We are in closed alpha — join the waitlist for a chance at early access.

Privacy Policy

Effective date: January 07, 2026 · Last updated: January 07, 2026

This Privacy Policy explains how Heizen Tecnologia Ltda. (“Onnie”, “Heizen”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information when you use our website, product, and services (collectively, the “Services”).

If you have questions, contact us at legal@heizen.io.

1) Who we are

  • Controller / Business: Heizen Tecnologia Ltda., Av. Brig. Faria Lima 1811, Office 1119 — ZIP 01452001, Brazil/São Paulo.
  • Contact: legal@heizen.io

Our Services provide an AI-powered, multi-tenant workspace platform that may include: workspaces, users and teams, activities (approvals/tasks/inputs), forms, database tables/records, automations (actions/workflows), and related features.

2) Scope

This Policy applies to:

  • Website visitors (e.g., marketing pages, docs, forms on our site)
  • Customers and end users who create or use accounts and workspaces
  • Public or shared pages (where enabled) and public forms/activities (where enabled)

This Policy does not cover third-party websites or services you may access through links in our Services.

3) Roles: Customer data vs. our business data

Our platform is designed for organizations. Depending on your relationship with Onnie:

  • Customer / Workspace Owner: Your organization decides what data to put into the platform and how it is used.
  • End user (workspace member): Your use is subject to your organization's policies and instructions.

For data that a customer uploads or makes available in the platform (“Customer Content”), we generally act as a processor / service provider on behalf of the customer (who is the controller / business). We process that data to provide the Services, secure them, and support customers.

For data needed to run our business (billing, marketing, support, security), we act as a controller / business.

4) Information we collect

We collect information in three main ways: (a) provided by you, (b) collected automatically, and (c) from third parties.

4.1 Information you provide

  • Account and profile information: name, email address, authentication identifiers, role in a workspace.
  • Workspace information: workspace name, members, teams, role assignments.
  • Content you submit: records, table data, form submissions, uploaded files, comments, activity descriptions, and other content created in the workspace.
  • Support communications: messages you send to support, feedback, and other communications.
  • Billing information (if you are a paying customer): billing contact info and limited payment details. Payments are typically processed by a payment processor; we do not store full card details.

4.2 Information collected automatically

  • Usage data: feature usage, interaction events, performance metrics, logs, and diagnostic information.
  • Device and technical data: IP address, browser type, device identifiers, operating system, language, and timestamps.
  • Cookies and similar technologies: see Section 8.

4.3 Information from third parties

  • Identity/auth providers (if you sign in via SSO/OAuth): basic profile details (e.g., email, name).
  • Service providers supporting infrastructure, analytics, email delivery, and security.
  • Workspace invitations: if you are invited to a workspace, we may receive your email address from the inviter.

5) How we use information

We use information to:

  • Provide and operate the Services (create accounts, authenticate users, enable collaboration, run automations, deliver notifications).
  • Secure the Services (prevent fraud and abuse, monitor suspicious activity, enforce access controls).
  • Improve and develop (debugging, product analytics, testing, and performance optimization).
  • Communicate with you (service emails, security notices, updates, and support responses).
  • Manage billing and subscriptions (invoicing, plan enforcement, usage tracking, and payment processing).
  • Comply with law (respond to lawful requests, enforce terms, resolve disputes).

Where required, we rely on appropriate legal bases (see Section 6).

6) Legal bases (EEA/UK and similar jurisdictions)

Where applicable, we process personal data under one or more of the following legal bases:

  • Contract: to provide the Services you requested.
  • Legitimate interests: to secure, improve, and operate our Services (balanced against your rights).
  • Consent: for certain cookies/marketing communications where required.
  • Legal obligation: to comply with applicable laws and lawful requests.

7) How we share information

We may share information:

7.1 With service providers (processors)

We use trusted vendors for AI models, hosting, databases, monitoring, email delivery, analytics, customer support, and security. They may process personal data on our behalf under contractual obligations and confidentiality terms.

