Legal

Privacy Policy

How HeyStream collects, uses, shares, stores, and protects personal data across the website, accounts, broadcasts, audience CRM, and related services.

This Privacy Policy explains what personal data we collect through HeyStream, how we use it, when we share it, how long we keep it, and what rights and choices may be available to you.

Because HeyStream powers live broadcasts, audience registration, CRM activity, and follow-up messaging, the data we handle can include both information about our own customers and information our customers collect about their attendees and contacts.

  • We collect account, billing, event, audience, and usage data needed to run HeyStream and support your broadcasts.
  • Customers control the attendee and contact data they upload or capture in HeyStream, and remain responsible for providing the notices and permissions their use requires.
  • We use trusted providers for hosting, payments, email delivery, analytics, media delivery, and infrastructure support.
  • You can request access, correction, deletion, or other privacy help by contacting us.
  • If we materially change this policy, we will update this page and may notify customers through email or in-product notice.

Who we are

HEY SUMMIT LTD operates HeyStream. Our registered office is 71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ, and our company number is 11538852.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you visit HeyStream websites, create an account, run events, register for broadcasts, watch content, receive communications, or otherwise interact with the service.

The roles we play

When we collect personal data about our own website visitors, account users, prospects, and customers for our own business purposes, we act as a controller of that data.

When customers use HeyStream to collect registrations, manage attendee records, run broadcasts, or send follow-up communications, we generally act as a processor or service provider on that customer's behalf. In those cases, the customer controls the data and is responsible for the notices, permissions, and instructions associated with it.

The personal data we collect

The personal data we collect depends on how you interact with HeyStream. We may collect account and profile details such as your name, email address, workspace information, job title, and authentication details.

We may collect billing and transaction data such as subscription plan, billing interval, partial payment method details supplied by our payment processor, invoices, account status, and communications about your subscription.

We may collect event and audience data such as registration details, attendee responses, viewing sessions, engagement actions, CTA interactions, chat, Q&A, poll activity, CRM records, outbound messaging activity, and integration sync data.

We may collect technical and usage data such as IP address, browser and device details, approximate location derived from IP, referral information, page interactions, cookie or similar identifiers, diagnostic logs, and product telemetry used to operate and secure the service.

How we collect personal data

We collect data directly from you when you create an account, contact us, subscribe to a plan, complete forms, register for an event, watch content, respond to event interactions, or communicate with us.

We collect data automatically through the operation of the service, including logs, cookies, local storage, analytics events, viewing-session tracking, and infrastructure monitoring.

We may also receive personal data from our customers, your employer or workspace owner, integration partners, payment providers, authentication services, and other third parties that support delivery of the service.

How we use personal data

We use personal data to provide, maintain, secure, and improve HeyStream, including account administration, event delivery, audience management, replay delivery, support, billing, fraud prevention, infrastructure operations, and feature development.

We use personal data to communicate with you about the service, such as transactional messages, support responses, product notices, billing notices, security updates, and service-related announcements.

We may use limited data for analytics, troubleshooting, abuse prevention, legal compliance, and to understand how the product is used so we can improve performance, usability, and reliability.

Where permitted by law, we may also use business contact information for marketing communications about HeyStream. You can opt out of marketing emails at any time.

Where UK GDPR or similar laws apply, we rely on legal bases such as performance of a contract, legitimate interests, legal obligation, and consent where consent is required.

Our legitimate interests include operating and improving HeyStream, securing the service, preventing abuse, understanding product usage, supporting customers, and marketing our services to business users in a proportionate way.

Cookies and similar technologies

We use cookies and similar technologies to keep users signed in, remember settings, support cross-subdomain behavior where needed, measure product and website usage, and protect the service against abuse and reliability issues.

Some cookies are necessary for core functionality. Others support analytics, diagnostics, or convenience features. Browser controls may allow you to block or delete cookies, but some parts of HeyStream may not function properly if you do so.

How we share personal data

We may share personal data with service providers and subprocessors that help us operate HeyStream, such as hosting providers, media infrastructure providers, payment processors, email delivery providers, analytics and observability vendors, authentication providers, support tools, and professional advisers.

We may share data with integration partners or other third parties when you or our customer chooses to connect those services to HeyStream.

We may also disclose personal data when required by law, to enforce our terms, to protect rights or safety, in connection with a corporate transaction, or with your consent or direction.

For a current operational list of HeyStream's own subprocessors, see our Subprocessors page.

International transfers

HeyStream and some of our providers may process personal data outside the UK or EEA. Where we transfer personal data internationally, we take steps intended to provide an appropriate level of protection, such as using contractual safeguards or relying on other lawful transfer mechanisms where available.

Data retention

We retain personal data for as long as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business operations.

Retention periods vary depending on the type of data, the customer relationship, legal requirements, and whether the data is needed for backup, audit, fraud prevention, or support purposes. When data is no longer needed, we delete it, anonymize it, or isolate it from active use where appropriate.

Security

We use technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. These measures include access controls, authentication controls, infrastructure protections, monitoring, and security-oriented operational practices.

No service can guarantee absolute security, and you are also responsible for keeping your credentials secure and using the service appropriately.

Your privacy rights

Depending on where you are located, you may have rights to access, correct, delete, restrict, object to, or port certain personal data, and to withdraw consent where processing is based on consent.

If we process your data on behalf of a customer, you should usually direct your request to that customer first because they control the data. If you contact us directly about customer-controlled data, we may refer your request to the relevant customer.

If you are in the UK, you may also have the right to complain to the Information Commissioner's Office if you believe your data has been handled unlawfully.

Children's privacy

HeyStream is designed for business and professional use and is not intended for children. We do not knowingly collect personal data from children in circumstances where parental consent would be required. If you believe a child has provided personal data to us inappropriately, please contact us.

Third-party sites and services

HeyStream may link to websites, streaming destinations, embedded services, or third-party tools we do not control. This Privacy Policy does not apply to those third parties, and we encourage you to review their own privacy information.

Changes to this policy

We may update this Privacy Policy from time to time to reflect product changes, legal developments, operational needs, or updated privacy practices. If we make a material change, we will update the date at the top of this page and may also provide additional notice where appropriate.

Contact us

If you have questions about this Privacy Policy, privacy requests, or how personal data is handled in HeyStream, contact us at [email protected].

You can also write to us at the registered office listed above.

Your use of HeyStream is also governed by our Terms of Service. If HeyStream processes personal data on your behalf, you can also review our Data Processing Addendum and our Subprocessors page for the current vendor list that supports the platform.