Effective Date: January 16, 2026
This Privacy Policy describes how HeyJoy ("we," "us," or "our") collects, uses, and discloses information. This policy applies to all users of our web applications, mobile applications, and related services. By accessing our services, you acknowledge the terms outlined in this document.
We collect specific data points required to operate our service efficiently.
We maintain a strict zero-access policy regarding internal viewing of user data.
HeyJoy employees, contractors, and administrators are technically prohibited from viewing, sharing, or accessing user Personal Identifiable Information (PII). Internal access logs are audited to ensure compliance.
The strict privacy protocols listed above are overridden only in the event of a valid, court-ordered legal subpoena. In such cases, we are legally compelled to view and provide the specific data requested by the court. We disclose only the minimum data required by the order and will notify the user prior to disclosure unless prohibited by law.
HeyJoy operates a Doing Business As (DBA) entity named Hey Data. Through the Hey Data "Pulse Dashboard," we monetize aggregated analytics sold to third parties, including businesses, municipalities, and non-profit organizations.
All data processed via Hey Data is strictly HIPAA compliant. We adhere to the Safe Harbor Method of de-identification, ensuring 18 specific identifiers are removed from datasets.
Data is aggregated and anonymized. It is mathematically impossible for third parties accessing the Pulse Dashboard to re-identify specific users from the provided analytics.
We do not retain user data indefinitely. Our systems run automated maintenance scripts to purge inactive data.
If an account does not register a successful login event for a period of one (1) year, the account is flagged as abandoned. All data associated with the account is permanently purged from our primary databases and backup servers. This action is irreversible.
Accounts and data may be purged in less than one year upon receipt of a verified request from:
We use cookies and Local Storage to maintain user session states and preferences (e.g., dismissing interface modals). These technologies are essential for the functionality of the application. We do not use third-party advertising cookies or trackers that follow your activity across different websites.
We implement industry-standard encryption protocols (TLS/SSL) for data in transit and at rest. Access to our infrastructure is secured via multi-factor authentication (MFA) and restricted to essential engineering personnel for maintenance purposes only. While we strive to protect your data, no method of transmission over the Internet is 100% secure.
HeyJoy does not knowingly collect personal data from children under the age of 13. If we become aware that we have collected personal data from a child under age 13 without verification of parental consent, we take steps to remove that information from our servers immediately.
We may update this Privacy Policy from time to time. The "Effective Date" at the top of this page indicates when the latest revisions were made. Continued use of the service after a change constitutes acceptance of the new terms.
For legal inquiries, subpoena service, or data deletion requests, contact our Data Compliance Officer.
legal@heyjoy.io© 2026 HeyJoy Inc. All Rights Reserved.