Privacy Policy

HEA4 acts as controller for its website, sales, security, and account administration data. For customer workspace content, HEA4 usually acts as processor under a customer agreement. Privacy and security requests can be sent to privacy@hea4.com or security@hea4.com.

We may process account profile data, work email, organization metadata, Telegram handles submitted through public forms, authentication events, audit logs, support tickets, billing and contract records, product telemetry, and customer-provided business chat content where a customer enables HEA4 services.

We process data to provide the service, secure accounts, maintain tenant isolation, operate support, respond to incidents, comply with law, and communicate about HEA4. Legal bases may include contract performance, legitimate interests, consent where required, and legal obligations.

Account, audit, and operational records are retained for the period required by contract, security, legal, and product operations. Customers can request export, deletion, or return of customer data at termination according to the applicable agreement and DPA.

Data may be shared with subprocessors listed on the Subprocessors page, professional advisers, and authorities where required. Cross-border transfers use contractual, organizational, and technical safeguards appropriate to the processing context.

Depending on your location, you may request access, correction, export, restriction, objection, or deletion of personal data. Customers remain responsible for handling data subject requests for their workspace content unless HEA4 is asked to assist as processor.