What is this policy?

Hiya, Inc. (“Hiya” or “We”) values your privacy and we have prepared this Privacy Policy (“Policy”) to help you understand how we collect, use, and disclose information that we obtain about and from users of our mobile phone applications, and corresponding Hiya Web sites (collectively, our “Apps”), and how we use and disclose that information. We explain who we are, why, on what legal basis, and how we process personal information and, if you are the subject of any of the personal information concerned, what rights you have and how to get in touch with us if you need to.

By accepting our Terms of Service and this Policy and/or using our Apps, you agree that your personal information will be handled as described in this Policy. Your use of our Apps, which includes any services available through our Apps, is subject to this Policy and our Terms of Service, not including its applicable limitations on damages and the resolution of disputes. Our Terms of Service are incorporated by reference into this Policy.

Please note that our Apps may contain links to third-party Web sites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites and we are not responsible for the information practices of such websites.‍

Who are we?

We are Hiya, Inc. We are the controller in relation to the personal information processed in accordance with this Policy (except where this Policy explains otherwise).

Our details – options to contact us:‍

• US Office:   701 5^th Ave, Suite 1200, Seattle, WA 98104 USA
• Email: support@hiya.com‍
• Follow this link to contact Hiya Customer Service‍
• Data Protection Officer: dpo@hiya.com
• UK Office: The Brew Eagle House (1^st floor), 163 City Road, London EC1V 1NR, Contact: Kelly Schmitt
• EU/ Hungary office: 1066 Budapest, Mozsár utca 16, 5th floor, Contact: Lilla Szabo

What do our Apps do?

‍Hiya currently offers three mobile applications directly to consumers: Hiya AI Phone, the Hiya Spam Blocker & Caller ID application (“Hiya Spam Blocker”) and Mr. Number (the three together, the “Apps”).  Our Apps, their associated websites, and the services made available via our Apps and websites are sometimes all referred to as the “Services”. 

The Hiya AI Phone app acts as your own personal intelligent call assistant with features like (a) potential detection of scammers by real-time analysis of the content of your conversations, (b) a personal AI assistant to answer calls from unknown numbers and screen them before connecting them to you, and (c) succinct summaries of each phone call you make or receive, pulling important data from each (such as meeting times) and adding them automatically to your calendar.

The Hiya Spam Blocker app enables users to have Hiya: (a) identify incoming calls with a caller name, when available, (b) label calls as potentially fraudulent or unwanted (i.e., spam), (c) automatically forward certain calls, such as spam calls, to a voice messaging system hosted by Hiya, and (d) automatically block certain calls, such as those identified by Hiya as fraudulent.  Mr. Number offers similar features to the Hiya Spam Blocker application, but places an emphasis on your feedback with respect to phone calls that you receive.

The Apps are offered by Hiya on a purely opt-in basis and therefore you will have to affirmatively elect to use it. Similarly, users can disable and/or uninstall the Apps at any time, even after opting in to use them.

‍Whose personal information do we process?

‍We process personal information relating to you if:

• You use our products or services, especially our Apps.
• Your personal information has been provided to us by one of our users. This means that our user granted us access to data stored or otherwise available on or through their device that includes your personal information, for example, data from call and text logs, transcriptions of conversations between one of our users and you, and voicemails that you leave on a user’s device. When you call one of our users or are called by one of our users, we may process your personal information in relation to providing our Apps to our users.
• Your personal information has been provided to us by third party sources, including affiliated entities, surveys or questionnaires, marketing companies, data licensors, or public records. In such cases, we rely on the guarantees given by these third parties that they have first obtained your consent to provide us with the information, or that there is some other lawful basis for giving us the information.
• You are someone (or you work for someone) to whom we want to advertise or market our services. In this case, we may have obtained your personal information directly from you (for example, via our Web site) or from another source.

Social Network User IDs

‍In case you are one of our users and access some of our Apps using your social networking account credentials, we may obtain information from Facebook, LinkedIn, X, or Google+.  If you log into our Apps using these social networking accounts, you must enter your social networking account email address and password. We will ask that you grant us permission to your social networking account user IDs which we will use to authenticate your use of our Apps. Since your social network account user ID is unique, we do not have to create a new ID ourselves. Instead, we will use your social network account user ID to identify you as a user from within our Apps. If you allow us to have access to your social network account user ID, then our Apps may be visible on your social network page that lists your “applications.”

