Hey
US·hey.com
Hey shares data primarily with service providers to operate the platform.
Overview
Sells your data No
We never sell your data.
Shares with third parties Yes
Tracking levelModerate
Your Privacy Controls
Global Privacy Control (GPC)
Browser signal to opt out of data selling
UnknownDo Not Track (DNT)
Browser signal to opt out of tracking
UnknownHow Long Data Is Kept
as needed for purposes or legal contractual obligations
Where Data Goes
Sent outside EU/EEAYes
US
Who Gets Your Data
Other Third Parties
Not clearly specified who receives your data
Other Third Parties
Not clearly specified who receives your data
Other Third Parties
Not clearly specified who receives your data
Other Third Parties
Not clearly specified who receives your data
Other Third Parties
Not clearly specified who receives your data
Other Third Parties
Not clearly specified who receives your data
Other Third Parties
Not clearly specified who receives your data
Tracking & Analytics
Google
What Data Is Collected
31 types| Data Type | Category | Why |
|---|---|---|
| Name | Identity | Collected during product sign-up for account personalization and essential communications. When you sign up for a 37signals product, we ask for identifying information such as your name, email address, and maybe a company name. |
| Email Address | Identity | Collected during product sign-up for account personalization, product updates, essential information, optional surveys, and newsletters (with consent). Also kept for voluntary correspondence. When you sign up for a 37signals product, we ask for identifying information such as your name, email address, and maybe a company name. That’s so you can personalize your new account, and we can send you product updates and other essential information. |
| Company Name | Identity | Optionally collected during product sign-up for account personalization. When you sign up for a 37signals product, we ask for identifying information such as your name, email address, and maybe a company name. |
| Profile Picture | Identity | Optionally added by the user to display in products. We sometimes also give you the option to add a profile picture that displays in our products. |
| Last 4 digits of Credit Card Number | Financial | Stored as a record of payment transactions for account history, invoicing, and billing support. Full credit card information is submitted directly to a payment processor. We store a record of the payment transaction, including the last 4 digits of the credit card number, for purposes of account history, invoicing, and billing support. |
| Billing Address | Financial | Provided for paid product subscriptions to charge for service, calculate sales tax, send invoices, and detect fraudulent credit card transactions. If you sign up for a paid 37signals product, you will be asked to provide your payment information and billing address. ... We store your billing address so we can charge you for service, calculate any sales tax due, send you invoices, and detect fraudulent credit card transactions. |
| User-Generated Content (Product Content) | Communications | Content uploaded, received, or maintained in product accounts to enable product functionality (e.g., projects in Basecamp, email in HEY). We store on our servers the content that you upload or receive or maintain in your 37signals product accounts. This is so you can use our products as intended, for example, to create projects in Basecamp or to receive email in HEY. |
| IP Address (Signup) | Technical | Full IP address logged during product account sign-up to mitigate future spammy signups. For most of our products, we log the full IP address used to sign up a product account and retain that for use in mitigating future spammy signups. |
| IP Address (Account Access) | Technical | Full IP address logged for all account access for security and fraud prevention purposes. We also log all account access by full IP address for security and fraud prevention purposes, and we keep this login data for as long as your product account is active. |
| Browsing Activity | Behavioral | Collected for analytics and statistical purposes, such as conversion rate testing and experimenting with new product designs. We collect information about your browsing activity for analytics and statistical purposes such as conversion rate testing and experimenting with new product designs. |
| Browser Version | Technical | Collected as part of website interaction data for analytics and statistical purposes. This includes, for example, your browser and operating system versions, your IP address, which web pages you visited and how long they took to load, and which website referred you to us. |
| Operating System Version | Technical | Collected as part of website interaction data for analytics and statistical purposes. This includes, for example, your browser and operating system versions, your IP address, which web pages you visited and how long they took to load, and which website referred you to us. |
| IP Address (Website Interaction) | Technical | Collected as part of website interaction data for analytics and statistical purposes. Tied to user account if signed in. This includes, for example, your browser and operating system versions, your IP address, which web pages you visited and how long they took to load, and which website referred you to us. |
| Web Pages Visited | Behavioral | Collected as part of website interaction data for analytics and statistical purposes. This includes, for example, your browser and operating system versions, your IP address, which web pages you visited and how long they took to load, and which website referred you to us. |
| Page Load Duration | Technical | Collected as part of website interaction data for analytics and statistical purposes. This includes, for example, your browser and operating system versions, your IP address, which web pages you visited and how long they took to load, and which website referred you to us. |
| Referring Website | Technical | Collected as part of website interaction data for analytics and statistical purposes. This includes, for example, your browser and operating system versions, your IP address, which web pages you visited and how long they took to load, and which website referred you to us. |
| IP Address (CAPTCHA) | Technical | Evaluated by a CAPTCHA service during login and form submissions to detect automated programs for anti-bot and spam protection. 37signals receives only the spam score, not the raw IP. When you log into your 37signals accounts and when you fill in certain forms in HEY, the CAPTCHA service evaluates various information (e.g., IP address, how long the visitor has been on the app, mouse movements) to try to detect if the activity is from an automated program instead of a human. |
