REDESIGN MOCKUP · Privacy · all pages →

Legal

Privacy Policy

Effective June 10, 2026 · Last updated June 14, 2026. This policy applies to the HeyDividend website and our mobile apps for iPhone, iPad, and Android.

Data Retention & Automatic Deletion

We automatically delete personal data once it is no longer needed for the purpose it was collected for. A nightly retention job enforces these windows on Azure SQL and Azure Blob Storage and writes an audit row for every deletion run. You can verify your own upcoming deletion dates from Settings → Data Controls → Your data on file, and you can trigger a manual deletion of your chat history or uploaded files at any time without waiting for the schedule.

Data categoryRetention windowWhat happens at the end
Inactive accounts36 months without login or in-app activityAccount and all linked personal data are erased via our standard GDPR/CCPA erasure pipeline. We send you reminder emails 30 days and 7 days before deletion — a single click on either email keeps your account.
HeyDividend AI chat history24 monthsConversation messages and envelopes are permanently deleted.
Generated AI artifacts6 monthsCached charts, tables, and analysis artifacts are deleted.
Uploaded files & processed documents12 monthsFiles in user-uploads and chat-attachments and the extracted text rows in ProcessedDocuments are permanently deleted by the nightly job. You can also delete your indexed file metadata on demand from Settings → Data Controls; the underlying blob copies are removed on this 12-month schedule.
Password reset / OTP / auth-handoff tokens24 hoursSingle-use tokens are deleted whether they were used or not.
PII redaction audit rows12 monthsPer-category redaction counts (never the raw values) are deleted.

These windows are the maximum we retain data automatically — you can always request a faster erasure of your entire account via Settings → Data Controls, or by emailing privacy@heydividend.com.

AI & Third-Party Model Providers — Prompt Sanitization

Any free-text you send to the HeyDividend AI chat (including questions, pasted content, and file text) is automatically passed through a central PII scrubbing layer before being forwarded to our AI model provider (OpenAI). Names, email addresses, phone numbers, U.S. Social Security numbers, payment-card numbers, bank account / IBAN / SWIFT identifiers, street addresses, and IP addresses are replaced with stable placeholder tokens (for example [EMAIL_1]) so the model can still reason about "the same person" within a single response without ever receiving your raw values. Ticker symbols, dollar amounts, percentages, dates, and other product data are deliberately preserved so the assistant remains useful. For each AI request we record an audit row containing only the per-category redaction counts — never the raw redacted values — and you can request a copy of those counts for your account via the data-subject-rights process described below.

On-Device Research Agent — Personalization That Runs on Your Device

Our mobile apps include a built-in Research Agent that learns which kinds of dividend stocks and ETFs interest you and ranks new ideas accordingly. To keep this private, the personalization is computed on your own device. As you use the app, it records lightweight signals — which tickers you view, save, add to a watchlist or portfolio, take notes on, or dismiss — and stores them encrypted on your device using the operating system's secure storage (the iOS Keychain and Android Keystore; larger items are encrypted before they are written to disk). This detailed activity log is used only on your device to rank your picks, and it never leaves your device. We do not receive it, and we do not use it to train any AI model.

So your research can follow you to a new or additional device, the app can sync a copy of your saved screens, your notebook entries, and the agent's resulting preferences (the picks it has ranked, the weightings it has learned, and the lists of symbols you have recently viewed or dismissed) to your account on our servers. This sync travels over an encrypted connection (TLS) and is stored encrypted at rest on Microsoft Azure, linked to your account. The detailed on-device activity log described above is not included in this sync.

You stay in control from Settings → Research Agent (also reachable from the in-app Research hub). You can pause learning at any time, sync on demand, or erase the agent's memory — erasing clears the data stored on your device and requests deletion of the synced copy from our servers.

1. Introduction

HeyDividend, LLC, a California limited liability company ("HeyDividend," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website (heydividend.com), mobile applications (iOS and Android), and related services (collectively, the "Service"). By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Data We Collect (App Store & Google Play Disclosure)

The following categories match the disclosures we file with Apple App Privacy and Google Play Data safety. Each category is linked to your account, used only for the purposes listed, and not used for tracking across other companies' apps or websites. We do not sell your personal information and we do not share data with third-party data brokers.

Data typeWhy we collect itUsed for tracking?
Email addressAccount creation, sign-in, password reset, transactional notifications.No
User IDInternal numeric identifier so we can associate your portfolio, watchlist and AI history with your account. Also used for product analytics.No
Financial info (read-only via Plaid)Holdings, account balances, and dividend transaction history we retrieve from your linked brokerage account through Plaid. Used only to power the app's portfolio, income tracking and goal features. Plaid acts as our third-party data processor for this read-only brokerage data; HeyDividend never receives your brokerage username or password.No
App interactionsTap, screen-view and feature-usage events used for product analytics and personalization (e.g. ordering Today cards by what you actually use).No
Crash logsStack traces and device context when the app crashes, so we can diagnose and fix bugs.No
Performance / diagnosticsLatency, error rates, and slow-screen reports used to keep the app fast and reliable.No

We do not collect: precise or approximate location, contacts, photos, audio, files, calendar, health/fitness data, messages, web-browsing history, search history, advertising identifiers (IDFA), or payment-card data (Apple, Google Play and Stripe handle billing — we never see your card number).

