Hey

Hey

US·hey.com
View Policy Full Report
73
Privacy Score
Data Collection20%
50/100
Data Sharing25%
75/100
Tracking20%
55/100
Transparency20%
90/100
User Rights15%
100/100
AI Risk
55/100

Analysis Findings

Data Collection
-50 pts31 Types
Data Sharing
-20 pts2 Issues
Tracking
-45 pts3 Trackers
Transparency
+40 ptsGood
User Rights
+55 ptsComprehensive
AI Practices
-55 pts55/100

Top Vendors

VendorCategoryPurposeCountry
G
Google
Advertising and Cookies, When we access or disclose your informationAdvertising on third-party platforms, evaluating ad effectiveness, ad network services, and providing Gmail integration for email storage and processing.US
P
Payment Processor (unnamed)
Billing informationProcessing credit card information for paid product subscriptions.Not specified
C
CAPTCHA Service (unnamed)
Anti-bot assessmentsAnti-bot assessments, mitigating brute force logins, and spam protection.Not specified
A
Ad Network / Ad Companies (unnamed)
Advertising and Cookies, When we access or disclose your informationSetting third-party cookies and sending information to ad networks to enable evaluation of ad effectiveness, and excluding users from seeing ads.Not specified
Collected Data Types
Name
identityRequired
Email Address
identityRequired
Company Name
identity
Profile Picture
identity
Last 4 digits of Credit Card Number
financialRequired
View all 31 items
Cookies & Tracking
No data available
Doing Well
  • Subprocessor list published
  • Privacy policy published
  • Comprehensive policy sections
  • Specific data retention periods
  • Data processing purposes stated
  • Readable policy length
Concerns
  • Tracks behavioral data
  • Collects browsing history
  • Collects location data
  • Collects financial data
  • Collects 31 data types
  • Shares data with advertisers
Privacy Summary
37signals collects personal data including your name, email, billing details, IP address, and content you upload to their products (like Basecamp or HEY), along with website activity. They explicitly state they never sell your data, but share it with third-party services to operate their products or with ad companies (using hashed emails) to avoid showing you ads. You can request data deletion or correction by emailing `privacy@37signals.com`, and content you delete from your account is typically purged from their systems within 60-90 days.
AI-generated summary based on policy analysis dated Apr 11, 2026
Quick Facts
Legal Name37signals LLC
HeadquartersUS
Data DeletionModerate (4/10)
Vendors4 third parties
Data Types31 types collected
Last AnalyzedApr 11, 2026
Compliance
GDPRYes
CCPAYes
Data Request FormNo
Recent BreachNo
Data BrokerNo
Policy Documents
Privacy PolicyTerms of Service
AI Risk
  • AI usage only partially disclosed
  • Hidden AI usage detected
  • High user impact from AI usage
  • Automated decision-making risk