Legal

Privacy Policy

Last updated: May 31, 2026 · Effective: May 31, 2026

Privacy by design. HeyScreen is a personal, private AI. Your conversation history is stored only on your own device (in your browser), never on our servers. Screen captures you share are sent securely for real-time AI analysis and then discarded — they are never written to our databases.

Contents

Who we are
Information we collect
How AI processing works
How we use information
Legal bases (Canada/EU)
Sharing & subprocessors
Data retention
Security
US privacy rights (CCPA/CPRA)
Canadian rights (PIPEDA)
Children's privacy
International transfers
Changes & contact

1. Who we are

HeyScreen ("HeyScreen", "heyscreen.ai", "we", "us", or "our") provides an AI assistant that analyzes screen content you choose to share and helps you act on it. This Privacy Policy explains what personal information we collect, how we use and protect it, and the rights you have under United States and Canadian privacy laws.

The data controller / business responsible for your information is [Your Legal Entity Name], located at [Mailing Address]. For privacy questions, contact our privacy officer at privacy@heyscreenai.com.

2. Information we collect

Account information

You sign in through Log in with Replit (which supports Google, Apple, GitHub, X, and email). We receive a stable user identifier and basic profile details (name, email address, and profile image, where available). We do not see or store your passwords — authentication is handled by Replit and the chosen identity provider.

Content you share with the AI

When you use the assistant, you may submit text messages and screen captures. This content is transmitted to our AI provider for real-time analysis (see §3). We do not store your chat history or screenshots on our servers. Your conversation history is saved locally in your browser's storage on your own device; screenshots are not saved even locally — only the message text and a flag indicating an image was shared.

Usage & billing data

We keep a monthly counter of how many requests you make (to enforce plan limits). If you subscribe to a paid plan, payments are processed by Stripe; we store a Stripe customer/subscription identifier and your current plan, but we never receive or store your full card number.

Technical & session data

We use a single secure, httpOnly session cookie to keep you signed in. We may process limited technical information (such as IP address and request metadata) for security, rate-limiting, and abuse prevention. See our Cookie Policy.

3. How AI processing works

The messages and screen captures you submit are sent to our AI subprocessor, Anthropic (Claude), to generate a response in real time.
This content is processed to produce your answer and is not used by us to train AI models, and we rely on Anthropic's commercial terms, under which API inputs/outputs are not used to train their models.
We do not engage in automated decision-making that produces legal or similarly significant effects about you. AI outputs are assistive suggestions only.
AI output can be inaccurate or incomplete. Do not rely on it as professional (legal, medical, financial, or other) advice — see our Terms.

4. How we use information

To provide, maintain, and secure the service and your account;
To process your requests and return AI analysis;
To enforce usage limits and process subscriptions and billing;
To detect, prevent, and respond to fraud, abuse, and security incidents;
To comply with legal obligations and enforce our agreements.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

5. Legal bases (for users in Canada and other applicable regions)

We process personal information on the basis of your consent (which you may withdraw), the performance of our contract with you, our legitimate interests in operating and securing the service, and compliance with legal obligations.

We share personal information only with service providers ("subprocessors") that help us operate, and only as needed. We do not sell personal information.

Subprocessor	Purpose	Data involved
Anthropic (Claude)	AI analysis of submitted messages/screens	Message text, screen captures (processed in real time, not stored by us)
Replit	Authentication (OIDC) and hosting	Account identifier, profile basics, session
Stripe	Subscription payments	Billing details, payment method (held by Stripe)

We may also disclose information if required by law, to protect our rights and users' safety, or in connection with a corporate transaction (e.g., merger or acquisition), subject to this Policy.

7. Data retention

Chat history & screenshots: not retained on our servers. Chat history persists only in your browser until you clear it.
Account & billing records: retained while your account is active and as needed to meet legal, tax, and accounting obligations.
Usage counters & security logs: retained for a limited period for abuse prevention and service integrity.

8. Security

We use industry-standard safeguards including encryption in transit (TLS), secure authentication, least-privilege access, and data minimization (chat content stays on your device). For details of our controls and compliance program, see our Security & Compliance page. No method of transmission or storage is 100% secure, but we work continually to protect your information.

9. United States privacy rights

Depending on your state of residence (including under the California Consumer Privacy Act as amended by the CPRA, and similar laws in Virginia, Colorado, Connecticut, Utah, Texas, and other states), you may have the right to:

Know / access the personal information we have collected about you;
Delete personal information we hold about you;
Correct inaccurate personal information;
Opt out of "sale" or "sharing" of personal information and of certain profiling — note that we do not sell or share personal information;
Limit the use of sensitive personal information;
Non-discrimination for exercising your rights.

To exercise these rights, email privacy@heyscreenai.com. We will verify your request and respond within the timeframe required by law. You may use an authorized agent where permitted.

10. Canadian privacy rights (PIPEDA & provincial laws)

If you are in Canada, we handle your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws (including Quebec's Law 25). You have the right to:

Access the personal information we hold about you and be told how it is used and disclosed;
Correct inaccurate or incomplete information;
Withdraw consent to our processing (subject to legal/contractual limits);
Challenge our compliance with a designated privacy officer; and
Complain to the Office of the Privacy Commissioner of Canada (or your provincial regulator).

Contact our privacy officer at privacy@heyscreenai.com or [Privacy Officer Name / Mailing Address].

11. Children's privacy

HeyScreen is not directed to children under 13 (or the minimum age of digital consent in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

12. International data transfers

We and our subprocessors may process your information in the United States and other countries. Where personal information is transferred across borders, we use appropriate safeguards consistent with applicable law. By using the service, you understand your information may be processed in the United States.

13. Changes & contact

We may update this Policy from time to time; we will revise the "Last updated" date and, for material changes, provide additional notice. Questions or requests: privacy@heyscreenai.com.