days

What stays on your device

The microphone stream runs through an on-device speech-to-text model (Whisper-base, CoreML). Every transcript chunk lives in RAM and is dropped the moment it stops being useful. None of it touches a network. None of it is written to disk.

Other-party audio · never leaves the device
Other-party verbatim transcripts · never leave the device
The 24-hour conversation memory · indexed locally with SwiftData
Your contacts and calendar reads · processed on-device, only event titles you mark relevant get sent

What we receive

To return a cue, we need just enough context. Outbound requests contain extracted facts (a role, an employer, a city), the calendar event title for the current session, and a trigger type. They never contain quoted speech from the other person.

Extracted facts about the conversation context
The calendar event title you’re in (if you opted in)
The whisper text we return — used to bill, not to train
Audit metadata · request ID, timestamp, latency · retained 90 days

What we never do

Train models on your conversations
Share your data with advertisers
Sell aggregated voice or transcript data
Listen when the app isn’t actively in a Listen session

Your rights

Under GDPR (EU/UK), CCPA/CPRA (California), and equivalent state laws, you can request access, deletion, correction, and portability of any data we hold about you. Email privacy@hearby.co and you’ll hear back within 7 days.

Two-party consent

In the ten two-party-consent states — CA, FL, IL, MD, MA, MT, NV, NH, PA, WA — Hearby auto-detects your location and switches behaviour. Disclosure Mode announces processing audibly before the first word. Solo Mode discards the other voice before any STT runs. You don’t pick; the geofence does.

Children

Hearby isn’t built for anyone under 17. We don’t knowingly collect data from minors. If you believe a minor has used the service, email us and we’ll delete.

Changes

If we materially change what we collect or how we use it, we’ll tell active subscribers by email at least 30 days before the change takes effect.

THE FULL PRIVACY VERSION

Every provider, every retention window, every right.

The summary above is the architecture. Below is the audit trail — the list of who touches what, how long we keep it, and exactly what you can ask us to do about it.

§5 · Third-Party Service Providers

We share information with the following providers only as necessary to run the Service. We do not sell personal information to any of them. We have data-processing addenda or equivalent contractual safeguards in place.

Provider Role Data shared Policy

Clerk Inc. Identity / auth Email, user ID link

Stripe Inc. Web billing Email, payment method link

Apple Inc. iOS distribution + IAP Receipt identifiers link

Anthropic PBC Primary LLM Extracted facts, search snippets link

OpenAI OpCo, LLC Failover LLM Extracted facts, search snippets link

Brave Search Web search snippets Search query (no user ID) link

Apollo.io Person enrichment (v1.5+) Email address you provide link

Cloudflare Inc. Hosting + edge compute All backend traffic link

Neon Inc. Database hosting Account + billing data link

PostHog Inc. Product analytics Anonymized event metadata link

Better Stack Alerting + log drain Server logs, no user content link

§6 · Data Residency & International Transfers

Cloudflare Workers run at the edge globally; your requests are processed at the nearest data center.
Neon Postgres is hosted in ap-southeast-2 (Sydney) for staging; the production region is chosen for compliance and latency.
PostHog is hosted in the US for current dev/staging and will move to PostHog’s EU instance for EU launch.
For data transfers from the EU, UK, or Switzerland to the US, we rely on the European Commission’s Standard Contractual Clauses (SCCs), the UK Addendum, and the Swiss FDPIC-recognised equivalents where applicable.
An EU representative under Article 27 GDPR will be appointed before EU launch.

§7 · Data Retention

The shortest workable window. Defaults to zero where the architecture allows.

Data Retention

Account data (email, user ID) Lifetime of account + 30 days post-delete

Subscription data Lifetime of account + 30 days post-delete

Audit logs (content-free metadata) 90 days

Session metadata 24 hours

Verbatim transcripts NEVER stored · RAM-only on device

Other-party audio NEVER stored · RAM-only on device

Anonymized analytics events 12 months in PostHog

When you delete your account, we hard-purge associated rows from PostgreSQL within 30 days and revoke Clerk and Stripe customer relationships.

§8 · Your Rights, Mapped to Jurisdiction

Depending on where you live, you have the rights below. To exercise any of them, email privacy@hearby.co or use the controls in your account settings. We’ll respond within the window required by your jurisdiction (usually 30 days, sometimes 45).

8.1 · California (CCPA / CPRA)

Request access to the personal information we hold about you
Request deletion of your personal information
Correct inaccurate personal information
Opt out of “selling” or “sharing” personal information (we do not sell or share for cross-context advertising)
Limit use of sensitive personal information
Be free from retaliation for exercising your rights
We respect Global Privacy Control (GPC) signals automatically

8.2 · European Economic Area, United Kingdom, Switzerland (GDPR / UK GDPR / FADP)

Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restrict processing (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21)
Right to lodge a complaint with your supervisory authority

The lawful bases on which we process your data are contract (Art. 6(1)(b)) and your consent (Art. 6(1)(a)) where applicable.

8.3 · Illinois, Texas, Washington (Biometric / Health Data Laws)

We do not collect biometric identifiers or biometric information for purposes covered by BIPA (Illinois), CUBI (Texas), or MHMDA (Washington). If we later add voice-identity features, we will obtain separate written consent before doing so.

8.4 · All Users

Disable telemetry in account settings
Opt out of marketing emails
Delete your account at any time

Our Data Protection Officer is reachable at dpo@hearby.co for any data-rights matter that needs a human.

Entity · Hudhild Pty Ltd (ABN [TBD]) · Privacy · privacy@hearby.co · DPO · dpo@hearby.co

Questions? privacy@hearby.co

Start 14-day free trial