Privacy Policy

1. About This Policy

This Privacy Policy describes how Hey Seven, Inc. (“Hey Seven,” “we,” “us,” or “our”) collects, uses, and discloses Personal Information about individuals who: (a) visit our website at heyseven.ai and related domains (the “Website”); (b) communicate with us in a business context, including prospects, customers, suppliers, candidates, and event attendees (“B2B Contacts”); and (c) access the H7 Platform on behalf of a customer organization (“Platform Users”).

Hey Seven is the data controller (or “business” under California law) for the Personal Information described in this Policy. Our registered office is 12060 NW 67th Ct, Parkland, FL 33076.

2. What This Policy Does Not Cover — Player Data

Hey Seven provides services to casino and hospitality operators. When we process Personal Information about end players or guests on behalf of an operator, we act as a data processor (or “service provider” / “contractor” under California law), and the operator is the controller. That processing is governed by the operator’s privacy notice and our Data Processing Addendum with the operator — it is not covered by this Policy. If you are an end player or guest and have questions about how your data is processed by an operator that uses Hey Seven, please contact that operator.

3. Categories of Personal Information We Collect

The categories of Personal Information we collect depend on how you interact with us:

Sensitive Personal Information. We do not knowingly collect Sensitive Personal Information under California law (such as government identifiers, precise geolocation, racial or ethnic origin, religious beliefs, union membership, genetic or biometric data, health data, or sexual orientation) other than account credentials used to access the Platform. We do not use or disclose Sensitive Personal Information for purposes that would require us to offer a “Right to Limit” under CPRA.

4. Sources of Personal Information

We collect Personal Information from: (a) you directly, when you visit our Website, contact us, request information, attend our events, or use the Platform; (b) automatically, through cookies and similar technologies (see Section 11); (c) third parties, including enrichment and intent-data providers, our customers (where they authorize you to access the Platform), referrers, and publicly available sources; and (d) our service providers (CRM, marketing automation, conferencing, support, analytics).

5. How We Use Personal Information and Legal Bases

For individuals in the European Economic Area, the United Kingdom, or Switzerland, the table below identifies the legal basis under the EU and UK General Data Protection Regulation for each purpose. For individuals elsewhere, the same purposes apply.

Where we rely on consent (for example, for certain cookies or for marketing in jurisdictions that require opt-in consent), you may withdraw consent at any time without affecting the lawfulness of prior processing.

6. How We Share Personal Information

We share Personal Information in the following circumstances:

• Service providers and sub-processors. Vendors that process Personal Information on our behalf, including cloud hosting, customer relationship management, marketing automation, analytics, conferencing, electronic signature, support, and security tooling. Our current sub-processor list is available at heyseven.ai/sub-processors (or by request to legal@heyseven.ai).
• Customers and partners. Where you interact with us on behalf of a customer organization, we may share Personal Information with that organization (e.g., your account activity on the Platform with the operator that controls your account).
• Affiliates. Within Hey Seven’s corporate group, for the purposes described in this Policy.
• Legal and safety. Courts, regulators, law enforcement, or other authorities, in response to valid legal process or where we believe disclosure is necessary to protect our rights, property, or the safety of any person, or to comply with applicable law, including gaming-regulator requirements.
• Corporate transactions. Actual or prospective acquirers, investors, advisors, or their representatives in connection with a merger, acquisition, financing, due diligence, or sale of all or part of our business, subject to appropriate confidentiality obligations.
• With your consent or at your direction. Where you authorize a specific disclosure.

No sale of Personal Information; limited sharing. Hey Seven does not sell Personal Information for money. We do engage in certain sharing of Identifiers and Internet/network activity for cross-context behavioral advertising as defined under the California Consumer Privacy Act (CCPA/CPRA), through advertising and analytics cookies on the Website. You can opt out as described in Section 10. We do not knowingly sell or share the Personal Information of consumers under sixteen (16) years of age.

7. International Data Transfers

Hey Seven is based in the United States. Personal Information we collect may be transferred to, stored, and processed in the United States and in other countries where our service providers operate. These countries may have data-protection laws that differ from those in your country of residence.

Transfers from the EEA, UK, and Switzerland. When we transfer Personal Information out of the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs) (June 2021 version), the UK International Data Transfer Addendum or UK International Data Transfer Agreement, and the Swiss Data Protection Authority’s SCC framework. A copy of the safeguards we rely on for a specific transfer is available on request at legal@heyseven.ai.

8. Retention

We retain Personal Information for as long as needed to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, tax, or reporting requirements, to establish or defend legal claims, or to enforce our agreements. Indicative retention periods:

• Prospect and marketing data: until you opt out or for three (3) years of inactivity, whichever is shorter.
• Customer-relationship data: term of the relationship plus seven (7) years.
• Platform Account information: term of the relevant Customer Agreement plus the period set forth in the DPA.
• Candidate data: up to two (2) years following the close of a hiring process, unless you ask us to keep it longer.
• Security logs: up to twelve (12) months, longer if required for investigation.

