Hey Susan← Back to home

Privacy Policy

Last updated: 22 March 2026

1. Who we are

Hey Susan ("we", "us", "our") is an AI-powered front-office platform operated by Hey Susan Ltd. Our registered address and contact details are available at heysusan.online. If you have any privacy questions, email us at support@heysusan.online.

2. What data we collect

We collect the following categories of data:

  • Account data: name, email address, password (hashed), and billing information when you create an account.
  • Business data: business name, industry, opening hours, FAQs, and knowledge base content you enter during onboarding.
  • Conversation data: messages exchanged between your customers and the Susan AI widget, including any contact details captured (name, email, phone).
  • Usage data: page views, feature usage, and error logs used to improve the platform.
  • Payment data: processed securely via Stripe, we do not store card numbers on our servers.
  • Social channel data: if you connect a Facebook, Instagram, or WhatsApp Business account via Meta, we receive and store messages from those channels to deliver our service.

3. How we use your data

  • To provide and operate the Hey Susan service.
  • To power the AI chat, email, and messaging features on your behalf.
  • To process payments and send billing communications.
  • To send product updates and transactional emails (you can opt out of marketing at any time).
  • To diagnose bugs, improve performance, and develop new features.
  • To comply with legal obligations.

4. Meta platform data

When you connect a Facebook Page, Instagram account, or WhatsApp Business number to Hey Susan, we access data via the Meta Platform APIs in accordance with Meta's Platform Terms. This includes incoming messages and basic page/account metadata. We use this data solely to provide you with the Hey Susan messaging service. We do not sell Meta platform data to third parties. You can disconnect your Meta accounts at any time from your Settings page, which will revoke our access.

5. Data sharing

We do not sell your data. We share data only with trusted sub-processors required to deliver our service:

  • Supabase, database and authentication (EU region)
  • Anthropic, AI language model processing (messages may be sent to Anthropic's API)
  • Stripe, payment processing
  • Vercel, application hosting
  • Resend, transactional email delivery

6. Data retention

We retain your account and business data for as long as your account is active. Conversation data is retained for 12 months by default. After account deletion, we remove your data within 30 days, except where required by law (e.g. financial records).

7. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability

To exercise any of these rights, email support@heysusan.online. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies to keep you logged in and maintain session state. We do not use advertising or third-party tracking cookies. Analytics, if used, are privacy-first (no cross-site tracking).

9. Security

We use industry-standard encryption (TLS in transit, AES-256 at rest), row-level security on our database, and regular security reviews. No system is perfectly secure; if you discover a vulnerability please contact us at support@heysusan.online.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notice. Continued use of Hey Susan after changes take effect constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests, contact us at support@heysusan.online.