Privacy Policy

Effective Date: February 16, 2026

Introduction

HeyDividend Labs. ("HeyDividend," "we," "our," or "us") operates Harvey AI, an AI-powered dividend research assistant available via our website at askheydividend.com and harveyai.heydividend.com, and our mobile applications for iOS and Android (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, whether through the web application or the mobile application.

We are committed to protecting your privacy and ensuring transparency about our data practices. By using Harvey AI, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide

  • Account Information: When you create an account, we collect your email address and any profile information you choose to provide.
  • User Content: We collect the messages, queries, and content you submit when using Harvey AI, including questions about dividends, stocks, and financial information.
  • Watchlist Data: Information about securities you add to your watchlists.
  • Payment Information: If you subscribe to a paid plan, payment processing is handled by our third-party payment processor. We do not store complete credit card numbers.

Information Collected Automatically

  • Usage Data: We collect information about how you interact with Harvey AI, including features used, queries submitted, and time spent on the Service.
  • Device Information: Browser type, operating system, device identifiers, and IP address.
  • Mobile Device Information: When you use our mobile application, we may collect your device model, operating system version, unique device identifiers (such as IDFA on iOS or GAID on Android), and mobile network information.
  • Push Notification Tokens: If you enable push notifications in our mobile application, we collect your device push notification token to deliver alerts and updates to your device.
  • App Usage Analytics: In our mobile application, we collect app open and close events, screen views, feature usage patterns, and crash reports to improve performance and user experience.
  • Biometric Data: If you enable biometric login (such as Face ID or Touch ID) in our mobile application, biometric authentication is processed entirely on your device using the operating system's secure enclave. We never receive, transmit, or store your biometric data on our servers.

Cookies and Similar Technologies

On the web application, we use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze usage patterns. You can manage cookie preferences through your browser settings.

On our mobile application, we do not use browser cookies. Instead, the mobile app uses local storage mechanisms (such as AsyncStorage and SecureStore) for session management, preference storage, and secure credential handling. These are confined to the application sandbox on your device.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve Harvey AI services across web and mobile platforms
  • Process your queries and generate AI-powered responses
  • Train and improve our AI models (using aggregated, de-identified data)
  • Personalize your experience and remember your preferences
  • Process transactions and send related information
  • Send administrative messages, updates, and security alerts
  • Deliver push notifications you have opted into (mobile app)
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent or unauthorized activity
  • Comply with legal obligations

AI Model Training

We may use conversations with Harvey AI to improve our services and train our AI models. When we do so:

  • Data is aggregated and de-identified before use in training
  • We implement technical safeguards to prevent the model from memorizing or reproducing personal information
  • You can request that your data not be used for training by contacting us

Mobile Application

Data Stored Locally on Your Device

Our mobile application stores certain data locally on your device, including your app settings, display preferences, and cached market data. This data remains on your device and is not transmitted to our servers unless you take an action that requires synchronization (such as updating your watchlist or sending a chat message).

Data Synchronization

The following data is synchronized with our servers to provide a consistent experience across web and mobile platforms: account information, watchlist data, chat history, and subscription status. Data that remains on your device only includes display preferences, cached market data, and locally stored authentication tokens.

Push Notifications

If you opt in to push notifications, we collect and store your device push token on our servers to deliver notifications such as dividend alerts, price alerts, and account-related updates. You can disable push notifications at any time through your device settings or within the app.

Third-Party SDKs

Our mobile application uses third-party software development kits (SDKs) that may collect certain data, including:

  • Expo SDK: Application framework that may collect crash reports and performance data.
  • React Native: Cross-platform development framework used to build the application.
  • Analytics SDKs: We may use analytics tools to collect aggregated usage data to improve app performance and user experience.

App Tracking Transparency (iOS)

On iOS devices, we comply with Apple's App Tracking Transparency (ATT) framework. We will request your permission before tracking your activity across other companies' apps and websites. If you decline, we will not engage in cross-app tracking. You can change your tracking preferences at any time in your device's Settings under Privacy & Security > Tracking.

Sharing of Information

We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (hosting, analytics, payment processing)
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Legal Requirements: When required by law or to respond to legal process
  • Protection of Rights: To protect the rights, property, and safety of HeyDividend, our users, or others

We do not sell your personal information to third parties.

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We may retain certain information after account deletion for legitimate business purposes, including:

  • Compliance with legal obligations
  • Resolution of disputes
  • Enforcement of our agreements
  • Fraud prevention

Conversation history may be retained for up to 30 days after deletion for operational purposes, after which it is permanently deleted.

Your Rights and Choices

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know: Request information about the personal information we collect, use, and disclose
  • Delete: Request deletion of your personal information
  • Correct: Request correction of inaccurate personal information
  • Opt-Out: Opt out of the "sale" or "sharing" of personal information (note: we do not sell personal information)
  • Non-Discrimination: Not be discriminated against for exercising your privacy rights

To exercise these rights, please contact us at privacy@heydividend.com.

European Economic Area Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete personal data
  • Erasure: Request deletion of your personal data (right to be forgotten)
  • Data Portability: Request your personal data in a structured, commonly used, machine-readable format
  • Restriction: Request restriction of processing of your personal data
  • Objection: Object to processing of your personal data based on legitimate interests
  • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time

Our legal bases for processing your personal data include: your consent (e.g., for push notifications and optional analytics), performance of a contract (e.g., providing the Service and processing payments), and legitimate interests (e.g., improving our Service, fraud prevention, and security). To exercise any of these rights, please contact us at privacy@heydividend.com.

Account Controls

  • Access and update your account information in your profile settings
  • Delete your conversation history at any time
  • Export your data by contacting us
  • Close your account by contacting support

Mobile App Controls

  • Push Notifications: You can manage push notification preferences through your device settings (Settings > Notifications on iOS; Settings > Apps > Harvey AI on Android) or within the app's settings screen.
  • Locally Stored Data: You can clear locally stored data (cached market data, preferences) from within the app's settings. Uninstalling the application will remove all data stored locally on your device.
  • Account Deletion: Deleting your account removes all server-side data associated with your account, including watchlists, chat history, and profile information. To remove locally stored data, uninstall the mobile application from your device.

Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication requirements
  • Employee training on data protection
  • Secure storage of authentication tokens on mobile devices using platform-provided secure storage (Keychain on iOS, Keystore on Android)

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Children's Privacy

Harvey AI is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers are located. By using Harvey AI, you consent to the transfer of your information to countries outside your country of residence. Where required by applicable law, we implement appropriate safeguards (such as Standard Contractual Clauses) to protect your data during international transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date." For material changes, we may also notify you via email or through a notification in the mobile application. Your continued use of Harvey AI after any changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

HeyDividend Labs.
Email: privacy@heydividend.com
California, United States