Last updated
12 Jan 2026
HEBB LABS AI (“HEBB LABS”, “we”, “us” or “our”) provides advanced artificial intelligence (“AI”) platforms, products and services (collectively, the “Service”). This Privacy Policy describes how we process personal information that we collect through our websites, applications, APIs, browser extensions, and other products and services operated by HEBB LABS.
For content-safety standards, see our User Safety & Content Policy.
For prohibited or restricted uses, see our Usage Policy.
We may act as a data processor and process personal information in accordance with the instructions of customers, workspace owners, or organisational account holders. In such cases, the privacy policies of the relevant customer or organisation will govern the processing of that data.
Index
Personal information we collect
Tracking and other technologies
How we use your personal information
How we share your personal information
Retention
Your choices
Other sites and services
Security
International data transfers
Children
Changes to this Privacy Policy
How to contact us
Addendum – Notices for specific regions
Personal information we collect
Information you provide to us
Depending on how you interact with the Service, personal information you may provide includes:
Contact data – first and last name, email address, billing and mailing addresses, professional title, company name, phone number.
Account and profile data – usernames, passwords, organisational roles, workspace memberships, and other profile information.
Communications data – information contained in messages, enquiries, feedback, or support requests.
Transactional data – subscription details, transaction history, and billing status.
Marketing data – preferences for receiving communications and engagement with them.
Inputs, prompts and user-generated content – text, images, audio, video, files, prompts, outputs, metadata, and other materials submitted to or generated through the Service.
Derived data – data inferred or generated through AI processing (for example, image, video, audio, or spatial transformations). We do not use such data to identify individuals.
Payment data – collected and processed directly by third-party payment processors (e.g. Stripe); we do not store full payment card details.
Workspace or end-user account data – where authentication or access control is provided on behalf of customers.
Other data – information not specifically listed, used as described at collection or in this Policy.
We ask that you do not provide sensitive personal information (such as government identifiers, health data, biometric identifiers, or criminal history) unless explicitly requested and legally required.
Information from third-party sources
We may receive personal information from:
Public sources and social platforms
Third-party AI providers used to generate outputs
Service providers and business partners
Linked accounts (e.g. Google or Apple sign-in)
Data sources or systems you connect at your direction (via APIs or integrations)
Automatic data collection
We, our service providers, and partners may automatically collect:
Device data – operating system, browser type, IP address, device identifiers, language, approximate location.
Usage data – pages viewed, features used, navigation paths, access times, and duration.
Communication interaction data – email opens, link clicks, and similar metrics.
Execution and sandbox data – files, logs, code, and outputs generated during task execution in isolated environments, retained for debugging and security.
Tracking and other technologies
We use cookies and similar technologies to operate, secure, analyse, and improve the Service. These may include:
Essential cookies for authentication and security
Analytics cookies to understand usage patterns
Functionality cookies to remember preferences
You can manage cookie preferences through browser settings or any cookie management tools we provide.
How we use your personal information
We use personal information to:
Service delivery and operations
Provide, operate, and maintain the Service
Process inputs and generate outputs
Authenticate users and manage accounts
Enable collaboration and workspace features
Provide customer support and service communications
Execute background or scheduled tasks
Personalisation
Customise user experience and communications
Remember preferences and settings
Improvement and analytics
Analyse usage trends
Improve products, services, and features
Develop new offerings
Marketing
Send marketing communications (you may opt out at any time)
Measure campaign performance (with consent where required)
Compliance and protection
Comply with legal obligations
Protect rights, safety, and property
Prevent fraud, misuse, or security incidents
Aggregated and anonymised data
Create de-identified datasets for research, analytics, and service improvement
Retention
We retain personal information only for as long as necessary to fulfil the purposes described in this Policy, including legal, accounting, and security obligations.
Retention periods may vary depending on data type, contractual requirements, and customer instructions. Data is securely deleted or anonymised when no longer required.
How we share your personal information
We may share personal information with:
Our corporate affiliates
Service providers and infrastructure partners
AI and analytics providers
Payment processors
Professional advisers (lawyers, auditors, insurers)
Authorities where required by law
Business transferees in the event of mergers, acquisitions, or restructuring
Other users, where you choose to make content public or shared
We do not sell personal information.
Your choices
You may:
Access or update your account information
Opt out of marketing communications
Manage cookies and tracking technologies
Request deletion of content or account closure
Control integrations and connected services
Requests can be made by contacting us (see below).
Other sites and services
The Service may link to third-party websites or services. We are not responsible for their privacy practices and encourage you to review their policies.
Security
We use technical, organisational, and physical safeguards designed to protect personal information. However, no system is completely secure, and we cannot guarantee absolute security.
International data transfers
We are based in New South Wales, Australia, and may use service providers located in other countries. Personal information may be transferred internationally, including to jurisdictions with different data protection laws. We take reasonable steps to ensure appropriate safeguards are in place.
Children
The Service is not intended for individuals under 18 years of age. If we become aware that we have collected personal information from a child without proper consent, we will delete it as required by law.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date and, where appropriate, notifying users.
How to contact us: hello@hebb.io