How we handle your data.

By accessing the HeyHomie website or using our services, you consent to the privacy terms outlined here. This policy covers our online activities, our web application and our mobile experiences.

We work on a consent-driven model. Wherever a choice is meaningful, we ask. Wherever data flows out of your control — even to a trusted partner like Meta, Google or a payment gateway — we tell you why before it happens.

HeyHomie is built and operated in India by Homepreneur Solutions Pvt. Ltd., headquartered in Bengaluru. Our services are currently offered to sellers and customers in the Indian market. We plan to extend availability to additional markets over time; when we do, this policy will be updated to reflect any region-specific obligations that apply.

Until then, this policy is governed by the laws of India, and our processing of personal information aligns with applicable Indian data-protection rules, including the Digital Personal Data Protection Act, 2023 and the principles of the Information Technology Act, 2000 and its rules.

We collect the following categories of information:

Direct contact data

• Name, email address and phone number
• Message contents and attachments you send to us

Account registration

• Contact details for the seller and authorised team members — name, company name, business address, email, phone
• Business documents required to provision a WhatsApp Business API number on your behalf

Operational data

• Catalog, pricing, orders, payments, shipments, conversation transcripts and customer records you create inside HeyHomie
• Integration data you authorise — for example, a connected Google Sheet, a payment gateway account or a shipping aggregator

Behavioural and product-usage data

• How you and your team use HeyHomie — pages viewed, features used, errors encountered, performance metrics
• Anonymised aggregates of platform-wide patterns that help us improve the product

The information we collect is used to:

• Operate, maintain and secure the platform
• Provision your WhatsApp Business API number, store, payments, shipping and CRM
• Personalise your in-product experience — suggestions, recommended automations, smart defaults
• Detect and prevent fraud, abuse and unauthorised access
• Communicate with you about your account, billing, releases and support
• Improve product quality, reliability and performance based on aggregated behavioural signals

What we do not do. We do not sell, rent or trade your personal information or your customer data. We do not use it to power third-party advertising, audience syndication or any external marketing activity. Period.

How we use behavioural data. When we capture how the product is used, that signal is used exclusively to make HeyHomie better for you — fixing rough edges, prioritising features, personalising the in-app experience. It is never packaged, monetised or shared with parties outside our processing pipeline.

When you use HeyHomie as a seller, the customer records, conversations, orders and analytics created on your account belong to you. We act as a data processor. You decide what to collect, what to retain and what to delete.

• You can export your customer list, conversation transcripts and order history at any time.
• You can delete individual customer records, conversations or your entire account; deletion is propagated to backups within 30 days.
• We do not claim ownership, repurpose your customer list for other sellers, or use it for our own outreach.
• You are the data controller for your customers’ personal information; HeyHomie is the data processor providing the infrastructure. You are responsible for obtaining the consents you need from your customers and for complying with applicable law in the markets you sell into.

If a seller ends their contract with HeyHomie, their customer and conversation data is retained for a short window to allow re-activation or export, then permanently deleted.

HeyHomie follows standard log-file procedures. The information collected includes:

• IP addresses
• Browser type and operating system
• Internet service provider (ISP) information
• Date and time stamps
• Referring and exit pages
• Number of clicks and request paths

These data are not directly personally identifying and are used to analyse trends, debug issues and harden security. Logs are retained on a rolling 90-day window unless required for a security or fraud investigation.

The platform uses cookies to remember your preferences, keep you signed in and understand how the product is used. We use the minimum cookies necessary to operate the service plus a small number that help us measure and improve performance.

You can accept or decline non-essential cookies through your browser settings. Declining strictly necessary cookies may prevent parts of the website or product from working as expected.

HeyHomie integrates with services such as Meta (WhatsApp Business API), Google, payment gateways and shipping aggregators. Where data flows to those services, it does so only to deliver the feature you have enabled — for example, sending a WhatsApp template, collecting a payment, generating a shipping label.

We do not control the privacy practices of these external providers. We encourage you to review their respective privacy policies. We will never share your data with third parties for marketing, profiling or advertising purposes.

A note on compliance posture. HeyHomie is not certified GDPR-compliant. We do, however, design and operate the product around the GDPR principles we believe every modern data platform should follow — consent, transparency, purpose limitation, data minimisation, security and user control. As we extend HeyHomie to markets outside India, we will adapt to the certifications and regulations applicable in those regions.

Today, regardless of where you are, you have the following rights with respect to the personal data we hold about you:

• Right to access — request a copy of the personal data we hold about you.
• Right to rectification — request that we correct information you believe is inaccurate or incomplete.
• Right to erasure — request that we delete personal data we hold about you, subject to retention obligations.
• Right to restrict processing — ask us to pause processing of your data in defined circumstances.
• Right to object — object to specific uses of your personal data.
• Right to data portability — request your data in a structured, machine-readable format for transfer to another service.
• Right to withdraw consent — wherever processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.