7.2 Within workspaces

If you are a workspace member, your profile and activity within the workspace (e.g., name, email, role, activity actions, comments) may be visible to other authorized workspace members (e.g., admins, super admins) according to workspace settings and permissions.

7.3 For legal and safety reasons

We may disclose information if we believe in good faith it is necessary to:

  • comply with law or legal process,
  • protect the security or integrity of the Services,
  • prevent fraud, abuse, or illegal activity,
  • protect our rights, property, or safety, or that of our users or the public.

7.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

8) Cookies and similar technologies

We use cookies and similar technologies (e.g., local storage, pixels) for:

  • Essential: authentication, security, and core site functionality.
  • Preferences: remembering settings.
  • Analytics: understanding usage and improving performance.
  • Marketing (optional): measuring campaigns and improving outreach (where applicable).

You can control cookies through your browser settings. If we offer a cookie banner, you can manage preferences there as well. Disabling certain cookies may affect functionality.

9) Data retention

We keep personal data only as long as necessary to:

  • provide the Services,
  • meet legal, accounting, or reporting obligations,
  • resolve disputes and enforce agreements,
  • maintain security and prevent abuse.

Retention periods vary depending on data type and customer configuration. Workspace owners may be able to delete or export certain data. Some logs may be retained for security and auditing purposes.

10) Security

We use administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

11) International transfers

We may process and store information in countries different from where you live. When transferring personal data internationally, we use appropriate safeguards such as contractual protections and, where applicable, standard contractual clauses.

12) Your rights and choices

Depending on your location, you may have rights to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Delete personal data (subject to exceptions)
  • Object to processing or restrict processing
  • Portability (receive a copy in a structured format)
  • Withdraw consent where processing is based on consent

12.1 How to exercise your rights

Email us at legal@heizen.io. We may verify your identity and request additional information to process your request.

12.2 Workspace (customer-controlled) data

If your data is managed by a workspace owner (e.g., your employer), you may need to contact your workspace administrator first. We will support workspace owners in responding to requests when we act as a processor/service provider.

13) U.S. state privacy disclosures (CCPA/CPRA and similar)

If you are a resident of certain U.S. states, you may have additional rights, including the right to know, delete, correct, and opt out of certain processing.

  • Sale/Sharing of personal information: We do not sell personal information as commonly defined by these laws.
  • Targeted advertising: If we use targeted advertising, we will provide opt-out mechanisms where required.

To submit a request, contact legal@heizen.io.

14) Children's privacy

Our Services are not directed to children, and we do not knowingly collect personal information from children under the age required by applicable law (e.g., under 13 in the U.S.). If you believe a child has provided personal data, contact us to request deletion.

15) AI features and customer content

Some features may use AI agents or automation that process inputs you provide (including workspace content) to generate outputs. In such cases:

  • We process inputs and outputs to provide the requested feature and maintain security and reliability.
  • Workspace owners may control what data is sent to AI features through configuration and permissions.
  • Outputs may be saved into the workspace if users choose to store them.

Important: AI-generated outputs may be incorrect or incomplete. Users remain responsible for reviewing outputs before acting on them.

16) Email and communications

We may send:

  • Service communications (account, security, billing, product updates)
  • Workspace notifications (invites, activity updates, workflow notifications)
  • Marketing communications (only where permitted; you can opt out at any time)

To unsubscribe from marketing, use the link in the message or contact legal@heizen.io. You may still receive essential service communications.

17) Third-party links and integrations

The Services may include links to third-party websites or integrations. Your use of third-party services is governed by their own privacy policies. We are not responsible for third-party practices.

18) Changes to this Privacy Policy

We may update this Policy from time to time. If changes are material, we will provide notice as required (e.g., by posting the updated Policy and updating the “Last updated” date, or by sending a notification).

19) Contact us

  • Privacy contact: legal@heizen.io
  • Company: Heizen Tecnologia Ltda.
  • Address: Av. Brig. Faria Lima 1811, Office 1119 — São Paulo — ZIP 01452001
  • Country/State: Brazil/São Paulo