3. How We Use Your Information

  • Provide the Service: Display portfolio analytics, dividend tracking, AI insights, and investment research tools.
  • AI Processing: Your HeyDividend AI conversations are sent to OpenAI's API to generate responses. OpenAI processes this data according to their API data-usage policy and does not use it to train their models.
  • Personalization: Customize your experience based on your preferences and portfolio data.
  • Payment Processing: Process subscription payments through Apple, Google Play, or Stripe.
  • Communication: Send transactional emails (welcome, alerts, daily digests, password resets).
  • Security: Detect and prevent fraud, abuse, and unauthorized access.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.
  • Improvement: Analyze usage patterns to improve and develop new features.

4. Third-Party Processors

We do not sell your personal information. We share your data only with the service providers we rely on to operate the Service:

ProviderPurposeData shared
PlaidThird-party processor for read-only brokerage data (holdings, balances, dividend transactions).Brokerage credentials are entered into Plaid Link directly and never reach HeyDividend; HeyDividend receives only the read-only financial data described above.
OpenAIAI-powered research assistant (HeyDividend AI).Chat messages and portfolio context for AI analysis.
Stripe / Apple / Google PlaySubscription payment processing.Email, plan and payment method (handled entirely by the processor).
Google Sign-In / Sign in with AppleAuthentication.OAuth profile data (name, email, profile picture).
ResendTransactional email delivery.Email address and email content.
Microsoft AzureDatabase hosting and cloud infrastructure.All stored data (encrypted at rest).

We may also disclose information when required by law, subpoena, court order, or governmental request; to protect the rights, property, or safety of HeyDividend, our users, or others; in connection with a merger, acquisition or sale of assets; or with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit (TLS) and at rest.
  • Secure password hashing using bcrypt.
  • JWT-based authentication with short-lived tokens.
  • Rate limiting and DDoS protection.
  • Regular security monitoring and incident-response procedures.
  • Content Security Policy (CSP) headers.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your data within 30 days, except where retention is required by law (e.g. billing records, which may be retained for up to 7 years for tax and legal purposes). AI conversation history is retained for up to 24 months — see the Data Retention & Automatic Deletion schedule at the top of this policy for the full breakdown of every data category.

7. Cookies and Tracking

When you first visit, we show a short cookie notice that lets you accept or reject optional analytics. We keep our use of cookies and similar technologies (including your browser's local and session storage) to a minimum, and we describe exactly what we use, and how to control it, below.

  • Essential cookies and storage (always on): Required to sign you in and keep you signed in (including an HTTP-only sign-in cookie), to protect against fraud and abuse, and to remember your preferences such as theme, language and region, and other settings. These cannot be disabled because the Service will not work without them.
  • Usage analytics (optional — you control it): We collect first-party analytics about how the app is used, stored on our own systems, to understand which features help and to improve the product. You can turn this off at any time in Settings → Privacy → Analytics, or set Cookie Preferences to "Essential only". We also honor your browser's Do Not Track / Global Privacy Control signal.
  • Payments: If you start a checkout, our payment processor (Stripe) may set its own cookies that it uses for fraud prevention and to complete your payment.

We do not use advertising cookies, we do not allow third-party ad networks to track you across other sites, and we do not sell your personal information.

On the mobile apps we do not use the IDFA advertising identifier and do not present an App Tracking Transparency prompt because we do not track you across other companies' apps or websites.

8. Your Rights

8.1 All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated data.
  • Data Export: Export your portfolio data and account information.
  • Opt-Out: Unsubscribe from marketing emails at any time, and turn off usage analytics in Settings → Privacy (or with your browser's Do Not Track / Global Privacy Control signal).

8.2 European Economic Area (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to restrict processing, the right to data portability, the right to object, the right to withdraw consent, and the right to lodge a complaint with your local data-protection authority.

International Data Transfers: Your data is stored and processed in the United States on Microsoft Azure infrastructure. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards for data transfers outside the EEA.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to know, to delete, to correct, to opt-out of sale (we do not sell your personal information), to non-discrimination, and to limit use of sensitive personal information. To exercise these rights, contact us at privacy@heydividend.com. We will verify your identity before processing your request.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a new "Last Updated" date, and where required by law, by email. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, contact us at:

HeyDividend, LLC
Privacy: privacy@heydividend.com
General Support: support@heydividend.com
Website: heydividend.com

Disclosures

Questions about how we handle your data?

Review our security controls or reach us directly — we answer every privacy request in good faith.

Security overview Contact us →