Privacy Policy
Last updated: May 8, 2026
Introduction
This Privacy Policy describes how Hebbia Inc. (“Hebbia,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes Personal Data in connection with:
- The following website: https://www.hebbia.com/
- The Hebbia System or Platform (referred to as the “System”)
Collectively, we refer to the above as the “Services.”
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our data protection compliance.
If you have any questions about this notice or how we handle your personal data, including requests to exercise your rights, please contact our DPO at:
Title: Data Protection Officer
Email: privacy@hebbia.ai
Postal address: Hebbia Inc., 233 Spring St, 9th Floor, New York, NY 10013
Personal Data We Collect
Depending on how you interact with us, including through our Website, Platform, or other direct communications (such as email or job applications), we may collect a variety of information, including Personal Data.
When we use the term “Personal Data” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you, such as your name, physical address, telephone number, email address, Internet Protocol (“IP”) address, or other online identifiers.
The specific categories of Personal Data we collect from existing customers and potential customers Include:
- name
- job title
- employer name
- work address
- work email
The specific categories of Personal Data we collect from our potential customers include:
- work phone number
- Internet Protocol (IP) addresses
- Region or General location where your computer or device is accessing the internet
The specific categories of Personal Data we collect from potential employees include:
- name
- phone
The specific categories of Personal Data we collect from existing customers include:
- Personal data contained in Customer Data which is provided by our Customers or processed on their behalf and under their instruction. This may include any of the types of personal data described above (with respect to Users or other individuals whose data is contained in the Customer Data), in accordance with our Data Processing Addendum with the Customer.
How We Collect Personal Data
Directly From You
- When you visit and use the Website, apply for a job, or otherwise interact with us, we collect Personal Data that you share with us.
- When you “Book A Demo” on our website
- When you download corporate materials from our Trust Center
- Through the use of or interaction with our Platform
Through Automated Means
As is true of most other websites, Hebbia’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of Hebbia’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
Hebbia has a legitimate interest in understanding how members, customers and potential customers use its website.
From Third-Parties
Hebbia may receive personal information about individuals from third parties. Typically, information collected from third parties will include further details on your employer or industry. We may also collect your personal data from a third-party website (e.g. LinkedIn).
How We Use Your Personal Data
We generally use the Personal Data we collect for purposes associated with the growth, maintenance, and management of our business. Depending on how you interact with us, we may use your Personal Data in the following ways(and in reliance on the legal bases for processing noted next to them, as appropriate):
- To Provide and Manage the Services. We may use your Personal Data to provide, administer, and manage the Website. We also use Personal Data as otherwise necessary to provide the Services of our System (Performance of Contract; Legitimate Interests).
- To Communicate with You. We use your Personal Data to communicate with you about potential and active participation with our Services (Performance of Contract; Legitimate Interests; Consent).
- To Identify Usage Trends and Make Improvements. We use your Personal Data to understand how you use the Website and identify usage trends (Legitimate Interests; Consent).
- To Satisfy Our Legal Obligations. We use your Personal Data to comply with applicable law and respond to lawful requests and communications from law enforcement authorities and other government officials (Legal Obligations).
- To Maintain Security and Prevent Fraud. We use your Personal Data to help monitor and maintain the security and integrity of the Website as well as our systems and networks (Legitimate Interests; Legal Obligations).
- As Otherwise Permitted, Necessary, or Appropriate. We use your Personal Data as otherwise described in this Privacy Policy or as explained to you at the point of data collection. We will also use your Personal Data at your direction or with your consent. Finally, we will use your Personal Data as we believe necessary or appropriate to protect our rights, privacy, safety, property, and/or those of others (Consent; Legitimate Interests; Vital Interests).
- To Provide and Improve the Services Using AI Technologies. We may use Personal Data to operate, support, and improve the functionality of our System to generate outputs and enhance system performance. We do not use Personal Data contained in Customer Data to train or improve generalized or third-party artificial intelligence or machine learning models. To the extent we use Personal Data to improve our Services, such use is limited to internal purposes such as debugging, performance monitoring, and developing features.
Hebbia does not currently sell your personal information for monetary consideration. To the extent that any disclosure of your personal information may constitute a “sale” or “share” under applicable U.S. privacy laws (including transfers for cross-context behavioral advertising), you have the right to opt out at any time. You may exercise this right by selecting “Do Not Sell or Share My Personal Information” through our cookie preferences (available at the bottom of Hebbia.com or in the cookie consent banner) or by submitting a request through our DSAR form at Hebbia Subject Access Request Form. We share personal information only with subprocessors who are essential to facilitating the delivery of our services. A complete and current list of these third-party subprocessors, including their functions and locations, is maintained in our Data Processing Agreement (DPA), available at hebbia.com/dpa.
