Privacy Policy Last updated: June 2025 1. Who We Are HeyLark ("we," "us," or "our") is operated by HeyLark Ltd. For any privacy-related inquiries, you may contact our Data Protection Officer (DPO) at support@heylark.app. 2. What We Do HeyLark is a SaaS platform designed to help team leads manage performance feedback and growth planning within their teams. 3. Data We Collect Category Examples Legal Basis (GDPR Art. 6) Account Data Name, work email, password hash, company, role b) Contract fulfilment Team & Feedback Data Names of team members, goals, feedback, AI-generated reviews b) Contract, f) Legitimate interest Usage & Device Data IP address, browser version, timestamps, crash logs f) Legitimate interest (security, analytics) Payment Data Last 4 digits of card, billing address (via Stripe/Paddle) b) Contract, c) Legal obligation (tax) Integrations Slack username, message excerpts explicitly pushed, Google Calendar metadata a) Consent (opt-in) We do not knowingly collect data from children under 16 years of age. 4. Use of Data We use your data to: Deliver and maintain the service Generate AI-based suggestions at your request Provide support and notify users of changes Analyze and improve product features (using aggregated, anonymized data only) Importantly: We do not use any user data, including from Workspace APIs, to develop, improve, or train generalized AI or ML models. We do not sell or rent personal data. 5. Data Retention We retain personal data for as long as necessary to provide the service. Upon account closure, we delete or anonymize data within 30 days, unless a longer retention period is required by law (e.g., financial records). 6. Sharing & Transfers We share data only with vetted sub-processors who support our service: AWS (Ireland – EU-West-1) OpenAI (processing only, no training) Google Workspace APIs Slack (if user connects manually) Data transfers outside the EEA are covered by Standard Contractual Clauses (SCCs). Live sub-processor list: https://heylark.app/sub-processors 7. Your Rights (EU/UK/EEA & Similar Jurisdictions) You have the right to: Access, rectify, or delete your data Restrict or object to certain processing Withdraw consent at any time Request data portability File a complaint with a supervisory authority (e.g., ICO, CNIL) Contact: support@heylark.app. We respond within 5 business days. 8. Security Data encrypted in transit (TLS 1.3) and at rest (AES-256) Role-based access controls Admin access protected by 2FA Annual penetration tests and ISO 27001-aligned practices 9. Cookies We use essential cookies for authentication and optional analytics cookies (with consent). See our Cookie Notice for full details. 10. Policy Updates We may revise this Privacy Policy. Users will be notified at least 14 days in advance of material changes via email and banner notification. Terms of Use Last updated: May 2025 1. Acceptance By creating an HeyLark account or using the product, you agree to these Terms and our Privacy Policy. 2. Accounts & Eligibility Users must be 18+ and use a work-authorized email address. You are responsible for maintaining your credentials. 3. Subscriptions & Billing Free Tier: Limited features Paid Tier: Monthly fee per active user + applicable VAT Billing occurs in advance; no refunds for partial periods 4. License You are granted a non-exclusive, revocable, worldwide license to use the platform per these Terms. 5. Acceptable Use You may not: Reverse-engineer or resell the service Upload unlawful or discriminatory content Attempt unauthorized access to other tenants Use HeyLark to train competing AI systems 6. Your Content You retain rights to your uploaded content. You grant us a limited license to process it solely to provide the service. You are responsible for ensuring legal grounds for data sharing. 7. AI Output Disclaimer AI suggestions may contain inaccuracies. Final decisions are your responsibility. We are not liable for business decisions based solely on AI output. 8. Termination You may cancel anytime via your account settings. We may suspend or terminate accounts for non-payment or breaches. Data will be handled per our Privacy Policy. 9. Disclaimers Service is provided "as is". To the fullest extent permitted by law, we disclaim implied warranties including merchantability or fitness for purpose. 10. Liability Limitation Our liability is limited to the fees paid in the prior 12 months. We are not liable for indirect or incidental losses. 11. Indemnity You agree to indemnify us from claims resulting from misuse or breach of these Terms. 12. Jurisdiction EU/EEA Users: Irish law; disputes resolved in Dublin courts US/Other Users: Delaware law; binding arbitration under AAA rules 13. Changes to Terms We will notify users 30 days in advance of material changes. Continued use constitutes acceptance.