Hedy AI

Hedy AI Trust Center

Privacy, security, and compliance at Hedy

Hedy provides privacy-first conversation intelligence for professionals. Speech recognition runs locally on your device, and with Local AI Processing, AI analysis can stay on-device too — keeping your transcripts and AI-generated content entirely on your machine.

Built on a zero-knowledge architecture: audio never leaves your device, and any cloud-based AI analysis processes only encrypted, anonymized transcripts. You decide whether anything leaves your machine.

Compliance & Certifications

Industry-standard certifications and compliance frameworks.

GDPR Compliant

GDPR Compliant

Valid

European data protection and privacy compliance

SOC 2 Type I

SOC 2 Type I

In Progress

Audit of security, confidentiality, and integrity controls at a point in time

HIPAA

HIPAA

In Progress

Healthcare data protection and privacy standards

Resources & Documentation

Documentation on GDPR, DPA, compliance, and more.

Public

Guidance on Fulfilling Your GDPR Accountability When Using Hedy AI

English – Public guidance for GDPR compliance

Public

Anleitung zur Umsetzung Ihrer DSGVO-Compliance bei Nutzung von Hedy AI

Deutsch – Öffentliche DSGVO-Anleitung

Public

Expert's Confirmation on the Contractual Framework for GDPR Data Processing

English – Public expert confirmation

Public

Data Processing Addendum

Public data processing addendum

Restricted

Transfer Impact Assessment

Restricted

Together.AI DPA

Public

Privacy Policy

Hedy AI Privacy Policy

Restricted

DPA Annex I

Restricted

DPA Annex II

Restricted

DPA Annex III

Subprocessors

The following organizations are used as subprocessors to help us deliver services and features.

Google Cloud Platform
Google Cloud Platform
Visit trust page
Together.AI
Together.AI
Visit trust page
Google Vertex AI
Google Vertex AI
Visit trust page
Portkey
Portkey
Visit trust page
RevenueCat
RevenueCat
Visit trust page
Stripe
Stripe
Visit trust page
Intercom
Intercom
Visit trust page
Sentry
Sentry
Visit trust page
MailerSend
MailerSend
Visit trust page
MailerLite
MailerLite
Visit trust page
Google Analytics
Google Analytics
Visit trust page
Google Workspace
Google Workspace
Visit trust page
Meta
Meta
Visit trust page

Security Measures

Comprehensive security controls protecting your data and infrastructure (162 measures).

Privacy & Data Protection

How we protect and handle your data.

On-Device by Default

Speech recognition runs locally on your device. Audio is never uploaded — only anonymized transcripts are ever sent for cloud-based AI analysis, and only when you choose to.

Local AI Processing (Optional)

For the strictest setup, run AI analysis fully on your device. Transcripts, summaries, notes, and AI-generated content stay on your machine — nothing is sent to the cloud.

No Training on Your Data

We never sell your data, and our AI providers are contractually prohibited from training on your conversations. Your insights stay yours.

End-to-End Security & Control

Data is encrypted in transit and at rest, with EU or US data residency you choose at signup. You can delete your data at any time.

Security Contact

Have questions about our security practices? Email us at security@hedy.bot.

Contact Security Team