We store your social network account user ID that we receive from your social network account along with other information that we collect from you or receive about you. The third-party social networking site will know that you are a user of one or more of our Apps along with certain usage information. For information about how the social networks may use and disclose this information, including any information you make public, please consult their respective privacy policies. We have no control over how any third-party site uses or discloses the personal data it collects about you. Any access to and use of a social network is not governed by this Policy, but instead of governed by the policies of those social networks. We are not responsible for the information practices of such social network websites.

‍Children Under the Minimum Age

‍Our Apps are not designed for children under the Minimum Age (as defined in our Terms of Service) and Hiya does not knowingly make its Apps available to Children under the Minimum Age. If you are under the age of the Minimum Age, you may not download the Apps or use the Apps, you may not use any feature that requires registration, and you may not provide us with any of your personal details. If we discover that a child under the Minimum Age has provided us with personal information, we will delete such information from our systems.

‍What personal information do we process?

‍We may obtain information about you in a variety of ways, including when you call, email or otherwise communicate with us (including through social media), or when you participate in events or other promotions. We also collect information given directly by you, by third parties (e.g., data providers, social networks), and automatically as you use our Apps. The personal information relating to you that we process may include the information set out below.

The information that we collect, whether from you directly or automatically from your use of the Apps, may be considered personal information in certain jurisdictions or personal data under the European General Data Protection Regulation (the "GDPR"). Whenever we refer to personal information in this Policy, it means personal information or personal data as defined by applicable laws in the relevant jurisdiction.

A key component of the Hiya AI Phone app is to act as your virtual personal assistant (an “AI Assistant”) by having the AI Assistant answer your calls and either put the caller through to you, send them to voicemail, or end the call (e.g., in situations in which the AI Assistant has determined that the call is either fraudulent or spam-related). The AI Assistant will also transcribe and summarize conversations on your behalf, whether the conversation is between the caller and the AI Assistant or the caller and you. These transcriptions and summaries are processed by and on behalf of Hiya in the cloud, but are stored permanently on your device only.

A key component of the Hiya Spam Blocking and Mr. Number apps is to assist you in identifying telephone calls, including potentially unwanted telephone calls, as well as either blocking or automatically forwarding incoming calls that we have identified as potentially fraudulent to a voice messaging system hosted by Hiya. To forward these calls, we may collect call and text log information automatically from your device and the audio recordings if a caller leaves you a voice message.

‍In addition, if you sign up to use the Apps, we may also process the following personal information relating to you:

• Your name, phone number, IP address and general physical location (e.g., your current country)
• Numbers stored in your contacts
• The number dialing into your device
• Real-time audio
  
  • Hiya AI Phone will process the content of conversations as they are happening in order to detect conversations in which the caller appears to be pursuing fraud or is using an altered, synthetic voice.
  • Hiya AI Phone also transcribes a phone call as it is happening, and we use a third-party cloud service provider to convert the audio to text.
• Audio recordings (we store call recordings as part of the voice messaging service with our third-party platform, cloud storage or telecom provider).  
• If you make data available to us via various social media platforms: your user ID
• Search strings when you look up a phone number from within the Hiya Spam Blocker and Mr. Number apps (e.g., when searching for comments made by other users on a particular phone number), as well as your location and IP address at the time of query
• App store or mobile device ID (or other persistent identifier as permitted by the manufacturer or created by Hiya)
• Mobile carrier/network on which your device is registered
• Your preferred language
• Device name and model; operating system type, name, and version
• Your activities within the Apps
• The length of time that you may be logged into an App
• Payment data, for those Apps with associated fees

If you contact us, we will collect whatever information you choose to provide in your correspondence with us.  Often this includes your phone number, email address or other contact details.

‍We may combine this information with other information that we have collected about you, including, where applicable, your username, name, phone number, device ID, and other personal information. Please see “Our Use of Cookies and Other Tracking Mechanisms” for more information.

‍User Generated Content

‍We invite you to contribute information when you use our Apps, including your comments in spam reports, whether you considered a call spam or not spam, spam category (e.g., fundraising or political), name corrections and any other information that you would like to be available on our Apps. In some versions of our Apps, you also may have the option to send a picture or your location through our Apps to someone that you call or message. Please note that these pictures will not be available to all users, only to the receiver of the sent picture. Note that we will not text or call any of your contacts without your explicit consent.

