Privacy Policy

Last updated: May 27, 2026

This page applies to all visitors, clients, and users of Heatena LLC ("Heatena," "we," "us," or "our").

1. Introduction

This Privacy Policy explains how Heatena LLC ("Heatena," "we," "us," or "our") collects, uses, stores, and protects information when you use our website, app, communications, and related cybersecurity and privacy-focused services (collectively, the "Services").

2. Information We Collect

We collect the information needed to provide, secure, support, and improve the Services.

a. Account and authentication information: Login ID, password authentication data, account type, alias, session tokens, MFA status, TOTP setup data, passkey/WebAuthn public credential data, backup token records, referral or onboarding source information, and account deletion requests.

b. Product and security-workflow information: Security assessment answers and results, security profile data, recommendations, guide progress, response-plan inputs and generated plans, simulation sessions and event history, team names, team aliases, team invitations, team membership data, saved sync records, and feedback or support messages you submit.

c. Billing information: Subscription status, plan selections, seat counts, checkout metadata, payment records, Stripe customer identifiers, and related billing history. Payment card details are processed by our payment provider and are not stored by Heatena as full card numbers.

d. Notification and communication information: Optional notification email address, notification preferences, delivery records, support requests, and messages we send or receive in connection with the Services.

e. Technical and device information: IP address, request metadata, device or browser type, operating system, app version, error and security logs, cookie or session data for the website, and similar information needed for security, fraud prevention, troubleshooting, and service delivery.

f. Local app data: The app may store authentication tokens, app preferences, and local security settings on your device. Some product records may sync with our servers when you are signed in and connected.

3. How We Collect Information

We collect information when you create or use an account, complete assessments, use simulations or response plans, manage a team, submit feedback, configure notifications, make or manage purchases, contact us, or interact with our website or app. We also collect technical information automatically through normal server logs, security controls, cookies, or similar technologies.

4. How We Use Information

We use information to:

Provide, operate, personalize, and secure the Services;

Create and maintain accounts, authentication, MFA, passkeys, sessions, subscriptions, and team access;

Generate assessments, reports, recommendations, response plans, simulations, and related progress history;

Sync product records across your devices when you are signed in;

Process payments and manage billing;

Send security reminders, service notices, product updates, or promotional messages when enabled or otherwise permitted;

Respond to support, feedback, deletion, and legal requests;

Detect, prevent, investigate, and respond to abuse, fraud, security incidents, service errors, and legal obligations.

5. Analytics, Advertising, and Tracking

Heatena is designed to be privacy-first and does not include third-party advertising. We may still process operational logs and product sync data needed to provide and secure the Services. Our website may use cookies or similar technologies for basic site operation, security, analytics, or performance measurement. We do not sell your personal information.

6. Information Sharing

We share information only as needed to operate, secure, and support the Services:

Service providers: Vendors that help with hosting, infrastructure, payment processing, email delivery, app distribution, security, support, and similar operations.

Team features: If you use a business or team account, certain account, team, progress, invite, membership, and security-profile information may be visible to team owners, administrators, or managed team members as needed for the feature.

Legal and safety: We may disclose information to comply with law, enforce our terms, protect rights, investigate abuse, prevent fraud, or respond to valid legal requests.

Business transfers: Information may be transferred as part of a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate protections.

7. Data Security

We use administrative, technical, and organizational measures intended to protect information from unauthorized access, loss, misuse, alteration, or disclosure. No system is completely secure, and we cannot guarantee absolute security.

8. Data Retention and Deletion

We retain information for as long as needed to provide the Services, maintain accounts and subscriptions, comply with legal and tax obligations, resolve disputes, enforce agreements, prevent abuse, and maintain security records. You may request account deletion from within the app where available or by contacting us. When an account is deleted, we delete or de-identify associated personal information unless retention is required or permitted for legitimate reasons such as security, fraud prevention, legal compliance, billing records, dispute resolution, backups, or audit obligations.

9. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, export, object to, or limit certain processing of your personal information. You can update some account and notification settings in the app. You can also contact us to submit privacy, account deletion, or support requests. You may disable optional notifications at any time.

10. Mobile Platform Permissions

The app may use platform capabilities such as passkeys, local authentication, secure storage, and network access where needed for account security, billing, or service delivery. We do not request access to contacts, precise location, camera, microphone, photos, or similar sensitive device resources unless a future feature clearly requires it and we provide any required disclosures or permissions.

11. International Data Transfers

Information may be processed or stored in the United States or other locations where we or our service providers operate. We use safeguards intended to protect information when it is transferred or processed across borders.

12. Policy for Minors

The Services are not directed to children under 17 years of age, and we do not knowingly collect personal information from children under 17. If we learn that we have collected such information, we will take reasonable steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes to our Services, app features, vendors, legal requirements, or business practices. The updated policy will be posted with a revised "Last updated" date. If changes are material, we may provide additional notice where required.

14. Contact

For privacy questions, rights requests, or account deletion requests, contact: support@heatena.net.