Institutional Privacy

Your data is processed and stored within the European Union. Our servers run in Frankfurt (Germany), our database in Zurich (Switzerland), and our AI transcription uses Mistral, a French company with EU-based servers. All processing complies with GDPR.

Your voice and transcripts are never used to train or improve AI models. We use Mistral AI, which contractually guarantees no training on API data. We prioritize data parsimony (Datensparsamkeit) in all our processes.

Recordings and transcripts are automatically deleted after 90 days for free-tier users. Paid users retain data while their subscription is active and can request deletion at any time.

Built by an independent developer in Germany. Not owned by big tech. We don't sell your data to third parties.

The receiver page sets no cookies, requires no account, and runs no third-party analytics. No raw IP is stored. No cross-site tracking. When you submit a voice response, we capture only what helps the sender judge context: browser, OS, language, coarse country (e.g. "DE"), and the referrer hostname (e.g. "linkedin.com", never the full URL). Optionally, you can leave your email.

We use the following services to operate HeySpeak: Supabase (database, Zurich), Cloudflare R2 (file storage, EU), Mistral AI (transcription & summaries, France), Vercel (hosting, Frankfurt), Brevo (email, France), Stripe (payments, Ireland/EU entity), and PostHog (analytics, EU Cloud). All have signed Data Processing Agreements.