If you contribute information to our Apps, especially by posting user comments with respect to phone numbers that have placed calls to you, your posting may become available to others.  We cannot prevent others who have accessed this information from using it in a manner that may violate this Policy, the law, or your personal privacy, so please be cautious when sharing.  In general, if you choose to upload, post, transmit, or otherwise disclose information about other people to us, you confirm that you have the authority to use and share such information.

‍What do we do with your personal information?

‍We may process personal information as necessary to perform our contract with you, for our or third parties’ legitimate interests (especially to provide our Apps to you and other users), and to assist our users in identifying potentially unwanted telephone calls and handling such calls.  Processing may include the following, depending on which of the Apps you use:

• Matching the information in your phone logs and contacts with numbers from the calls you make or receive, in order to properly display the caller name and to make it much less likely these calls will be labeled as spam or fraud.  We also may store this information for subsequent data validation for both you and other users of our Apps and other products;
• Transcribing and summarizing conversations between a caller and your AI assistant and/or you;
• Transcribing and summarizing conversations between you and people that you call;
• Analyzing a call’s audio in real time to determine if the caller’s voice has been digitally altered or synthesized or if the caller is using words and phrases that typically indicate commission of fraud;
• If you contact us, processing whatever personal data you provide in order to communicate with you about your use of our Apps, to respond to your inquiries, and for other user services purposes;

We also process data:

• To tailor the content and information that we send or display to you, to offer location customization, personalized help and instructions, and to otherwise personalize user experiences while using our Apps;
• To send you push notifications. For example, if you missed a call and the number was not in your address book, but we knew the name of the caller, we may send you a notification;
• To better understand how users access and use our Apps, both on an aggregated and individualized basis;
• To improve our Apps, and for research and analytics purposes;
• To administer our Apps, and other systems, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• To improve our Apps to ensure that content is presented in the most effective manner for you and for your device;
• To keep our Apps and other systems safe and secure;
• For marketing and promotional purposes, based on your consent. For example, we may use your information, such as your email address, to send you:
  
  • news and newsletters, special offers, and promotions, or to otherwise contact you about products; or
  • information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third party websites.

In case you are not one of our users, but you made a call to one of our users or received a call from one of our users, we may process your personal data for the following purposes based on our, our users’ and third parties’ legitimate interests:

• To provide information to our users at the moment when you contact one of our users and if you leave a voice message for our users;
• To communicate with you about the information we hold about you, to correct the information that we may display about you and to respond to your inquiries;
• To improve our Apps, and for research and analytics purposes;
• To administer our Apps, and other systems, including troubleshooting, and data analysis, testing, research, statistical and survey purposes; and
• To keep our Apps and other systems safe and secure;

To be able to provide the core, acknowledged feature of our Apps (i.e., spam and fraud prevention and AI personal assistant services), it is essential to collect certain call-related data not just about our users, but also about the party on the other end of the phone call:

• firstly, because we collect the data automatically and in-real time, therefore it is simply technically not possible to only obtain data about our users;
• and secondly, to be able to help protect our users from spam and fraudulent calls, we need to identify the party on the other end of the phone call as spam/fraud or not.

Where we rely on our and our users’ legitimate interests to identify unwanted callers and protect them from spam and fraudulent calls, we have carried out appropriate legitimate interest assessments (“LIA”) to demonstrate that we have compelling legitimate grounds for the processing which override the fundamental rights and freedoms of the people whose personal data we process. For more details on the LIA please contact us at the following e-mail address: dpo@hiya.com. The LIA is made available to you upon request.

Also, we are dedicated to provide sufficient information on our data processing in this Policy and ensure adequate and easy access to data subject rights not just for our users but for anyone, whose personal data we collect. If you want to know more about what rights you have or how you can exercise them, please see the Section “What are your rights?” and “How can you exercise your rights?” of this Policy by following this link.

‍Who do we disclose your personal information to?

• Affiliates. We may disclose the information we collect to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personally identifiable information will be subject to this Policy.
• Business Users. We may provide your information to business users of our products (e.g., user support centers) so that they can improve their calling operations and marketing practices. For example: We may share your anonymized complaint data with businesses such as call originators so that they become aware of the nuisance they are causing.
• Users of the Apps and Our Other Products. Because your information may be used for validation of information in our database, we may disclose certain personal information to other users of the Apps and of our other services that rely on our database of information. For example: If you provide us with your name and you call another user, then we may show your name to the other user so they know who is calling.
• Service Providers. We may disclose the information we collect from you to third party vendors, service providers (customer and marketing support, payment partners, technical partners), contractors, or agents who perform functions on our behalf. For example, if an unknown number has called you and we do not have sufficient information about the number then we may ask a third-party data vendor for help in identifying that number.
• Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.
• In Response to Legal Process. We may disclose your information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a subpoena.
• To Protect Us and Others. We may disclose your information where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which we are involved. We may, on a strictly confidential basis, also disclose your information to our legal and professional advisers, where we believe it is necessary for the compliance with laws and the protection of our legal interests.
• Aggregate and De-Identified Information. We may share aggregated, de-identified information (which is not considered personal data) with third parties for marketing, advertising, research, or similar purposes.

