HeartbeatBack to Home

Privacy Policy

Last updated: February 16, 2026

1. Introduction

Welcome to Heartbeat ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at https://heartbeat.wedohype.com (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

When you register for an account or use our Service, we may collect:

  • Name and email address (for account registration and authentication)
  • Password (stored in hashed/encrypted form)
  • Company/organization name

2.2 Form Submission Data

Our Service receives data submitted through Elementor forms on your WordPress website via webhook integrations. This data may include:

  • Names, email addresses, and phone numbers of form respondents
  • Messages and any other fields included in the form submission
  • Metadata such as submission timestamps and source URLs

2.3 Email Data

When you connect your email account (Gmail or SMTP), we may access:

  • OAuth tokens (for Gmail integration, stored encrypted)
  • SMTP credentials (stored encrypted)
  • Email content generated by the AI and sent on your behalf

2.4 Usage Data

We automatically collect certain information when you access the Service, including:

  • Browser type and version
  • Pages visited and time spent
  • IP address and general location
  • Device information

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Create and manage your user account
  • Receive and process form submissions via webhooks
  • Generate AI-powered email responses based on your configuration and form data
  • Send emails on your behalf through your connected email provider
  • Improve and personalize the Service
  • Communicate with you about your account or the Service
  • Detect, prevent, and address technical issues or security threats

4. AI Processing

Our Service uses third-party AI providers (Anthropic and OpenAI) to generate email content. When processing form submissions:

  • Form submission data is sent to the selected AI provider to generate email responses
  • AI-generated content is stored in our database and associated with your account
  • We do not use your data to train AI models
  • AI providers process data according to their own privacy policies (Anthropic: anthropic.com/privacy, OpenAI: openai.com/privacy)

5. Data Storage and Security

We take the security of your data seriously:

  • All data is stored in a secure PostgreSQL database hosted on trusted cloud infrastructure
  • Sensitive credentials (SMTP passwords, OAuth tokens, API keys) are encrypted using AES-256-GCM encryption
  • Passwords are hashed using bcrypt with a cost factor of 12
  • All data transmission is encrypted via HTTPS/TLS
  • We implement access controls to restrict unauthorized access to data

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • AI Service Providers: Form submission data is shared with AI providers (Anthropic/OpenAI) solely for the purpose of generating email responses
  • Email Service Providers: Email content is transmitted through your chosen email provider (Gmail/SMTP) to deliver messages
  • Hosting Providers: Our application and database are hosted on third-party cloud platforms (Vercel, Neon) that may process data as part of their service
  • Legal Requirements: We may disclose information if required by law, regulation, or legal process

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time by contacting us. Form submissions and email records are retained until you delete them through the dashboard or request account deletion.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Restriction: Request restriction of processing of your data
  • Portability: Request transfer of your data in a machine-readable format
  • Objection: Object to the processing of your personal data

To exercise any of these rights, please contact us at admin@heartbeat.wedohype.com.

9. Cookies

We use essential cookies that are strictly necessary for the operation of our Service. These include session cookies for authentication purposes. We do not use advertising or tracking cookies.

10. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party websites you visit.

11. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page. You are advised to review this Privacy Policy periodically for any changes. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: