heymada
Begin

Privacy Policy

Effective date: February 23, 2026

This Privacy Policy explains how Digital DaVincis (trading as HeyMada) ("HeyMada," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use the HeyMada website, applications, and related services (the "Services").

HeyMada is based in Ireland and processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable ePrivacy laws. It also includes U.S.-specific disclosures where applicable.

1. Categories of Personal Information We Collect

We may collect the following categories of personal data:

Account and Profile Data

Name, email address, authentication identifiers, timezone, onboarding responses.

Coaching Interaction Data

Prompts, reflections, messages, goals, summaries, commitments, and session artifacts. Coaching interactions may include personal reflections, emotional experiences, goals, and other sensitive information that you voluntarily choose to share. You are not required to provide sensitive personal data to use the Services.

Voice Session Data

Audio metadata, transcripts, and coaching context generated from sessions. Emotional or prosodic signal indicators may be generated during live voice sessions to support real-time coaching interaction and conversational flow. These indicators are not used for identity verification, biometric identification, medical analysis, or long-term psychological profiling.

Payment and Subscription Data

Plan information, billing status, Stripe customer identifiers, and purchase history.

Device and Usage Data

IP-derived region, device/browser characteristics, telemetry, and error diagnostics.

Communications Data

Support messages and related correspondence.

2. Sources of Information

We collect personal information from:

  • You directly (for example, account creation and coaching input).
  • Your use of the Services (for example, technical logs and session activity).
  • Service providers and integrations you use with us (for example, payments, scheduling, voice/video, transcription, and authentication infrastructure).

3. How We Use Personal Data

We process personal data to:

  • Provide, operate, and secure the Services
  • Deliver AI-supported coaching and continuity across sessions
  • Process payments and manage subscriptions
  • Support optional human coaching workflows
  • Generate summaries and service improvements
  • Detect fraud, abuse, and policy violations
  • Comply with legal obligations

AI systems are used to support coaching conversations and generate reflective outputs. Final decisions and actions remain fully under the user's control. We do not use solely automated decision-making to make legal or similarly significant decisions about you.

4. Additional Information for EU/EEA/UK/Switzerland

For users in the EU/EEA (and similarly in the UK/Switzerland where applicable), Digital DaVincis acts as the controller of personal data processed through the Services.

Controller contact address: Digital DaVincis, Killurney, Ballypatrick, Clonmel, Ireland.

Our legal bases for processing include:

  • Performance of a contract (providing the Services you request).
  • Legitimate interests (for example, security, product reliability, and service improvement).
  • Consent (for example, where we rely on consent for specific processing activities).
  • Compliance with legal obligations.
  • Protection of vital interests where necessary and permitted by law.

Under GDPR, you may have the right to:

  • Access your personal data.
  • Request rectification of inaccurate data.
  • Request erasure in certain circumstances.
  • Request restriction of processing in certain circumstances.
  • Object to processing based on legitimate interests.
  • Receive your data in portable form where applicable.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local supervisory authority if you believe your rights have been violated.

You can exercise rights by emailing contact@heymada.com. We generally respond within one month, subject to legally permitted extensions.

5. Disclosure of Personal Data

We disclose personal data to service providers acting on our behalf, including:

  • Authentication: Clerk
  • Infrastructure: Convex, Supabase
  • Payments: Stripe
  • Scheduling: Cal.com
  • Voice infrastructure: Hume AI, LiveKit
  • Transcription: Deepgram
  • Email delivery: Resend
  • Monitoring and security: Sentry
  • AI model processing: OpenRouter and Google model infrastructure

These providers process data solely under contractual safeguards and do not use personal data from HeyMada to train publicly available or generalized AI models.

We may also disclose information:

  • At your direction or with your consent.
  • In connection with a merger, acquisition, financing, or sale of all or part of our business.
  • To comply with legal obligations or protect rights and safety.

We do not sell personal information and do not engage in cross-context behavioral advertising.

6. AI Processing and Automated Decision-Making

We use AI systems to generate coaching responses, summaries, and session insights. This processing can include your coaching prompts, transcript content, and selected profile context.

We do not use solely automated decision-making to make legal or similarly significant decisions about you.

7. Cookies and Similar Technologies

We and our providers use cookies and similar technologies for authentication, security, session continuity, preferences, and core product performance.

Where required by law (including in the EU/EEA), we request consent before placing non-essential cookies or similar technologies. At this time, we do not run cross-context behavioral advertising cookies.

8. Data Retention

We retain personal data only as long as reasonably necessary to provide the Services, maintain continuity, comply with legal obligations, and resolve disputes.

Certain high-volume artifacts (such as raw transcripts) may be retained for shorter periods, while core coaching artifacts (summaries, goals, commitments) may be retained longer to preserve user continuity.

Upon account deletion, personal data is deleted or anonymized within a reasonable period unless retention is required by law.

You may request access to, export, or deletion of your coaching data at any time by contacting us.

9. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

10. U.S. State Privacy Rights

Depending on your state of residence, you may have rights to request access, correction, deletion, and portability of your personal information, and to opt out of certain processing.

You may submit requests by emailing contact@heymada.com with the subject line "Privacy Request." We may need to verify your identity before processing a request.

If we deny a request, you may appeal by replying to our response with "Privacy Appeal" in the subject line.

11. Consumer Health Data Notice (Washington and Nevada)

Some information processed by HeyMada may be considered "consumer health data" under certain state laws, including information that could reveal mental or emotional health status from coaching interactions.

Categories of consumer health data we may collect:

  • Coaching conversation content that may reference stress, burnout, emotional state, or related personal experiences.
  • Voice-session emotional/prosody outputs used to support coaching interaction quality.
  • Session summaries, insights, and goals that may reflect well-being-related patterns.

Sources of consumer health data:

  • Directly from you during coaching sessions and profile inputs.
  • Generated from your interactions by our coaching and voice processing systems.

Purposes for collecting and using consumer health data:

  • Providing coaching services you request.
  • Maintaining continuity across sessions.
  • Generating insights and summaries for your coaching journey.
  • Safety, integrity, and service quality operations.

Categories of third parties/processors with whom consumer health data may be shared:

  • Voice and transcription infrastructure providers.
  • Cloud, database, and application infrastructure providers.
  • AI model processing providers acting on our instructions.

We obtain consent where required by applicable consumer health data laws and process consumer health data only for disclosed and permitted purposes.

12. Children's Privacy

The Services are not directed to children. In the EU/EEA and UK, we do not knowingly collect personal information from children under 16. Where U.S. law applies, we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us and we will take appropriate steps.

13. International Data Transfers

We may process and store data in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers, such as adequacy decisions and the European Commission's Standard Contractual Clauses.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy here and update the effective date.

15. Contact

Privacy questions or requests can be sent to contact@heymada.com or by post at Digital DaVincis, Killurney, Ballypatrick, Clonmel, Ireland, or through our contact page.