What are the legal grounds and purposes for our processing of your personal information?

‍The legal bases on which we process your personal information is described below:

• We process your personal information as necessary to perform our contracts with you, or to allow us to take steps at your request prior to entering into such a contract;
• In cases where this is necessary and you give us your consent to the processing of your personal information, we also rely on consent in relation to the processing concerned (see below for how to withdraw your consent at any time).
• Otherwise, we will process your personal information where the processing is necessary:
• for the purposes of the legitimate interests pursued by us, our users and third parties to identify unwanted callers and protect mobile users from spam and fraudulent calls;
• for compliance with a legal obligation to which we are a subject;
• for the protection of your vital interests or those of another person;
• for the performance of a task carried out in the public interest, insofar as the processing has a basis in Union or Member State law.

More specifically, and in some cases in addition to the purposes described above, we may use the information we collect for a variety of other purposes, such as the following:

‍Performing Our Services

• Maintaining or servicing accounts, providing customer service, operating our Apps; processing or fulfilling orders and transactions, verifying user information, processing payments;
• Communicating about the products and services we offer, and responding to requests, inquiries, comments, and suggestions;
• Providing social or community features including publicly displaying comments that you voluntarily post;

Internal Research

• Understanding and evaluating how our Apps and features perform with our users;
• Uncovering insights about usage in order to improve the Apps and provide customers with enhanced features as well as inform our development of new features and products;
• Development of customized or personalized experiences of our Apps, such as remembering your information, so you do not have to re-enter it each time you use one of our Apps;
• Using proprietary automated methods of analysis, we use voicemail recordings and transcripts to determine spam and unwanted calls and improve our blocking technology;

Auditing Interactions with Our Users

• Measuring usage of our Apps;
• Measuring our advertising and marketing activity (e.g., measuring how a user was acquired)

Security

• Providing our users with a secure experience and to take measures to protect our Apps from cyber risks;
• Protecting against, identifying, investigating, preventing, and responding to fraud, illegal activity (such as incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities, including by enforcing the terms and conditions that govern the Apps we provide;

Debugging/Repair

• Identification and repair of impairments to intended, existing functionality of our Apps;
• Marketing, including understanding users in order to more effectively market our Apps;
• We use your email (with your consent where required) to send you information about our Apps and exclusive offers;

Quality and Safety Maintenance and Verification

• Activities related to improving the quality of the Apps we provide, including upgrade or enhancement of the Apps;
• Verification or maintenance of the quality or safety of Apps;
• Tracking and responding to quality and safety matters;

Protecting our rights and property

• Complying with legal or regulatory requirements, judicial process, industry standards, and our company policies;
• Other purposes that may be described at the time you choose to provide personal information to us.

We may also aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose, and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis and business planning – without restriction.

‍Where do we process personal information?

‍The information that we process in relation to you may be transferred to, and stored at, a destination outside the jurisdiction where you are located. If you are located in the European Economic Area ("EEA") your personal data may be transferred outside the EEA to a destination that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who work for us or for one of our partners. Your information, for example, could be transferred to the USA, Canada, Brazil, Singapore and Australia.

Where personal information is transferred in relation to providing our services we will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards and that it is treated securely and in accordance with this Policy, such as relying on a recognized legal adequacy mechanism which may include entering into EC approved standard contractual clauses relevant to transfers of personal information.

Following the European Commission Implementing Decision (EU) 2021/914, we have reviewed our existing SCCs and also adopted additional measures to ensure maximum compliance with the new requirements regarding international data transfers arising out of the above decision. On July 17, 2023, the European Commission issued an adequacy decision on the EU-U.S. Data Privacy Framework (DPF), at this moment we do not hold this certification.

‍How long do we process personal information for?

‍We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose. We may retain some of your information even after you uninstall or disable an App or close your account, except if you instructed us otherwise.