We aim to respond to verified requests within 30 days. To exercise any of these rights, email privacy@heyhomie.me.

We treat security as a first-order product concern. The core measures we maintain include:

• Encryption in transit. All traffic between you, HeyHomie and integrated services uses TLS 1.2 or higher.
• Encryption at rest. Sensitive data, including authentication credentials and OAuth tokens, is encrypted with AES-256.
• Access control. Role-based access limits internal access to engineers with an operational need. Access is logged and reviewed.
• Network hardening. Firewalls, intrusion-detection systems, regular patching and routine security reviews protect our infrastructure.
• Backups + recovery. Regular encrypted backups and tested recovery procedures so your data survives the unexpected.

No platform can promise zero risk. If we ever experience a security incident that affects your personal data, we will tell you and the appropriate authorities promptly and clearly.

HeyHomie is built for businesses, not children. We do not knowingly collect personal information from children under the age of 18. If you believe a child has provided personal information through our services, please contact us and we will delete it promptly.

We may update this policy from time to time as the product, our partners or the law evolves. Changes take effect when posted on this page. The “Last updated” date at the top of this page indicates the most recent revision. Significant changes will be communicated in-product or by email where you have provided one.

Overview

HeyHomie is a WhatsApp-based booking chatbot that enables sellers to share Google Sheets availability calendars and schedule appointments via Google Sign-In authentication. We only access the Google data you explicitly authorise.

Information collection and use

Google account information. We use basic profile data (account ID, name, email) to authenticate users and manage HeyHomie accounts. This personalises your experience without accessing additional Google account information.

Google Sheets data (availability calendar). Using the Google Drive API drive.file scope, you can connect Google Sheets files containing availability calendars. We read availability and write appointment bookings. The data serves only to display availability and record bookings — no secondary purposes exist.

Customer / lead data. Seller-provided customer contact details (names, phone numbers) remain visible only to that seller within the app. HeyHomie does not store, share or process customer personal data beyond temporary facilitation of conversations. Only the seller accesses this data.

Data sharing and disclosure

We do not sell, rent or share Google user data or customer data with third parties. Only users and their Google accounts access their Google Sheets data. No external services, advertisers or AI platforms receive Google data. Data written to Google Sheets remains under your control. Information is shared only when legally required.

Limited Use commitment.All Google user data is used exclusively to provide and improve HeyHomie’s scheduling features. We forbid using Google data for advertising, non-service analytics or undisclosed purposes. Google Sheets content is never used to train algorithms or build marketing user profiles.

Security measures

• Encryption in transit. All communication with Google APIs and HeyHomie servers uses TLS 1.2 or higher (HTTPS) encryption.
• Encryption at rest. Sensitive information, including OAuth tokens, is encrypted with AES-256.
• Access control. Role-based access control (RBAC) limits system and data access strictly to authorised engineers with operational needs.
• Token handling. Stored Google OAuth refresh tokens are encrypted in secure databases. Tokens refresh login sessions and access selected Sheets exclusively. You can revoke access at any time through your Google account permissions or by disconnecting the app; stored tokens are deleted immediately upon revocation.
• Network security. Firewalls, intrusion-detection systems and regular security audits protect our infrastructure.

Data retention

Google data. HeyHomie does not retain Google Sheets content on our servers. We fetch or update Sheets in real time during your use of the booking service, then discard the data immediately after processing. Non-sensitive metadata (file ID references) is stored only briefly for session maintenance. Upon Google account disconnection or session termination, all associated tokens and references are deleted within 24 hours.

Customer / lead data. Customer personal information entered into HeyHomie is held only during chat sessions or booking processes — never in permanent storage. Only immediate-function necessary data (appointment time confirmation) is retained temporarily before discarding.

Use of AI and automated processing

HeyHomie does not use artificial intelligence or machine learning services on Google user data. We never send Google Sheets data or account information to AI platforms for analysis, model training or other purposes.

If HeyHomie employs AI services for other features (such as WhatsApp chatbot responses), those AI services operate completely separately from Google user data and never receive or process Google API-obtained information.

Google OAuth and API scopes

HeyHomie strictly follows Google guidance and uses the minimum necessary permissions. We authenticate users via Google Sign-In (OAuth), requesting only feature-necessary scopes. Specifically, the drive.file scope permits viewing and managing only the files you explicitly select. We do not request broad or sensitive scopes such as full Drive access or general Sheets scopes — granting you greater control by choosing specific sheets to share.

The OAuth consent screen clearly identifies HeyHomie’s app name and logo, linking to this privacy policy as required by Google’s verification process.

For questions or requests about this Privacy Policy, your data, or Google API usage, please email privacy@heyhomie.me. For general enquiries, email hello@heyhomie.me. We’re based at Clayworks, Vaishnavi BVS Senate, 178/2, Bannerghatta Rd, Dollar Layout, Phase 4, Bilekahalli, Bengaluru, Karnataka 560078.