Legal

Privacy Policy

Last updated: April 9, 2026

This Privacy Policy explains how Heyrmes (operated by Arslan Ahmad) ("Heyrmes," "we," "us," or "our") collects, uses, shares, and protects your information when you use our website, platform, and related services (collectively, the "Service"). Heyrmes provides AI-powered conversational sales agents that communicate with your end users across SMS, email, voice, and web chat.

By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

1. Who We Are (Data Controller)

For the purposes of the EU/UK General Data Protection Regulation ("GDPR") and similar laws, the Data Controller responsible for your personal data is:

Heyrmes (operated by Arslan Ahmad)

Legal name: Arslan Ahmad

Country: Portugal

Address: Lisbon, Portugal

Contact: privacy@heyrmes.com

Heyrmes is operated by an individual sole proprietor and is not currently incorporated as a registered company.

2. Information We Collect

Information you provide

  • Account data: name, email, password, company name, and role.
  • Billing data: billing name, address, and payment method details. Payments are processed by Stripe — we do not store your full card number on our servers.
  • Workflow content: prompts, knowledge base documents, agent configurations, and other content you upload or create.
  • Communications content: messages, call transcripts, and recordings exchanged between your AI agents and your end users through connected channels.
  • Support data: information you share when you contact us for help or feedback.

Information collected automatically

  • Usage data: pages visited, features used, clicks, and timestamps.
  • Device data: IP address, browser type, operating system, and device identifiers.
  • Cookies: see Section 10 for details.

Information from third parties

When you connect integrations such as OpenAI, Twilio, GoHighLevel, Pinecone, Mem0, or Hume AI, we receive data from those providers based on the permissions you grant.

3. How We Use Your Information

We use personal data to:

  • Provide, operate, and maintain the Service.
  • Authenticate accounts and process payments through Stripe.
  • Run the AI workflows you configure, including sending and receiving messages through connected channels.
  • Improve the Service, debug issues, and develop new features.
  • Prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.
  • Send transactional emails and — only with your consent — marketing communications, which you can opt out of at any time.

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases:

  • Performance of a contract — to deliver the Service to you.
  • Legitimate interests — to secure, improve, and protect the Service.
  • Consent — where required, such as for marketing emails or non-essential cookies. You can withdraw consent at any time.
  • Legal obligation — to comply with applicable laws.

5. How We Share Information

We do not sell your personal data. We share information only with:

  • Stripe — our payment processor, which handles all billing and card data under its own privacy policy.
  • AI and channel providers — such as OpenAI, Twilio, GoHighLevel, Pinecone, Mem0, and Hume AI, strictly to perform the operations you request.
  • Infrastructure vendors — hosting, database, email, analytics, and error monitoring providers who help us run the Service.
  • Legal authorities — when required by law, court order, or to protect rights and safety.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to confidentiality.

6. International Data Transfers

Heyrmes operates globally and uses service providers located in multiple countries, including the United States. If you access the Service from outside Portugal, your data may be transferred to, stored, and processed in jurisdictions with data protection laws that differ from your own. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses to protect your data.

7. Data Retention

We retain personal data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You can request deletion of your account and data at any time by emailing privacy@heyrmes.com.

8. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect your information, including encryption in transit, access controls, and regular reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Your Rights

Depending on where you live, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data ("right to be forgotten").
  • Restriction — ask us to limit how we process your data.
  • Objection — object to processing based on legitimate interests or direct marketing.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdraw consent — where processing is based on consent.
  • Complain — lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@heyrmes.com. We will respond within the timeframe required by applicable law.

10. Cookies and Tracking

We use cookies and similar technologies to keep you signed in, remember your preferences, secure the Service, and understand how it is used. We use:

  • Essential cookies — required for authentication and security. The Service will not work without these.
  • Preference cookies — remember your settings, such as theme and language.
  • Analytics cookies — help us understand usage and improve the Service.

You can control or disable cookies through your browser settings. Blocking essential cookies may prevent parts of the Service from working properly.

11. Third-Party Services

The Service integrates with third-party products (including Stripe, OpenAI, Twilio, GoHighLevel, Pinecone, Mem0, and Hume AI). Those providers operate under their own terms and privacy policies, which we do not control. We encourage you to review them.

12. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, if the changes are material, notify you through the Service or by email. Continued use of the Service after the changes take effect means you accept the updated Policy.

14. Contact Us

For any questions about this Privacy Policy or your personal data, contact us at privacy@heyrmes.com.