In particular, we may continue to process information from your call logs and spam reports, which you granted us access to before uninstalling or disabling an App or closing your account, strictly for statistical purposes, in order to enable us to improve our algorithms and our services. We will not use this information for any other purposes, and the processing will have no effect on you or any other natural person. The information will not be shared with any third parties, and we take appropriate measures to ensure that the information is safe with us.

‍What are your rights?

‍You may make the following requests in relation to personal data relating to you that we process. Your rights and our obligations under the applicable law in relation to such requests may depend on the circumstances:

• You may request access to the personal data concerned (please see the section on obtaining access to your personal data below).
• You may request that incorrect personal data that we are processing be rectified by clicking here‍.
• You may request that we erase the personal data concerned.
• You may request the restriction of processing of your data.
• You may object to processing.
• You may request to receive personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another controller.
• You may withdraw your consent at any time, after which we shall stop the processing concerned. This, however, does not affect the lawfulness of the processing based on your consent before it was withdrawn.

Your State Law Privacy Rights

‍If you are a resident of a state that has enacted State Privacy Laws, you may have additional rights regarding our use of your Personal Information. To learn more about your privacy rights under State Privacy Laws, visit our U.S. State Consumer Rights Privacy Notice.

‍How can you disable the call forwarding feature in the Hiya Spam Blocker app?

‍You can stop all information collection by the App by disabling call forwarding and deactivating your account by following the instructions on the App’s Protect screen and then uninstalling the App using the standard uninstall process for your device. If you uninstall the App from your mobile device, the unique identifier associated with your device will continue to be stored. If you reinstall the App on the same mobile device, we will be able to re-associate this identifier to your previous transactions and activities.

‍How can you exercise your rights?

‍You may exercise your rights, including your right to withdraw your consent and access to your personal data, by:

• contacting us at Hiya Customer Service
• writing to us at any of the addresses specified on the top of this document.

You may also modify personal information that you have submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the App for a period of time.

Please note that we may be required to ask you for further information so we may confirm your identity before we respond to your request.‍If you have a complaint about any processing of your personal data being conducted by us, you can contact us or lodge a formal complaint with a supervisory authority, in particular in the European Union member state of your habitual residence, place of work, or the place where the infringement of your rights took place. The list of competent supervisory authorities is available here. Also, you may bring a proceeding against us, as data controller before the courts of the EU member state of our establishment or your habitual residence, if you consider that your rights under the GDPR have been infringed.

In addition to the above tools, and as referenced in this Policy, any affected individual may contact our Data Protection Officer with an objection or policy concern via e-mail at dpo@hiya.com.

‍Security

‍We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer/phone, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

‍Do We Rely on Automated Decision-Making, including Profiling?

‍While the Apps do not rely on automated decision-making where the decision would have a legal (or similar) effect on you, we do make use of automated profiling of spammers and unwanted callers by categorizing them as a type of nuisance or fraud calls, as this is essential to offer our Apps.

However, in any case, if you suspect or become aware that your phone number has been falsely categorized as spam or a scam, you have several options to object and challenge the decision, and require human intervention to correct it, if warranted. For further details about how you may report such a problem, please see Section “How can you exercise your rights?” of this Policy by following this link.

We also regularly monitor whether our data and the derived profiles are up-to-date and accurate.

‍Our Use of Cookies and Other Tracking Mechanisms

‍We and our third-party service providers use cookies and similar technologies, including mobile application identifiers, to track information about your use of our Apps, help us recognize you across different Apps, improve your experience, increase security, measure use and effectiveness of our Apps, and serve advertising. We may combine this information with other personal information we collect from you, and our third-party service providers may do so on our behalf.

You may leave an App by linking to one of our Hiya Web pages (such as hiya.com and mrnumber.com), which also use cookies. Similarly, logging in through a social network subjects you to their respective cookie policy. You can control cookies through your browser settings and other tools.

Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking. Specifically, you may turn off location tracking by changing the settings on your mobile device, although some features of the Apps may not be available if you do. By using or visiting our Apps, you consent to the placement of cookies and beacons in your browser and HTML based emails in accordance with this Policy, which incorporates by reference our Hiya Website Privacy Policy.

‍Frequency of Communications

‍If you have given your consent, we may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any services you have requested or received from us.

‍Changes to this policy

‍This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post changes to this Policy on our Apps. If we make any changes to this Policy that materially affect our practices with regard to the personal information, we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Apps and their corresponding Web sites, sending a push notification, or displaying on any of the Web sites associated with our Apps.

‍

‍

‍

‍