Beta: every plan is 50% off — keep your rate through the period you've paid for.

Legal

Privacy Policy

Effective date: June 18, 2026 · Last updated: June 18, 2026

1. Introduction

Heard, Inc. (“Heard,” “we,” “us,” or “our”) provides a software platform that helps independent restaurant and café operators manage day-to-day operations, including sales, expenses, schedules, reviews, and bookkeeping (“the Service”). The Service is accessible at https://useheard.io and any subdomain or successor URL.

This Privacy Policy explains what information we collect when you use the Service, how we use it, who we share it with, how we protect it, and the choices and rights you have. It applies to (a) operators and team members of businesses that use Heard (“Customers”), and (b) any other person whose personal information we process in connection with operating the Service.

By creating an account, accessing the Service, or providing information to us, you confirm that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

2. Information we collect

We collect personal information from three sources: (a) information you provide to us directly; (b) information collected automatically when you use the Service; and (c) information we receive from third-party services you choose to connect to your Heard account.

2.1 Information you provide

  • Account information, such as your name, email, business name, business address, business phone number, and role.
  • Profile information, such as a profile photo or display name from your identity provider.
  • Operational data you enter, such as expenses, schedules, employee names and roles, notes, and uploaded documents.
  • Communications you send us, such as support messages, feedback, and survey responses.

2.2 Information collected automatically

  • Authentication data, including signed session tokens issued by our authentication provider (Better Auth) when you log in.
  • Device and log information such as IP address, browser type, device identifiers, pages visited, actions taken, and timestamps.
  • Cookies strictly necessary to operate the Service. We do not currently use third-party advertising cookies.

2.3 Information from connected third-party services

When you connect a third-party service to Heard, we receive information from that service based on the scope you authorize. This includes:

  • Google Business Profile — business name, location data, reviews, replies, photos, OAuth tokens.
  • Google Calendar / Gmail — calendar events, email messages within authorized scopes, OAuth tokens.
  • Square — transactions, items sold, customer purchase metadata, locations, OAuth tokens.
  • Plaid — linked financial-institution name and account metadata, account and routing identifiers (where you authorize), transactions, balances, and Plaid-issued access tokens. See §6.
  • Microsoft / Facebook (login only) — basic profile information needed to create your account.

We only request the minimum scopes needed to provide the feature you have enabled. You can disconnect any integration at any time from Heard’s settings.

2.4 Information we do not collect or store

  • We do not collect or store consumer passwords. End-user login is delegated entirely to your chosen identity provider via OAuth 2.0.
  • We do not collect or store payment card numbers. Card payments accepted by your business are handled by your payment processor on your own merchant account.
  • We do not knowingly collect children’s personal information (see §10).

3. How we use information

We use the information described above to:

  • Provide and operate the Service — authenticating you, displaying your data, syncing reviews and transactions, drafting AI-assisted replies for your approval, and similar core functionality.
  • Improve the Service — debugging, monitoring performance and reliability, understanding feature usage in aggregate, and developing new features.
  • Communicate with you — sending service messages (account, security, billing), responding to support inquiries, and, with your consent, marketing or product communications.
  • Protect the Service and our users — detecting and preventing fraud, abuse, unauthorized access, and violations of our Terms.
  • Comply with legal obligations — meeting tax, accounting, audit, regulatory, and lawful-request requirements.

We do not sell your personal information. We do not share your personal information with third parties for their own advertising or marketing.

3.1 AI-assisted features

Heard offers features that use large language models to assist with tasks such as drafting suggested replies to customer reviews, summarizing business activity, and producing insights. These features call the Anthropic Claude API. When we send data to Anthropic, we only send the content needed to generate the requested output; we do not send Heard credentials, OAuth tokens, or other secrets; Anthropic processes the data under its own terms and does not use it to train its models through our API arrangement; and AI-generated content is presented to you for review and approval before any external action is taken on your behalf.

4. How we share information

We share information only as described in this section.

4.1 Service providers (subprocessors)

We share information with carefully selected third parties that process information on our behalf to operate the Service. Our current subprocessors include Amazon Web Services (hosting, database, storage, secrets), Anthropic (AI features), Plaid (bank account connections), Square (POS / sales integration), Google (Business Profile, Gmail, Calendar, OAuth login), Better Auth (authentication library), Microsoft and Meta (OAuth login providers), GitHub (source code and CI/CD), and email-delivery providers (transactional email). We require subprocessors to provide reasonable security and confidentiality protections. The list is reviewed at least annually and updated as integrations change.

4.2 At your direction

We share information with third parties when you direct us to — for example, when you connect Plaid, you instruct us to send and receive data from Plaid.

