Privacy Policy

Last updated: 12 June 2026

1. Who We Are

Heynow is an AI-powered customer support platform owned and operated by Biz Hero (Pty) Ltd ("we", "us", "our"), a company incorporated and operating in the Republic of South Africa (bizhero.tech). We provide businesses ("Clients") with an embeddable chat widget powered by artificial intelligence, allowing their website visitors ("Visitors") to receive instant support. All client relationships are with Biz Hero (Pty) Ltd.

Biz Hero (Pty) Ltd is the Responsible Party in terms of the Protection of Personal Information Act 4 of 2013 ("POPIA") in respect of personal information we collect directly from Clients. In respect of Visitor data processed on behalf of Clients through the Heynow widget, we act as an Operator under POPIA.

Contact us at: privacy@heynow.tech

2. Personal Information We Collect

2.1 From Clients (businesses that sign up)

  • Full name and email address of the account holder
  • Business name and website URL
  • Payment information processed securely by PayFast or Lemon Squeezy (we do not store card numbers)
  • Subscription and billing records
  • Knowledge base content uploaded to the platform
  • Portal usage activity and log data

2.2 From Visitors (end-users of the chat widget)

  • Chat messages sent through the embedded widget
  • Session metadata (timestamps, approximate session duration)
  • Any personal details voluntarily shared within the conversation

We do not require Visitors to create an account or provide identifying information to use the chat widget. The Client is the Responsible Party for Visitor data collected through their widget deployment.

2.3 Automatically Collected Data

  • Server logs (IP addresses, browser type, pages accessed, timestamps)
  • Usage statistics for message volume and widget interactions

3. How We Use Personal Information

We process personal information for the following lawful purposes:

  • Service delivery: to provision, maintain, and operate the platform and chat widget
  • Billing and subscriptions: to process payments, issue invoices, and manage your subscription via PayFast (ZAR) or Lemon Squeezy (USD)
  • AI processing: to generate responses to Visitor queries using our AI models (processed via OpenAI's API)
  • Knowledge base retrieval: to match Visitor questions against your uploaded knowledge base content
  • Account management: to authenticate users, send verification and transactional emails, and manage settings
  • Security and fraud prevention: to detect, investigate, and prevent unauthorised access or abuse
  • Service improvement: to analyse usage patterns and improve the platform (in aggregate, anonymised form)
  • Legal compliance: to comply with applicable South African law including POPIA and tax legislation

4. Sharing of Personal Information

We do not sell personal information. We share it only as follows:

4.1 AI Processing — OpenAI

Visitor chat messages and relevant knowledge base excerpts are transmitted to OpenAI's API to generate AI responses. OpenAI processes this data as a sub-processor under a data processing agreement. Messages are not used to train OpenAI's models. See OpenAI's Privacy Policy.

4.2 Payment Processing — PayFast & Lemon Squeezy

South African customers are processed by PayFast (Pty) Ltd, a South African PCI-DSS compliant payment gateway (see PayFast's Privacy Policy). International customers are processed by Lemon Squeezy, a global payment provider and Merchant of Record (see Lemon Squeezy's Privacy Policy). Heynow does not store payment card details.

4.3 Hosting and Infrastructure

Our platform is hosted on servers in the European Economic Area. Reasonable contractual safeguards are in place for cross-border data transfers.

4.4 Legal Requirements

We may disclose personal information if required by South African law, court order, or to protect the rights, property, or safety of Biz Hero (Pty) Ltd, our Clients, or the public.

5. Data Retention

  • Client account data: retained for the duration of your subscription, plus 90 days after account closure to allow for re-activation or billing disputes
  • Conversation history: retained while your subscription is active; deleted within 30 days of account closure
  • Invoices and billing records: retained for 5 years as required by South African tax law
  • Server logs: retained for up to 90 days for security and diagnostic purposes
  • Knowledge base content: retained until deleted by the Client or upon account closure

6. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

  • Access: request confirmation of whether we hold personal information about you and obtain a copy
  • Correction: request that inaccurate or incomplete information be corrected or updated
  • Deletion: request the deletion of personal information we are no longer legally required to retain
  • Objection: object to the processing of your personal information on reasonable grounds
  • Withdrawal of consent: where processing is based on consent, withdraw it at any time
  • Complaint: lodge a complaint with the Information Regulator of South Africa at www.justice.gov.za/inforeg

To exercise any of these rights, contact us at privacy@heynow.tech. We will respond within 30 days.

Note: Visitors wishing to exercise rights over data collected through a Client's widget should contact that Client directly, as the Client is the Responsible Party for Visitor data.

7. Cookies and Tracking

7.1 Strictly Necessary Cookies

The following cookies are essential for the platform to function and are set without requiring your consent:

  • heynow-session — stores your authenticated session. Expires when your browser session ends or after 120 minutes of inactivity.
  • appearance — remembers your light/dark mode preference. Expires after 1 year.
  • sidebar_state — remembers whether the portal sidebar is expanded or collapsed. Expires after 7 days.

7.2 Analytics Cookies

We collect analytics data to understand how visitors use our website and to improve our platform. This includes:

  • analytics_consent — stores your cookie preference on this device. Expires after 1 year.
  • Site analytics — we record page paths visited, approximate geographic location (country level, derived from your IP address), device type, and browser type. IP addresses are not stored permanently.
  • Google Analytics — Google Analytics may set cookies such as _ga and _gid to measure traffic and usage patterns. See Google's Privacy Policy for details.

A notice banner is shown on your first visit. You can opt out of analytics tracking directly from that banner, or by clearing your browser cookies to reset your preference.

7.3 Widget Cookies (on Client websites)

The embeddable chat widget uses sessionStorage (not persistent cookies) on the Client's website to maintain conversation continuity within a browser session. This data is cleared automatically when the browser tab is closed. No persistent tracking identifiers are set on Visitors' devices by the widget.

8. Security

We implement industry-standard technical and organisational measures to protect personal information, including:

  • TLS encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Two-factor authentication available for Client accounts
  • Access controls limiting personal information to authorised personnel
  • Regular security reviews of our platform and dependencies

No method of transmission over the internet is completely secure. In the event of a data breach that poses a risk to data subjects, we will notify the Information Regulator and affected parties as required by POPIA.

9. Children's Privacy

Heynow is a business-to-business platform operated by Biz Hero (Pty) Ltd, and is not directed at children. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected such information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify Clients by email or via the portal. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions or to exercise your rights, contact our Information Officer:

Biz Hero (Pty) Ltd — Information Officer
Website: bizhero.tech
Email: privacy@heynow.tech