HeyBob. ← Back to heybob.ai

Privacy Policy

Last updated: 3 July 2026

This policy explains what data HeyBob collects, why, and how we protect it. HeyBob is operated by Tiny Cloud Ventures (“we,” “us”). If anything here is unclear, email [email protected].

This is our plain-English policy for the current product. It is not a substitute for legal advice, and we will publish a fuller version reviewed by counsel before general availability.

What we collect

What we do not do

How connected credentials are handled

Credentials for tools you connect are held in a dedicated OAuth vault, encrypted at rest, and are never stored in our application database. Agent runs execute in isolated sandboxes with no direct access to those credentials — tokens are used server-side to make the specific tool calls a task requires.

Subprocessors

To run the product we rely on a small set of vendors, including a cloud hosting provider, our AI model provider (Anthropic), and a payments processor (Stripe). Under the BYOK model, your model tokens are billed directly by Anthropic to you under your own agreement. We maintain a current list of subprocessors and will provide it on request.

Data retention & deletion

We retain workspace data, run history, and audit logs for as long as your workspace is active, so your receipts and audit trail remain complete. You can request export or deletion of your workspace data at any time by emailing us; we will action deletion requests promptly, subject to any legal retention obligations.

Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted and logged. A SOC 2 examination is in progress; we will update this page as that work completes.

Your rights

Depending on where you are, you may have rights to access, correct, export, or delete your personal data. To exercise any of these, email [email protected] and we’ll respond.

Changes to this policy

If we make material changes, we’ll update the date above and, where appropriate, notify workspace admins.