1. Introduction
HeyGuide ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Slack-based AI knowledge assistant service.
We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
HeyGuide is the data controller for the personal data processed through our service.
Contact: privacy@heyguide.co
Data Protection Inquiries: dpo@heyguide.co
3. Information We Collect
3.1 Information You Provide
- Workspace Information: Slack workspace ID, workspace name
- User Information: Slack user ID, display name (as provided by Slack)
- Documents: PDF files you upload to the knowledge base
- Queries: Questions you ask the AI assistant
3.2 Information Collected Automatically
- Usage Data: Commands used, query frequency, feature usage
- Technical Data: Error logs, performance metrics
3.3 Information We Do NOT Collect
- We do not access your Slack messages outside of direct interactions with HeyGuide
- We do not collect payment information directly (handled by payment processors)
- We do not use cookies or tracking technologies on Slack
4. How We Use Your Information
We process your data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the AI assistant service | Contract performance (Art. 6(1)(b)) |
| Processing and indexing documents | Contract performance (Art. 6(1)(b)) |
| Answering user queries | Contract performance (Art. 6(1)(b)) |
| Service improvement and debugging | Legitimate interest (Art. 6(1)(f)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
5. Data Storage and Security
5.1 Data Location
All data is stored in the European Union (EU) using Amazon Web Services (AWS) data centers located in the EU region. This ensures compliance with GDPR data residency requirements.
5.2 Security Measures
- Encryption at Rest: AES-256 encryption for all stored data
- Encryption in Transit: TLS 1.3 for all data transmission
- Access Control: Role-based access with multi-factor authentication
- Tenant Isolation: Complete separation between workspace data
- Regular Audits: Security assessments and penetration testing
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Documents | Until deleted by user or workspace deletion |
| Conversation History | Last 15 messages per user (rolling window) |
| User Records | Until workspace deletion |
| Audit Logs | 90 days |
| GDPR Request Records | 7 years (legal requirement) |
7. Your Rights (GDPR)
Under GDPR, you have the following rights:
Right of Access (Article 15)
Request a copy of your personal data
Use: /export-data in Slack
Right to Data Portability (Article 20)
Receive your data in a machine-readable format (JSON)
Use: /export-data in Slack
Right to Erasure (Article 17)
Request deletion of all your data
Use: /delete-workspace in Slack
Right to Rectification (Article 16)
Correct inaccurate personal data
Contact: privacy@heyguide.co
Right to Object (Article 21)
Object to processing based on legitimate interests
Contact: privacy@heyguide.co
8. AI and Automated Processing
HeyGuide uses artificial intelligence to process your documents and answer questions. Important information about our AI processing:
- No Training on Your Data: Your documents and queries are never used to train our AI models or any third-party models
- Isolated Processing: AI processing is workspace-specific; your data is never mixed with other workspaces
- Third-Party AI: We use OpenAI's API for AI processing. OpenAI does not train on API data per their data processing agreement
9. Data Sharing
We share data only with:
- AWS: Infrastructure provider (Data Processing Agreement in place)
- OpenAI: AI processing (Data Processing Agreement in place, no training on API data)
- Slack: Platform integration (as required for functionality)
We do not sell your data. We do not share data with advertisers.
10. International Transfers
Data is stored and processed within the EU. When data must be transferred outside the EU (e.g., for AI processing), we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements with all processors
- Assessment of third-country legal frameworks
11. Contact Us
General Privacy Inquiries: privacy@heyguide.co
Data Protection Officer: dpo@heyguide.co
GDPR Data Requests: Use Slack commands or email privacy@heyguide.co
You also have the right to lodge a complaint with your local data protection authority.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the HeyGuide admin channel and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.
© 2026 HeyGuide. All rights reserved.