HeyCompetitorHeyCompetitor

Privacy Policy

This policy explains how we handle personal data when you use HeyCompetitor. It forms part of our Terms and Conditions.

1.1 Who is responsible for your data

The operator of HeyCompetitor (https://heycompetitor.com) is the data controller for personal data processed through the Product.

1.2 Information we collect

We may collect:

  1. Account information.

    Name, email address, and profile picture, provided by your authentication provider (e.g. Google) when you sign in.

  2. Payment and billing information.

    We do not store full card details. Payments are processed by Stripe. We may receive billing status, payment confirmation, last four digits, and transaction identifiers.

  3. Usage and device information.

    Log data such as timestamps, pages or features used, IP address, device and browser details, and approximate location inferred from IP. We also record session replays (mouse movements, clicks, scrolls, and page interactions) to improve the Product and debug issues.

  4. Content you submit.

    URLs, domain names, and any other Content you submit to the Product. We process these inputs to generate Output. We do not intentionally collect personal data via these inputs, and you are strictly prohibited from submitting URLs or Content that contain personally identifiable information, sensitive data, or confidential credentials (e.g., internal staging environments or authenticated sessions). You acknowledge that any data submitted is treated as non-confidential for the purposes of generating your Output.

  5. Output.

    Results generated by the Product based on your Content.

  6. Live chat communications.

    If you use the live chat widget, we collect your email, chat messages, and any media or files you share in the conversation.

  7. Support communications.

    If you contact support via email, we collect the information you provide in those messages.

1.3 How we use information

We use information to:

  1. Provide, operate, and maintain the Product.

  2. Authenticate users and secure accounts.

  3. Process payments and manage billing.

  4. Generate Output and deliver functionality.

  5. Provide customer support and communicate with you about issues.

  6. Monitor performance, prevent abuse, and ensure security.

  7. Analyze usage patterns and session replays to improve the Product.

  8. Comply with legal obligations and enforce this document.

Depending on the situation, we process personal data based on:

  1. Contractual necessity, to provide the Product you purchased.

  2. Legitimate interests, such as preventing fraud, securing systems, analyzing usage, and improving the Product.

  3. Consent, where required for certain cookies or marketing communications.

  4. Legal obligations, where we must comply with the law.

1.5 Service providers

We share information with the following categories of service providers:

  1. Authentication — we use Google OAuth (via Supabase) for sign-in. Google receives information necessary to authenticate you.

  2. Payment processing — Stripe processes payments. Stripe receives your payment details, email, and transaction data. See our Refund Policy for refund and billing dispute procedures.

  3. Analytics and session replay — PostHog collects usage data, event tracking, and session recordings (mouse movements, clicks, page interactions) to help us understand how the Product is used and debug issues. Text inputs and sensitive fields are masked in recordings to prevent capture of personal or confidential information.

  4. Live chat — Crisp provides the chat widget. Crisp receives your email, chat messages, and any shared media.

  5. AI and infrastructure providers — third-party AI services are used to generate Output.

  6. Hosting and infrastructure — cloud hosting providers store and serve the Product.

We may also share information with:

  • Legal and compliance recipients when required by law or to protect rights and safety.

  • A buyer or successor if we are involved in a merger, acquisition, or sale of assets.

We do not sell your personal data.

1.6 AI training and improvement

We do not use your Content or Output to train or fine-tune general-purpose AI models.

We may use limited data to improve reliability, security, and quality, for example, to detect abuse, debug errors, and improve performance. This may include manual review of small samples for support and quality assurance, with access limited to authorized personnel under confidentiality obligations.

1.7 Data retention

We keep personal data only as long as necessary for the purposes in this document, including to provide the Product, comply with legal obligations, resolve disputes, enforce agreements, and prevent abuse.

  1. Account data: retained while your account is active, then up to 24 months for compliance and dispute handling unless you request deletion and we are not legally required to keep it.

  2. Content and Output: retained for 90 days for support and product improvement unless you delete them earlier, if deletion is available.

  3. Session recordings: retained up to 90 days.

  4. Security logs: retained up to 12 months.

1.8 Data deletion

If you wish to delete your account and all associated data, contact support​@heycompetitor.com. We will process deletion requests within 30 days.

1.9 Security

We use reasonable administrative, technical, and organizational measures to protect personal data. No system is completely secure, so we cannot guarantee absolute security.

1.10 Cookies and similar technologies

We use cookies and similar technologies for:

  1. Authentication — session cookies managed by Supabase to keep you signed in.

  2. Preferences — theme selection and UI settings.

  3. Analytics and session replay — PostHog uses cookies to track usage across sessions and record session replays. Text inputs and sensitive fields are masked in recordings.

  4. Live chat — Crisp uses cookies to maintain chat sessions.

  5. Security — anti-abuse and rate-limiting cookies.

Where required by law, we request consent for non-essential cookies.

1.11 Your rights

Depending on applicable law, you may have rights to:

  1. Access your personal data.

  2. Correct inaccurate data.

  3. Delete data.

  4. Object to or restrict processing.

  5. Receive a copy of your data in a portable format.

  6. Withdraw consent where processing is based on consent.

To request any of these, email: support​@heycompetitor.com

1.12 International transfers

Some of our service providers may process data outside Wyoming, United States. When this happens, we take steps to protect data using appropriate safeguards such as contractual protections.

Last Updated: March 31, 2026