Trust Center

Data Processing Addendum

A plain-language summary of how we process personal data on your behalf. It's meant to be readable, not to replace a signed agreement — request one at the bottom of the page.

1. Who is who

When you use HeyDividend for your own account, you decide what personal data goes in — you are the data controller. We process that data on your behalf to run the product, which makes us the data processor. This addendum describes how we act as your processor.

2. What we process, and why

We only process personal data to provide and support HeyDividend — your account details, portfolios, watchlists, and the messages you send our AI. We process it for as long as your account is active and as needed to deliver the features you turn on. We do not sell your personal data, and we do not use your private portfolio to train shared AI models.

3. Service providers

We use a small set of trusted service providers to run the product — for cloud hosting, AI, billing, email, and read-only brokerage connections. Each one handles a specific job, sees only the data it needs, and is bound by its own data-protection commitments.

4. Security measures

We encrypt data in transit (HTTPS/TLS 1.2 or higher) and at rest (AES-256). Access is role-based and monitored, sign-in is protected by hashed passwords with optional two-factor and passkeys, and our servers, database, and storage are watched continuously by Microsoft Defender for Cloud. The full picture is on our security page.

5. Your rights and requests

From Settings → Data Controls you can request a JSON archive of your data — portfolios, watchlists, holdings, and chat history — and you can delete your account and personal data at any time. If one of your users or customers exercises a data-protection right, we will help you respond as required by law.

6. Data location and transfers

Your portfolio data is stored and processed in the United States on Microsoft Azure. Where data moves between regions or providers, we rely on the safeguards each provider offers for any applicable cross-border transfers.

7. Breach notification

If we become aware of a security incident that affects your personal data, we will notify you without undue delay and share what we know so you can meet your own reporting obligations.

8. Return and deletion of data

When you close your account, we delete or return your personal data within a reasonable period, except where we are required to keep certain records by law.

Disclosures

Need a signed DPA?

Email support@heydividend.com with your company name and we'll send over a copy to sign.

Security overview Back to Trust Center →