We may also gather aggregated data about our services and website visitors for internal analytics, reporting, and improving our Services, and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes.
How We Disclose Or Share Your Personal Data.
The personal information Hebbia collects is stored in virtual resources hosted by third-party service providers. These data storage locations are restricted to the authorized geographic regions set forth in our DPA, available at hebbia.com/dpa. These third parties are contractually prohibited from accessing or using your personal information for any purpose other than providing the specific processing activities outlined in our DPA.
A list of our third-party sub processors can be found here: hebbia.com/dpa. We do not otherwise reveal your personal data to non-Hebbia persons or businesses for their independent use unless: (1) you request or authorize it; (2) it’s in connection with Hebbia-hosted and Hebbia co-sponsored conferences as described above; (3) the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (4) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (5) to address emergencies or acts of God; or (6) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf. We may also gather aggregated data about our services and website visitors for internal analytics, reporting, and improving our Services, and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes.
The Hebbia website connects with third party services such as Facebook, LinkedIn, X (formerly Twitter) and others. If you choose to share information from the Hebbia website through these services, you should review the privacy policy of that service. If you are a member of a third party service, the aforementioned connections may allow that service to connect your visit to our site to your personal data.
Children’s Privacy
The Website is intended for adults. We do not knowingly collect Personal Data from anyone under the age of 16 through the Website.
If you are a parent and think that your child has provided Personal Data on the Website, you can request that the Personal Data be changed or deleted by contacting us here: contact us
How We Protect Your Data
We use commercially reasonable security measures, including physical, technical, and administrative safeguards to protect your Personal Data from loss; misuse; and unauthorized access, disclosure, modification, and deletion.
However, the Internet is not 100% secure. As a result, like all businesses, we cannot guarantee the security of the Personal Data you provide to us via the Website. We encourage you to use caution when using the Internet. This includes not sharing your passwords.
How Do We Store And Retain Your Personal Data
Your personal data is maintained by Hebbia within secure cloud infrastructure managed by our third-party service providers. The specific geographic locations for data storage and processing are governed by our customer agreements and the Data Processing Addendum (DPA) found at hebbia.com/dpa. Hebbia retains service data for the duration of the customer’s business relationship with Hebbia and for a period of time thereafter, to analyze the data for Hebbia’s own operations, and for historical and archiving purposes associated with Hebbia’s services. Hebbia retains prospect data until such time as it no longer has business value and is purged from Hebbia systems. All personal data that Hebbia controls may be deleted upon verified request from Data Subjects or their authorized agents. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us.
U.S International Transfers of Personal Data
Hebbia has its headquarters in the United States, and information we collect about you will be processed in the United States. By using Hebbia's services, you acknowledge that your personal information will be processed in the United States. The United States has not sought nor received a finding of "adequacy" from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, Hebbia provides appropriate safeguards by entering into the European Commission's standard contractual clauses (2021), which are enforceable by data subjects in the EEA. For transfers of personal data from the United Kingdom, Hebbia relies on the UK International Data Transfer Addendum to the EU standard contractual clauses (or, where appropriate, the UK International Data Transfer Agreement) issued under the UK GDPR.
Depending on the circumstance, Hebbia also collects and transfers to the U.S. personal data with consent; to perform a contract with you; or to fulfill a compelling legitimate interest of Hebbia in a manner that does not outweigh your rights and freedoms. Hebbia endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Hebbia and the practices described in this Privacy Statement. Hebbia also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate. Since it was founded, Hebbia has received zero government requests for information.
Marketing
Hebbia may occasionally send you communications about updates, new features, or news related to our Services that we think you might find relevant.
If you have agreed to receive such communications, you may opt out at any time. You have the right to stop Hebbia from contacting you for marketing purposes at any time by clicking the "unsubscribe" link in any marketing email you receive from us. Hebbia will process your opt-out request promptly and within a reasonable timeframe. Please note that even if you opt out of marketing communications, we may still send you transactional or service-related messages necessary for the operation of your account.
What Are Your Data Protection Rights
Hebbia would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right of data portability
- Right to object
- Rights related to automated decision making including profiling
This Privacy Notice is intended to provide you with information about what personal data Hebbia collects about you and how it is used. If you wish to confirm that Hebbia is processing your personal data, or to have access to the personal data Hebbia may have about you, please contact us.
