Privacy Policy
Last updated: June 2026
Privacy is not a feature at HeyLife — it's the foundation. We collect the minimum data required for the app to work and nothing else.
1. Who we are
HeyLife ("we", "us", "our") is the developer of the HeyLife – YOLO web app and mobile app. We can be reached at: privacy@heylifeway.com
2. What data we collect
On your device (localStorage) — never sent anywhere by default:
| Data | Purpose | Shared with 3rd parties? |
|---|---|---|
| First name | Personalise notification text | No |
| Date of birth | Calculate your life counter | No |
| Tone preference | Select your message category | No |
| Time window preference | Schedule notification timing | No |
| Streak count | Show your streak | No |
| Message history (IDs only) | Prevent seeing same message within 30 days | No |
| Ad consent choice | GDPR compliance — remember your preference | No |
| Anonymous ID (app-generated UUID) | Correlate your data if you create an account | No |
If you create an account (optional) — synced to our servers:
Creating an account is optional and only needed to sync your streak across devices. When you do, the following is copied from your device to our database (Microsoft Azure Cosmos DB) and tied to your email: your first name, date of birth, tone and time preferences, streak, and your message history (including the text of the daily messages you marked as lived). You can export or permanently delete all of it at any time from Settings.
Anonymous usage analytics (only after you consent):
If — and only if — you accept the cookie/privacy banner, we record privacy-first product analytics via Azure Application Insights: page views and a small number of feature events (for example, that an "I lived today" or "share" action occurred). These contain no personal information and no message content. Analytics cookies are disabled. If you decline, no analytics are collected.
What we do NOT collect:
- ✗Email address (unless you create an account — optional)
- ✗Phone number
- ✗Location (GPS, IP-based, or network-based)
- ✗Device identifiers (IDFA, Android Advertising ID)
- ✗Contact list, camera, microphone, or any other device data
- ✗Photos or health data
- ✗Browsing history
3. Why we collect it
Every piece of data we store has a single, specific purpose directly related to making the app work. Lawful basis for processing: Legitimate interest for core app functionality, and your consent for advertising and analytics. We never sell your data to data brokers, and we do not build cross-site advertising profiles beyond what Google AdSense requires once you opt in. Our product analytics (Azure Application Insights) are consent-gated and contain no personal information.
5. Third parties
Google AdSense
Privacy policy ↗What: Serves display advertisements on HeyLife Web
Collects: Ad identifiers, interaction data (impressions, clicks)
When: Only after you accept the cookie consent banner
Firebase Cloud Messaging (Google)
Privacy policy ↗What: Delivers your daily push notification to the browser
Collects: FCM device token (a random string — not PII)
When: Only if you enable browser notifications during onboarding
Microsoft Azure
Privacy policy ↗What: Cloud infrastructure (Functions, Cosmos DB, Application Insights)
Collects: Anonymous telemetry, error logs (no PII in logs)
When: When you use the web app (backend processing)
We have Data Processing Agreements with all third-party processors. Microsoft Azure is GDPR-compliant with Standard Contractual Clauses for EU data transfers.
6. Your rights
Under GDPR (EU) and applicable privacy laws, you have the right to:
- AccessSee what data we hold about you. Contact privacy@heylifeway.com.
- DeletionDelete all your data immediately. Go to Settings → "Delete my data". This clears all localStorage data and sends a deletion request to our backend.
- CorrectionUpdate your name, birthdate, or preferences at any time in Settings.
- PortabilityExport your data as JSON. Email privacy@heylifeway.com.
- Withdraw consentWithdraw ad consent at any time by declining cookies in Settings.
- ObjectObject to data processing by contacting privacy@heylifeway.com.
7. Children's privacy (COPPA)
HeyLife is not directed at children under 13. We do not knowingly collect personal data from children under 13. During onboarding, we enforce a minimum age of 13 years. If you believe a child under 13 has provided us with data, please contact privacy@heylifeway.com and we will delete it immediately.
8. Advertising (AdSense)
HeyLife Web shows Google AdSense display ads to support keeping the service free. Ads are placed below all primary content — never above the daily message and never as interstitials.
AdSense is initialised only after you explicitly accept the cookie consent banner. If you decline, non-personalised or no ads may be shown. You can change your preference at any time in Settings.
9. California residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- • Right to know what personal information we collect
- • Right to delete your personal information
- • Right to opt-out of the sale of personal information
- • Right to non-discrimination
We do not sell your personal information. Google AdSense may use ad identifiers for targeted advertising — this may constitute a "sale" under CCPA. To opt out, decline the cookie consent banner or contact us at privacy@heylifeway.com.
10. Security
All data in transit is encrypted via TLS 1.3. Data stored in Azure is encrypted at rest with AES-256. We do not log PII in our server logs. Application Insights telemetry is anonymised. In the event of a data breach affecting you, we will notify you within 72 hours as required by GDPR.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date and, if material, by in-app notification. Continued use after changes constitutes acceptance.
12. Contact
For privacy requests, questions, or to exercise your rights:
privacy@heylifeway.com