4.3 Legal and safety

We may share information when we believe in good faith it is required by law, lawful process, or court order; when it is necessary to protect the rights, property, or safety of Heard, our customers, or others; or to investigate or prevent fraud, abuse, or unauthorized use of the Service.

4.4 Business transfers

If Heard is involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, your information may be transferred to the relevant party. We will notify you and, where applicable, seek your consent for any materially different uses of your information.

5. Customer data is your business's data

Information that you enter into Heard, or that we receive on your behalf from connected third-party services, belongs to your business and is treated as confidential by us. We process this information on your business’s behalf to provide the Service, and only as described in this Policy and in our Terms of Service.

If you are an employee or team member added to a Heard account by your employer, your employer is the account owner. Please direct questions about your employer’s use of Heard to your employer.

6. Plaid

We use Plaid Inc. to enable users of Heard to connect their business’s financial accounts to the Service for the purpose of viewing balances and transactions inside Heard’s dashboard.

By using Heard’s Plaid-powered features:

  • You authorize Heard and Plaid to access, on your behalf, the financial account information from your selected financial institution.
  • You authorize Plaid to obtain account and routing identifiers, transactions, and balances from your selected institution and to share that information with Heard.
  • Plaid will use your information in accordance with its own Privacy Policy at plaid.com/legal/#end-user-privacy-policy.
  • Heard receives only the data necessary to provide the requested feature.
  • You can revoke Plaid’s access at any time from Heard’s settings or directly through Plaid’s user portal.

7. Your rights and choices

Depending on where you live, you may have specific rights with respect to your personal information. Heard honors the following rights regardless of where you are located, subject to verification of your identity and to any legal or contractual limits.

  • Right to access — request a copy of the personal information we hold about you.
  • Right to correction — ask us to correct inaccurate or incomplete information.
  • Right to deletion — ask us to delete your personal information.
  • Right to portability — request your data in a structured, machine-readable format where feasible.
  • Right to opt out of marketing — unsubscribe at any time.
  • Right to object or restrict processing — limit certain uses of your information.

To exercise any of these rights, contact us at privacy@useheard.io (or hello@useheard.io until that address is configured). We will respond within 30 days, or as required by applicable law.

7.1 California residents (CCPA / CPRA)

If you are a California resident, you have the rights above, plus the right to know the categories and specific pieces of personal information we have collected, and the right to non-discrimination for exercising your CCPA rights. We do not “sell” personal information as defined under the CCPA.

7.2 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland: the legal bases on which we process your information are (a) performance of a contract, (b) our legitimate interests in operating the Service, (c) your consent (which you can withdraw at any time), and (d) compliance with legal obligations. You have the right to lodge a complaint with your local data protection authority. For international transfers we rely on appropriate safeguards such as Standard Contractual Clauses.

8. Data retention

We retain personal information for as long as needed to provide the Service and meet legal obligations. Our full retention schedule is set out in Heard’s Data Retention and Disposal Policy, available on request at privacy@useheard.io. Highlights:

  • Customer account data: lifetime + 30 days after closure.
  • Financial transaction data: up to 7 years.
  • OAuth access/refresh tokens: until disconnect; immediately on account deletion.
  • Application audit log: up to 7 years.
  • Application server logs: 90 days.
  • RDS automated backups: 7 days.

You may request deletion of your personal information at any time by emailing privacy@useheard.io. We acknowledge within 7 days and complete deletion within 30 days, subject to legal-hold and audit-log exceptions.

9. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against loss, theft, unauthorized access, disclosure, alteration, and destruction. Details of our information security program are summarized in our Information Security Policy, available on request.

No internet transmission or electronic storage is 100% secure. We encourage you to use a strong password at your identity provider and to enable multi-factor authentication there.

10. Children

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

11. International users

Heard is based in the United States. By using the Service, you acknowledge that your information may be transferred to and processed in the United States and in other countries where our subprocessors operate. We rely on appropriate legal mechanisms for international transfers where required.

12. Cookies and tracking

We use a small number of strictly-necessary cookies to operate the Service — most importantly, the session cookie that keeps you signed in. We do not currently use third-party advertising cookies. If we add product analytics or cross-site tracking, we will update this Policy and, where required, present a cookie banner with controls.

13. Changes to this Policy

We may update this Policy from time to time. When we make a material change, we will notify you by email or through the Service before it takes effect. The “Last updated” date at the top reflects the most recent revision.

14. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your information, contact us at:

Heard, Inc.
Attn: Privacy
1133 Davis Drive
Apex, NC 27523
United States
privacy@useheard.io (or hello@useheard.io)
See also: Terms of Service.