You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Hebbia might have received the data from Hebbia; what the source of the information was (if you didn’t provide it directly to Hebbia); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by Hebbia if it is inaccurate. You may request that Hebbia erase that data or cease processing it, subject to certain exceptions. You may also request that Hebbia cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Hebbia processes your personal data. When technically feasible, Hebbia will—at your request—provide your personal data to you.
Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, Hebbia will provide you with a date when the information will be provided. If for some reason access is denied, Hebbia will provide an explanation as to why access has been denied.
For questions or complaints concerning the processing of your personal data, please complete the following Hebbia Subject Access Request Form.
Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or with your nation’s data protection authority.
To complete a Data Subject Request, you may complete this form: Hebbia Subject Access Request Form.
CCPA Addendum
Introduction
This Addendum supplements our Privacy Policy and applies to the Personal Data of California residents that Hebbia processes on behalf of its customers (each, a “Customer”) in connection with providing the Services. Capitalized terms not defined in this Addendum have the meanings given to them elsewhere in this Privacy Policy or, where applicable, in the agreement between Hebbia and the relevant Customer.
Definitions
“CCPA” means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, Cal. Civ. Code §1798.100 et seq., and its implementing regulations.
“Customer Personal Information” means any Customer Data maintained by Customer and processed by Hebbia solely on Customer’s behalf, that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, to the extent that such information is protected as “personal information” (or an analogous variation of such term) under applicable U.S. Data Protection Laws.
“U.S. Data Protection Laws” means all laws and regulations of the United States of America, including the CCPA, applicable to the processing of personal information (or an analogous variation of such term).
“Service Provider” has the meaning set forth in Section 1798.140(ag) of the CCPA.
CCPA
Roles
When you interact with our Website or contact us directly, Hebbia processes your Personal Data for its own business purposes as described in this Privacy Policy. When our customers use our System, we may process Personal Data on their behalf as part of providing our Services. In those cases, the customer determines how and why the Personal Data is processed, and we process such data in accordance with our agreements with that customer. No Sale or Sharing of Customer Personal Information to Hebbia
We process Personal Data on behalf of our customers and do not sell or share such information for cross-context behavioral advertising as those terms are defined under applicable U.S. Data Protection Laws. We use this information only to provide our Services and in accordance with our agreements with those customers.
Limitations On Use And Disclosure
Hebbia uses Personal Data to provide the Services on behalf of its customers and in accordance with its agreements with those customers and applicable law.
Data Subject Access Requests
Hebbia provides individuals with the ability to exercise their data protection rights as described in this Privacy Policy. If you wish to access, correct, or delete your Personal Data, or exercise any other applicable rights, you may submit a request using this form: Data Subject Request Form. Where Hebbia processes Personal Data on behalf of a customer, we may direct your request to the relevant customer or work with them to respond, as appropriate.
What Are Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect non-essential information from you automatically through cookies or similar technology under legal basis under GDPR Article 6(1)(a)).
For further information, visit allaboutcookies.org.
The Types Of Cookies We Use And How
Cookie Type | Purpose of Use |
|---|---|
Essential Cookies | Essential Cookies are necessary for the operation of our website and cannot be disabled; access to our services is not possible without them. |
Targeted Advertising Cookies | Used to deliver advertising that is more relevant to you and your interests. May also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the website operator’s permission. |
Personalization Cookies | Allow the website to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features. For example, a website may provide you with local weather reports or traffic news by storing data about your general location. |
Analytic Cookies | Help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues. |
How To Manage Cookies
You can customize or change your cookie preferences at any time by accessing our cookie management system by selecting, “Cookie Preferences” at the bottom of Hebbia.com or “Manage Preferences” in the Cookie consent banner. Within these preferences, you may also select “Do Not Sell or Share My Personal Information” to exercise your opt-out right under applicable U.S. privacy laws.
Additionally, your browser may give you the ability to control cookies or other similar technologies or to reject cookies.
Because the options you select relating to cookies and other similar technologies are browser and device specific, you must exercise your choices on each browser and device you use.
For more information about cookies, including how they work and how to manage them, please visit www.allaboutcookies.org.
Privacy Policy Of Other Websites
The Company website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
Questions, Concerns Or Complaints
If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at:
Email: Privacy@hebbia.ai
Address
Hebbia Inc.
233 Spring St
9th Floor
New York, NY 10013
How to Contact our EU Representative
Email: Privacy@hebbia.ai
Address:
Osano International Compliance Services Limited
ATTN: NGFX
25 North Wall Quay
Dublin 1
D01 H104
How To Contact Our UK Representative
Email: Privacy@hebbia.ai
Address:
Osano UK Compliance LTD
ATTN: NGFX
42-46 Fountain Street
Belfast
Antrim
BT1 - 5