| Visitor Duration on App (CAPTCHA) | Behavioral | Evaluated by a CAPTCHA service during login and form submissions to detect automated programs for anti-bot and spam protection. 37signals receives only the spam score, not the raw data. When you log into your 37signals accounts and when you fill in certain forms in HEY, the CAPTCHA service evaluates various information (e.g., IP address, how long the visitor has been on the app, mouse movements) to try to detect if the activity is from an automated program instead of a human. |
| Mouse Movements (CAPTCHA) | Behavioral | Evaluated by a CAPTCHA service during login and form submissions to detect automated programs for anti-bot and spam protection. 37signals receives only the spam score, not the raw data. When you log into your 37signals accounts and when you fill in certain forms in HEY, the CAPTCHA service evaluates various information (e.g., IP address, how long the visitor has been on the app, mouse movements) to try to detect if the activity is from an automated program instead of a human. |
| Ad Interaction Data | Behavioral | Information about which ad was clicked, keyword triggered, and actions performed (e.g., button clicks, form submissions) to evaluate ad effectiveness. Where permissible under law, we may load an ad-company script on their browsers that sets a third-party cookie and sends information to the ad network to enable evaluation of the effectiveness of our ads, e.g., which ad they clicked and which keyword triggered the ad, and whether they performed certain actions such as clicking a button or submitting a form. |
| Cookies (First-party & Third-party) | Technical | Used to store preferences, facilitate application use, perform A/B testing, and support analytics. We also use persistent first-party cookies and some third-party cookies to store certain preferences, make it easier for you to use our applications, and perform A/B testing as well as support some analytics. |
| Email Correspondence | Communications | Kept when users email 37signals for questions or help, including the email address, to maintain a history of past interactions. When you email 37signals with a question or to ask for help, we keep that correspondence, including your email address, so that we have a history of past correspondence to reference if you reach out in the future. |
| Survey Responses (Written) | Communications | Volunteered information provided in response to surveys to understand product usage and make improvements. We also store information you may volunteer, for example, written responses to surveys. |
| Recorded Customer Interviews | Communications | Customer conversations recorded with express consent for future reference or use. If you agree to a customer interview, we may ask for your permission to record the conversation for future reference or use. We will only do so with your express consent. |
| Contacts (from device) | Social | Accessed by mobile apps with optional user consent to enable certain features. Because of how the platforms are designed, our apps typically must request your consent before accessing contacts, calendar, camera, and other privacy-sensitive features of your device. |
| Calendar (from device) | Other | Accessed by mobile apps with optional user consent to enable certain features. Because of how the platforms are designed, our apps typically must request your consent before accessing contacts, calendar, camera, and other privacy-sensitive features of your device. |
| Camera (from device) | Other | Accessed by mobile apps with optional user consent to enable certain features. Because of how the platforms are designed, our apps typically must request your consent before accessing contacts, calendar, camera, and other privacy-sensitive features of your device. |
| Gmail Account Data (via HEY integration) | Communications | Collected if a user optionally connects their Gmail account to HEY to receive and respond to Gmail email through HEY. For example, we may allow you, at your option, to connect your Gmail account to your HEY account so that you can use HEY to receive and respond to your Gmail email. |
| Email Content (from Gmail via HEY) | Communications | Email received and responded to through HEY from a connected Gmail address, stored by both HEY and Google. Email that you receive and respond to through HEY from your Gmail address will be stored by both HEY and Google and will be available to you from your Gmail account as well as your HEY account. |
| Hashed Email Address | Identity | A one-way hash of the email address disclosed to ad companies (where permissible by law) to exclude Basecamp account holders from seeing ads. Where permissible by law and if you have a Basecamp account, we may disclose a one-way hash of your email address with ad companies to exclude you from seeing our ads. |
| Tax Exemption Information | Financial | Disclosed to tax authorities if audited, as part of billing-related information. If we are audited by a tax authority, we may be required to disclose billing-related information. If that happens, we will disclose only the minimum needed, such as billing addresses and tax exemption information. |
Why Your Data Is Used
Core Service
- personalizationThis purpose involves saving user settings to customize their experience within the applications.store certain preferences
- provide servicesThis describes enhancing the usability and accessibility of the core service provided by the applications.make it easier for you to use our applications
- product improvementA/B testing is a method used to compare different versions of a product or feature to identify improvements.perform A/B testing
Security & Integrity
- authenticationRemembering login information is crucial for user authentication and secure access to accounts.help remember login information
Marketing & Advertising
- analyticsThis explicitly states the purpose is to measure the performance and impact of advertising campaigns.enable evaluation of the effectiveness of our ads, e.g., which ad they clicked and which keyword triggered the ad, and whether they performed certain actions such as clicking a button or submitting a form.
- analyticsThis refers to general data collection and analysis, which often includes understanding user behavior for business insights and marketing strategies.support some analytics