HeyLive.chat
Get started

Legal

Privacy Policy

What we collect, how long we keep it, and what we never do with it.

Last updated:

The short version

HeyLive.chat is a live-chat tool you embed on your website. To make that work, we collect the minimum data needed to deliver real-time conversations between you and your visitors — and we delete most of it automatically after 14 days. We never sell your data or share it with advertisers.

Who controls the data

If you signed up for HeyLive as a customer (admin / agent), we are the data controller for your account information.

If you chat through a HeyLive widget on someone else's site, that site owneris the data controller — we're only the processor handling their conversations. Direct deletion requests for visitor data should go to that site owner first.

What we collect

From admins and agents

  • Google account info (name, email address, profile picture) via OAuth
  • The optional public nickname you set in Settings
  • Your workspace name and slug
  • Your quick-reply scripts, widget configuration, and team invites
  • Session cookies issued by Better Auth so you stay signed in

From visitors using the chat widget

  • What you type in the chat (messages, screenshots you upload)
  • The name, account ID, and screenshot you submit in the pre-chat form
  • Your IP address and browser user-agent (for spam / abuse defense)
  • The URL of the page you were on when you opened the chat
  • A random client token stored in your browser's localStorage that links your past tickets together — you can clear it from your browser at any time

How long we keep it

Conversations and messages have a 14-day retention window. An automated cleanup runs hourly to delete anything past that window. Detailed breakdown lives on the Data retention page.

When an agent closes a ticket with the polite-close flow and the visitor submits a rating, the conversation, messages, and visitor row are hard-deleted from the database immediately. The numeric rating + comment survive in anonymized form (no visitor link) so supervisors can track team quality.

Admin/agent account data persists while your workspace is active. If you delete your account, all associated workspaces, agents, conversations, and configurations are removed within 30 days.

What we do NOT do

  • We don't sell your data, ever
  • We don't share it with advertisers or marketing networks
  • We don't use the content of your chats to train any AI model
  • We don't fingerprint visitors across different customers' websites
  • We don't set tracking cookies — only one localStorage entry for ticket history

Subprocessors we use

  • Google Cloud (OAuth) — only to verify admin/agent identity at sign-in
  • Postgres + Redis — runs in our own infrastructure to store conversations and presence
  • Object storage (S3-compatible) — used for uploaded screenshots; files are private and expire with their conversation

Your rights

You have the right to access, correct, export, or delete any personal data we hold about you. Visitor data deletion is automatic via the 14-day window; admin/agent data deletion is a one-click action in account settings (coming soon) or by emailing us.

Contact

Privacy questions, deletion requests, or anything else — reach out via our contact page.