Privacy Policy
This Privacy Policy explains how Entwicklerherz GmbH collects, uses, discloses, and protects your personal data when you use heystox services. We comply with the EU General Data Protection Regulation (GDPR) and applicable international data-protection laws.
Data Controller#
Entwicklerherz GmbH
Poststr. 2–4
60329 Frankfurt am Main, Germany
Email: inbox@heystox.com
Data We Collect#
We collect and process the following categories of personal data:
| Category | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, password | Account creation and authentication |
| Usage Data | Logins, session duration, clicks, alerts created, device type | Product analytics and service improvement |
| Billing Data | Payment ID, plan type, subscription details | Subscription management (via Lemon Squeezy) |
| Communication Data | Support messages, contact forms | Customer support and feedback |
| Technical Data | IP address, browser type, OS, time zone | Security, diagnostics, localization |
We do not collect or store full payment-card data.
All transactions are processed securely by Lemon Squeezy Inc., our authorized Merchant of Record, which handles payment collection, invoicing, and tax compliance on our behalf.
Purposes and Legal Bases#
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Contract performance (account, subscription) | Art. 6 (1)(b) |
| Service improvement and analytics | Art. 6 (1)(f) legitimate interest |
| Legal obligations (invoices, accounting) | Art. 6 (1)(c) |
| Consent-based cookies or marketing | Art. 6 (1)(a) |
| Security and fraud prevention | Art. 6 (1)(f) |
Processors and Data Recipients#
We work only with vetted sub-processors who comply with GDPR and, where necessary, Standard Contractual Clauses (SCCs):
| Processor | Purpose | Location / Safeguard |
|---|---|---|
| Lemon Squeezy Inc. | Billing, payments, invoicing | USA – SCCs |
| OpenAI LLC | AI text generation inside the app | USA – SCCs + minimal pseudonymized data |
| Vercel Inc. | Web hosting and CDN | EU region selected |
| Supabase Ltd. | Database and authentication | EU (Germany) |
| Email provider (Resend / Postmark) | Transactional emails | EU or SCCs |
A current list of sub-processors is available on request.
International Data Transfers#
Whenever personal data is transferred outside the EEA (e.g., to the United States), we rely on:
- Standard Contractual Clauses (Art. 46 GDPR), and
- Additional safeguards such as encryption and pseudonymization.
Data Retention#
We retain personal data only as long as necessary for the stated purposes or as required by law.
After that, data is deleted or anonymized.
Users can request deletion of their account at any time via in-app controls or by contacting inbox@heystox.com.
Cookies and Tracking#
We use essential cookies for login and session management.
Analytics and marketing cookies are used only with your explicit consent through our Cookie Consent Manager.
You can withdraw consent at any time.
See our Cookie Policy for details.
Your Rights (EU / EEA Users)#
You have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data ("Right to be Forgotten", Art. 17)
- Restrict or object to processing (Arts. 18–21)
- Data portability (Art. 20)
- Lodge a complaint with a supervisory authority (Art. 77)
To exercise these rights, contact inbox@heystox.com.
Children's Privacy#
heystox is not directed to children under 16 years of age (or the minimum age required by local law).
We do not knowingly collect data from minors.
Security Measures#
We implement technical and organizational safeguards:
- TLS encryption for all data transfers
- Access-control and audit logs
- Data-at-rest encryption in EU servers
- Regular security reviews and backups
No system is entirely risk-free, but we maintain industry-standard protection.
AI and OpenAI Processing#
Some heystox features use the OpenAI API for natural-language responses.
We send only the minimal text required to generate the requested output.
Outputs may be inaccurate or incomplete.
By using these features, you acknowledge that the results are AI-generated and not financial advice.
Updates to this Policy#
We may update this Privacy Policy periodically.
The latest version is always available at https://heystox.com/legal/privacy.
Significant changes will be announced via email or in-app notification.
Contact#
Data Controller:
Entwicklerherz GmbH
Poststr. 2–4, 60329 Frankfurt am Main, Germany
Email: inbox@heystox.com
Supervisory authority: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI), Wiesbaden, Germany.
Copyright#
© 2025 Entwicklerherz GmbH — All rights reserved.