Home/Privacy

HEYLIFE / · OUR PRIVACY COMMITMENTS

Your life. Your data. Your call.

heylife.ai is an AI life agent. It learns what matters to you, drafts the next move, and, when you let it, takes real action across your tools. That raises the trust bar. A passive journal you forget on your phone is one thing. An agent that can send an email, book a calendar slot, or write a Notion page on your behalf is something else.

So we are stating our commitments up front, in plain English, before launch. Three promises hold the rest together. Your data stays yours. Every action is logged and reviewable, with the exact memory it referenced. Every integration is revocable in one tap. We do not train on your data, and the LLM vendors we use do not either. You can export everything, and you can wipe everything.

heylife.ai is in private beta. This page describes our commitments and how the system is designed today. A formal terms-of-service and full privacy policy will publish before public launch. If something here changes, we will tell you, and we will not change it for accounts that already exist without consent.

01 Our principles

Five commitments. They are the contract behind the product, and they are the order we built around.

  1. P1

    Your data stays yours

    We are custodians, not owners. You can read, export, or delete every memory, every action log, and every integration token at any time. We do not sell data. We do not share it with advertisers. There is no "anonymized" backdoor.

  2. P2

    Granular per-integration permissions

    Each integration is connected on its own, with its own scopes. You can give heylife read-only access to your calendar but full access to draft emails, or any combination you want. You can change scopes or revoke any integration without deleting your account.

  3. P3

    Every action is logged with the memory it referenced

    When a sub-agent acts on your behalf, the action is written to an audit log alongside the specific memories, messages, and integration data it used to make that decision. Nothing happens in the dark. Read why this matters to us.

  4. P4

    You can revoke, export, or delete anytime

    One tap to disconnect an integration. One click to export your full memory and audit log as JSON. One click to hard-delete your account. No "contact support and wait" loop, no dark patterns.

  5. P5

    We do not train on your data, and neither do our LLM vendors

    Your memory and your conversations are not used to train heylife models. We use leading frontier-model providers under zero-data-retention terms where they are offered, and contractual no-training terms always. Your life is not a training set.

02 What we collect, why, where it lives

Four buckets. Nothing more is needed for the product to work, so nothing more is what we collect.

  • Account info Why: to give you a stable identity and let you sign in. Email, hashed authentication credentials, basic device metadata. Stored in our primary database, encrypted at rest.
  • Agent memory Why: the things you tell heylife so it can be useful across time. Goals, context, preferences, notes, what you said yesterday. Stored encrypted at rest. You can read, edit, or delete any memory directly.
  • Integration tokens Why: to call Notion, Gmail, Calendar, and Apple Health on your behalf. OAuth tokens are encrypted at rest with per-user keys. Apple Health data stays on your device by default and is not copied to our servers.
  • Action logs Why: so you can review, replay, or undo anything an agent did, and so we can debug. Each entry records the agent, the action, the integration touched, and the memory it referenced. Yours to read, yours to delete.

03 Integrations

Each integration is connected separately, with the narrowest useful scope, and disconnects in one tap. heylife asks you to confirm scope before granting access. You can revoke it from inside heylife or from the integration's own dashboard at any time.

  • Notion

    Read and write the pages and databases you explicitly grant. Never your full workspace by default.

  • Gmail

    Draft, send, and read scoped threads when you ask. Inbox-wide read is opt-in and labeled.

  • Google Calendar

    See your availability, create or move events. Calendar choice is per-calendar, not all-or-nothing.

  • Apple Health

    Stays on device by default. Aggregated signals (sleep, activity) only leave your phone if you opt in.

More integrations are on the roadmap. Each one will ship with the same shape: explicit scope, one-tap revoke, every action logged.

04 The action audit log

This is the trust moat. Most AI products give you a chat history. We give you a chat history plus an action log plus the receipts behind every action.

Every time a sub-agent does something on your behalf, the entry captures four things:

WHO · which agent WHAT · the action WHERE · which integration WHY · the memories referenced

You can scroll the log, filter by agent or integration, and open any entry to see the exact memories the agent pulled before deciding. If something is wrong, you can undo the action where the integration supports it, correct the memory, and tell the agent to try again. You can also export the full log as JSON.

05 AI and model usage

Be honest about how this works: heylife calls cloud-based large language models. We do not run inference on device. The agents that draft messages, plan your week, and write Notion pages run on leading frontier-model providers.

Three commitments on the model layer:

  • No training on your data. Our contracts with model providers prohibit using customer prompts or completions to train their models.
  • Zero retention where available. We use zero-data-retention inference endpoints when the provider offers them, so prompts are not stored on the inference layer.
  • Sensitive context redaction. Memory is scoped per task. The agent only sends the memories it actually needs for the task at hand, not your full life.

06 Data deletion and export

Two buttons in your settings. Export downloads a JSON archive of your account, memory, integration metadata, and audit log. Delete account removes your data from production within seconds and from backups within 30 days. You do not need to email us. You do not need to wait for a ticket.

Some operational logs (billing records, abuse signals) are kept for the period required by law or to keep the service safe, then deleted on the same 30-day cycle.

07 Children

heylife.ai is built for adults making decisions about their own lives, finances, health, and relationships. The service is for users 18 and over. We do not knowingly create accounts for minors. If we learn an account belongs to a minor, we delete it.

08 Contact

Privacy questions, data requests, or anything that concerns you about how heylife handles your data goes to [email protected]. A real person reads it. We aim to respond within two business days.

Privacy you can verify, not just trust.

heylife is in private beta. Join the waitlist and you will be among the first to test the audit log, the per-integration permissions, and one-tap delete in the wild.

Join the waitlist Back to home