H
Hey Harvey

Privacy Policy

Last updated: 7 April 2026

1. Introduction

Hey Harvey ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered legal information platform.

This policy is compliant with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa and other applicable data protection regulations.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account or use our Service, you may provide:

  • Account Information: Name, email address, phone number, password
  • Profile Information: Province, preferred language, user type (citizen/attorney)
  • Payment Information: Billing details processed through PayFast/Ozow (we do not store card numbers)
  • Communication: Messages sent through our contact form or support channels

2.2 Information You Upload

  • Documents: Legal documents, contracts, or other files you upload for analysis
  • Conversation Data: Questions and queries you submit to our AI assistant
  • Case Information: Details about legal matters you track using our case management features

2.3 Automatically Collected Information

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on the Service
  • Log Data: IP address, access times, error logs
  • Cookies: Session cookies for authentication and preferences

3. How We Use Your Information

3.1 Service Provision

  • To provide AI-powered legal information assistance
  • To analyze documents you upload
  • To manage your subscription and process payments
  • To maintain and improve our Service

3.2 Communication

  • To send service-related notifications and updates
  • To respond to your inquiries and support requests
  • To send marketing communications (with your consent)

3.3 Legal and Security

  • To comply with legal obligations
  • To protect against fraud and unauthorized access
  • To enforce our Terms of Service

4. Legal Basis for Processing (POPIA Compliance)

Under POPIA, we process your personal information based on:

  • Consent: You have given consent for the processing (e.g., marketing emails)
  • Contract: Processing is necessary to perform our contract with you (subscription services)
  • Legal Obligation: Processing is required to comply with South African law
  • Legitimate Interest: Processing is necessary for our legitimate business interests, balanced against your rights

5. Information Sharing and Disclosure

We may share your information with:

5.1 Service Providers

  • AI Providers: OpenAI and Anthropic for processing your queries (anonymized where possible)
  • Payment Processors: PayFast and Ozow for payment processing
  • Hosting Providers: Cloud infrastructure providers
  • Email Services: For transactional and marketing emails

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We DO NOT sell your personal information to third parties for marketing purposes.

6. Data Security

We implement appropriate security measures to protect your information:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Secure password hashing using industry-standard algorithms
  • Regular security assessments and updates
  • Access controls limiting who can access your data
  • Secure hosting infrastructure with regular backups

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information for:

  • Account Data: As long as your account is active, plus 7 years after closure for legal/tax purposes
  • Conversation History: Until you delete it or close your account
  • Documents: Until you delete them or close your account
  • Payment Records: 7 years as required by South African tax law
  • Usage Logs: 90 days for security and analytics purposes

8. Your Rights Under POPIA

You have the following rights regarding your personal information:

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete information
  • Right to Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Right to Object: Object to processing of your information for direct marketing
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Lodge a Complaint: Lodge a complaint with the Information Regulator of South Africa

To exercise these rights, please contact us at contact@heyharvey.co.za or use the settings in your account dashboard.

9. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Preference Cookies: Remember your settings and preferences (language, theme)
  • Analytics Cookies: Help us understand how you use the Service (anonymized)

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

10. Cross-Border Data Transfers

Some of our service providers (such as AI providers and cloud infrastructure) may process data outside of South Africa. When this occurs, we ensure appropriate safeguards are in place, including:

  • Contractual clauses requiring equivalent data protection
  • Ensuring recipients are in jurisdictions with adequate data protection laws
  • Obtaining your consent where required

11. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have it removed.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Information Regulator

If you have concerns about how we handle your personal information, you have the right to lodge a complaint with the Information Regulator of South Africa:

  • Website: inforegulator.org.za
  • Email: complaints.IR@justice.gov.za
  • Phone: 012 406 4818

14. Contact Us

For any questions or concerns about this Privacy Policy or our data practices, please contact our Information Officer:

  • Email: contact@heyharvey.co.za
  • General Inquiries: contact@heyharvey.co.za