Logo
|

Privacy Policy

Last updated: February 15, 2026

At HeyUp, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our AI voice receptionist services.

HeyUp is not responsible for client compliance with data laws. Clients must ensure all processing is lawful and indemnify HeyUp for any violations.

What We Do

HeyUp is an AI-powered voice receptionist service that answers phone calls, handles customer inquiries, books appointments, and manages communications for businesses. We process voice data, text messages, and customer information to provide automated customer service solutions.

Information We Collect

Customer Data

When customers call your business, we may collect and process:

  • Phone numbers and caller identification information
  • Voice recordings of conversations
  • Appointment booking details and scheduling information
  • Messages and inquiries from customers
  • Customer contact preferences and communication history

Business Information

To provide our services, we collect information about your business including:

  • Business contact information and operational details
  • Calendar and scheduling system integrations
  • CRM and customer management system data
  • Connector integrations including CalDAV/CardDAV, Google Calendar and Contacts, and Microsoft Calendar and Contacts for syncing calendar events and customer data
  • Business policies, FAQs, and response guidelines

Technical Data

We automatically collect technical information including:

  • Usage analytics and service performance metrics
  • System logs and error reports
  • API usage statistics and integration data

How We Use Your Information

We use collected information for the following purposes:

  • Provide Services: Process customer calls, manage appointments, synchronize calendars and contacts, and handle customer inquiries as requested by your business.
  • AI Model Improvement (Platform Data Only): We may use customer interaction data generated directly within the HeyUp platform (such as call transcripts and conversation flows) to improve and optimize our AI systems.
    Data obtained through third-party integrations, including Google Calendar and Google Contacts, is not used to train generalized AI or foundation models.
  • Ensure Security: Monitor for fraud, abuse, system misuse, and maintain service reliability and integrity.
  • Comply with Legal Obligations: Meet regulatory requirements and respond to lawful requests.
  • Customer Support: Diagnose service issues and provide technical assistance.

Data Security

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Voice recordings and sensitive customer data are protected with industry-standard encryption protocols.

Infrastructure

We host our services on Amazon Web Services (AWS) with multiple availability zones for redundancy. Our infrastructure meets ISO 27001 standards for information security management.

Access Controls

We implement strict access controls and recommend enabling two-factor authentication (2FA) for all user accounts. Access to customer data is limited to authorized personnel on a need-to-know basis.

Third-Party Services

To provide our services, we work with trusted third-party providers:

Telecommunications

Twilio: Used for phone number management and call handling when you choose to use our managed phone numbers. Twilio processes call data in accordance with their privacy policy.

AI Processing

Mistral AI, Anthropic, and OpenAI: Used for natural language processing and conversation understanding, depending on your selected configuration. Each provider processes data according to their respective privacy policies and our data processing agreements.

Voice Services

ElevenLabs: Used for text-to-speech and speech-to-text conversion to enable natural voice interactions. Voice data is processed securely and in compliance with privacy regulations.

Integrations

Third-Party Service Integrations: When you connect third-party services such as Google Calendar/Contacts, Microsoft Calendar/Contacts, or Twilio for phone services, we may access and process data from those services to provide our functionality. We only access data necessary for the integration and do so with your explicit permission.

Data Collection from Integrations

We collect data from third-party integrations only when you explicitly grant permission and connect your accounts:

  • Calendar events and scheduling data (for appointment management)
  • Contact and customer information (for data synchronization)
  • Communication logs and call data (for service delivery)
  • Basic account information (for service authentication)
How Integration Data is Used

Integration data is used exclusively to provide and improve our application core functionality:

  • Automating appointment booking and calendar management
  • Synchronizing customer and contact information
  • Handling phone communications and call routing
  • Providing personalized customer service responses
Data Sharing and Disclosure

We do not sell, transfer, or disclose integration data to third parties, except as required for providing our services or as mandated by law. Integration data is processed only by our authorized service providers under strict confidentiality agreements and is never used for advertising, marketing, or any purpose other than delivering our AI receptionist functionality.

Data Protection and Security

All integration data is protected using industry-standard security measures including encryption at rest and in transit, access controls, and regular security audits. Sensitive data is stored in secure, access-controlled environments with multi-factor authentication required for all personnel access.

Data Retention and Deletion

Integration data is retained only as long as necessary to provide our services and in accordance with your account settings. You can revoke access and request deletion of your integration data at any time through your account settings or the respective third-party service. Upon revocation or account deletion, we permanently delete all associated integration data within 30 days.

GDPR Compliance

HeyUp is fully GDPR compliant. We act as a data processor for customer data stored on behalf of our business clients. Our clients (businesses) are the data controllers responsible for obtaining proper consent and managing data subject rights.

We provide our clients with tools and documentation to help them comply with GDPR requirements, including data processing agreements, data retention policies, and data subject access request procedures.

If you are a customer of one of our business clients and have questions about your data rights, please contact the business directly.

Data Retention

We retain customer data according to our client retention policies and legal requirements:

  • Voice Recordings: Retained for 30 days by default, configurable by clients
  • Call Logs: Retained for 2 years for billing and quality assurance
  • Customer Data: Retained according to client-specified retention periods
  • Analytics Data: Anonymized and retained for 12 months for service improvement

International Data Transfers

Our services may involve data transfers to countries outside the European Economic Area. When this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, and we only work with providers that meet our privacy and security standards.

Your Rights

As a business client, you have the right to:

  • Access the personal data we hold about your business and customers
  • Request correction of inaccurate data
  • Request deletion of data (subject to legal requirements)
  • Object to processing or request data portability
  • Lodge a complaint with supervisory authorities

For customer data rights, please contact your HeyUp business account holder directly.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@heyup.ai

Address: HeyUp, Data Protection Officer

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our service dashboard. Your continued use of our services after such changes constitutes acceptance of the updated policy.

HeyUp Logo

Never miss a call again. HeyUp answers 100% of your calls, 24/7. AI-powered phone answering that converts calls into customers.

Ready to get started?

© 2026 HeyUp. All rights reserved.

LinkedInGitHub