Privacy Policy
Effective Date: May 26, 2026 · Last Updated: May 26, 2026
In one paragraph.
HeyFriend is designed for young children. We collect the minimum information needed to make the app work — a device identifier, what your child says during a call (to generate a reply), and the child profile you create. We do not sell data, do not show ads, do not use behavioral profiling, and do not use children's data for marketing. Conversations are processed in real time to generate the character's response and are not used to train AI models. The parent — not the child — sets up the app, agrees to these terms, and can delete everything at any time.
Jex Global Inc. ("we," "us," or "our") operates HeyFriend (the "App"). This Privacy Policy explains how we collect, use, share, and protect information when you and your child use HeyFriend. By using HeyFriend you, the parent or legal guardian, agree to this policy. If you do not agree, please do not use the App.
1. Who this app is for
HeyFriend is intended for children between the approximate ages of 2 and 5, used under the supervision of, and after setup by, a parent or legal guardian. The App is rated for children and falls under Apple's App Store Kids Category guidelines.
Children do not create accounts. There is no chat with other users, no social feed, no public profile, and no third-party advertising. The parent sets a PIN at first launch that controls access to settings, in-app purchases, and external links.
2. Information we collect
a. Parent account information (optional)
If the parent chooses to sign in with Apple, we receive an opaque user identifier from Apple and, on the first sign-in only, the name and email the parent chooses to share. This lets us restore your subscription on a new device. If the parent does not sign in, the App works in device-only mode and we do not have an email address or name on file.
b. Child profile (stored on the device)
During onboarding the parent provides the child's first name, age, interests, and learning goals. This is stored locally on the device in iOS Keychain (encrypted at rest by the operating system). The child profile is used by the App to personalize the conversation ("Hi Maya!") and is sent to our backend with each call so the character can reference it. It is not used for advertising or sold to third parties.
c. Microphone audio during a call
When your child is on a call, microphone audio is streamed to our backend for speech-to-text conversion (so the character can "hear" what your child said). The transcribed text is then sent to an AI model to generate a short reply, which is converted to speech and streamed back to the device. Audio recordings are not stored on our servers — they are processed in memory during the call and discarded immediately afterward. The transcribed text of each call is retained as part of the call history (visible to the parent in Settings) until the parent deletes it.
d. Device identifier
We generate a random UUID on first launch and store it in iOS Keychain. We use it to (i) link your purchases to your installation, (ii) apply rate limits to prevent abuse, and (iii) identify the device to our backend in lieu of an account when the parent has not signed in. This identifier is not shared with advertisers and is not the iOS IDFA.
e. Subscription information
Subscriptions are handled by Apple. We receive subscription status (active, expired, trial) through RevenueCat, which manages the entitlement on our behalf. We never see your payment details or Apple ID password.
f. Crash and diagnostic data
We use Sentry to capture crashes and unhandled errors so we can fix bugs. Sentry is configured to never include personally identifiable information: child name, transcript content, audio, and IP address are stripped before any event is sent. We do not use Sentry — or any other third party — for behavioral profiling or advertising.
3. Information we do NOT collect
- Contacts or address book
- Photos or videos (the camera is used live for the self-cam mirror and never stored)
- Precise location (we do not request location)
- Health, biometric, or fingerprint/face data
- Browsing history outside the App
- Behavioral or advertising profiles
- Payment or financial information (handled entirely by Apple)
4. How we use information
- Operate the App — generate the character's reply in real time, personalize the conversation, schedule trial-reminder notifications.
- Manage subscriptions — through Apple and RevenueCat.
- Diagnose problems — via Sentry crash reports (with PII stripped).
- Respond to parents — when you email support@heyfriend.app.
We do not use data from children for behavioral advertising, retargeting, or training third-party AI models.
5. Third-party service providers
We use the following providers, each strictly for the purpose described:
- Apple — Sign in with Apple, App Store payments, push notifications.
- RevenueCat — subscription state management.
- Anthropic (Claude) — generates the character's text reply from a short prompt that includes your child's first name, age, the message they just said, and the character's persona. Anthropic does not retain this data beyond the request and does not use it for model training (zero data retention agreement). See Anthropic's privacy policy.
- Deepgram — real-time speech-to-text transcription of your child's voice during a call. Audio is processed in transit and not retained.
- Fish Audio — converts the character's text reply to speech. Only the text reply is sent (no audio of your child).
- Vercel — hosts our backend.
- Sentry — crash reporting with PII stripped.
Each provider has its own privacy policy. We use them as "processors" only — they cannot use your data for their own purposes.
6. Children's privacy & COPPA
HeyFriend is designed to be used by children under 13, with parental setup and supervision. Because the App targets children, we follow the spirit of the Children's Online Privacy Protection Act (COPPA):
- The parent sets up the App, provides the child's information, and agrees to this policy on the child's behalf — this constitutes verifiable parental consent.
- We collect only information that is reasonably necessary to operate the App.
- We do not condition the child's participation in the App on disclosure of more information than is needed.
- We do not use children's data for behavioral advertising, profiling, or to build advertising audiences.
- The parent can review, delete, or stop the collection of the child's information at any time, in-app under Settings → Delete profile & all data, or by emailing support@heyfriend.app.
If you believe we have collected information from a child without the appropriate parental consent, please email support@heyfriend.app and we will delete it within 30 days.
7. Storage & security
- Child profile and PIN are stored in iOS Keychain (encrypted at rest by the OS) on the device only.
- Call transcripts are stored in iOS Keychain on the device.
- All network traffic is encrypted in transit (TLS).
- Our backend runs on Vercel; secrets are managed via environment variables and never logged.
- Anthropic, Deepgram, and Fish Audio receive only the data needed to perform their function and do not retain it.
8. Data retention & deletion
- On-device data (child profile, PIN, call history, memory notes): kept until the parent deletes it through Settings → Delete profile & all data, or until the App is uninstalled.
- Server-side records (subscription state, device identifier, anonymized rate-limit counters): kept while the subscription is active and for up to 90 days after cancellation, then deleted or anonymized.
- Crash reports: kept by Sentry for up to 90 days, then deleted.
- Account deletion: email support@heyfriend.app from the address linked to your Apple Sign-In and we will purge any server-side records associated with the account within 30 days. See heyfriend.jexhq.com/delete-account for step-by-step instructions.
9. Your rights
You — the parent — have the right to:
- Access the information we hold about your child.
- Correct any inaccurate information.
- Delete the child profile and all associated data.
- Withdraw consent (uninstall the App and email us to purge any server-side records).
- Opt out of crash reporting by uninstalling the App (we do not offer a partial opt-out — the App functions without an account, but crash reporting is enabled by default to keep the service stable).
To exercise any of these rights, email support@heyfriend.app.
10. California residents (CCPA)
If you are a California resident, you have additional rights under the CCPA:
- Right to know what personal information we collect and how it is used.
- Right to delete personal information we hold about you.
- Right to opt out of sale — we do not sell personal information, including children's information.
- Right to non-discrimination for exercising your rights.
To exercise these rights, contact support@heyfriend.app.
11. International users
HeyFriend is operated from the United States. By using the App you consent to the transfer of your information to the United States, which may have data-protection laws different from those of your country.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced in the App and on this page. Continued use after a change constitutes acceptance of the updated policy.
13. Contact us
For questions, requests, or COPPA-related concerns:
Jex Global Inc.
Email: support@heyfriend.app