When Personal Information is no longer needed, we delete or de-identify it.

9. Personal Data Breach Notification

If we become aware of a personal data breach affecting Personal Information we control, we will: (a) notify the competent supervisory authority without undue delay and, where feasible, within seventy-two (72) hours of becoming aware, where required under GDPR or UK GDPR; (b) notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms or where required by other applicable law; and (c) document the breach and our response. Where Hey Seven processes Personal Data as a processor on behalf of a customer, breach-notification obligations to the customer are governed by the DPA.

10. Your Rights and Choices

10.1 Rights for residents of the EEA, UK, and Switzerland

You have the following rights, subject to applicable conditions and exceptions:

• access to your Personal Information;
• rectification of inaccurate or incomplete Personal Information;
• erasure (the “right to be forgotten”), in defined circumstances;
• restriction of processing;
• data portability, in defined circumstances;
• objection to processing based on our legitimate interests, including for direct marketing;
• withdrawal of consent where processing is based on consent (without affecting prior lawful processing);
• not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (we do not currently make such decisions about you);
• to lodge a complaint with your local data-protection supervisory authority. We would, however, appreciate the opportunity to address your concerns directly first — please write to legal@heyseven.ai.

10.2 Rights for California residents (CCPA / CPRA)

If you are a California resident, you have the rights to:

• know the categories and specific pieces of Personal Information we have collected about you, the sources, the purposes, and the categories of recipients;
• correct inaccurate Personal Information;
• delete Personal Information we have collected from you, subject to statutory exceptions;
• opt out of the “sale” or “sharing” of Personal Information for cross-context behavioral advertising;
• limit the use or disclosure of Sensitive Personal Information (we do not currently use or disclose Sensitive Personal Information beyond purposes that require us to offer this right, but you may submit the request as a precaution);
• non-discrimination for exercising any of these rights.

To opt out of sale/sharing, click the “Do Not Sell or Share My Personal Information” link on the Website footer, configure a Global Privacy Control (GPC) signal in your browser (which we will honor as an opt-out), or write to privacy@heyseven.ai.

Shine the Light (Cal. Civ. Code §1798.83). California residents may request information once per calendar year about Personal Information we disclosed to third parties for their direct marketing purposes in the prior calendar year. We do not currently disclose Personal Information to third parties for their own direct marketing purposes; requests may be sent to privacy@heyseven.ai.

Authorized agents. You may designate an authorized agent to submit a request on your behalf. We may require proof of the agent’s authority and your verification.

Verification. We verify rights requests by matching information you provide with information we hold; for sensitive requests, we may require additional verification.

10.3 Rights for residents of other U.S. states

If you reside in a U.S. state that has enacted comprehensive privacy legislation (including Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Delaware, Iowa, Indiana, Montana, New Jersey, New Hampshire, Minnesota, and Tennessee, plus others as such laws become effective), you may have rights similar to those described above, including access, deletion, correction, portability, and opt-outs from targeted advertising, sale, and certain profiling. If we decline your request, you may have the right to appeal — instructions will be included in our response.

10.4 Marketing communications

You can unsubscribe from marketing emails using the link in any email or by writing to privacy@heyseven.ai. You may still receive non-marketing communications (e.g., security notices, contract administration). Marketing communications comply with applicable laws including CAN-SPAM (US), CASL (Canada), and PECR (UK).

10.5 How to exercise your rights — response timelines

To exercise any of the rights above, write to privacy@heyseven.ai. Our response timelines:

• GDPR / UK GDPR: we respond within thirty (30) calendar days, extendable by up to sixty (60) additional days where necessary, with notice.
• CCPA / CPRA: we acknowledge within ten (10) business days and respond substantively within forty-five (45) calendar days, extendable by another forty-five (45) days, with notice.
• Other US state laws: we respond within the applicable statutory period (typically 45–60 days) and provide an appeal path where required.

11. Cookies and Similar Technologies

The Website uses cookies, pixels, SDKs, and similar technologies for: strictly necessary purposes (sign-in, security, load balancing), functional purposes (preferences), analytics (understanding usage), and advertising (measuring and personalizing campaigns).

Where required by law (notably in the EEA, UK, and certain U.S. states), we request your consent before placing non-essential cookies and honor your selections, including signals such as the Global Privacy Control. You can review and change your choices on our Cookie Preferences page.

12. Children

The Website and the Platform are not directed to children under the age of sixteen (16), and we do not knowingly collect Personal Information from children. If you believe a child has provided us with Personal Information, please contact privacy@heyseven.ai and we will take appropriate steps to delete it.

13. Security

We maintain administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, and destruction, including encryption in transit and at rest where appropriate, access controls, multi-factor authentication for sensitive systems, vendor risk management, security training, and incident response procedures. No security measure is perfect; we cannot guarantee absolute security.

14. Automated Decision-Making and AI

We do not make decisions about you that produce legal or similarly significant effects based solely on automated processing without meaningful human review. We use machine-learning and large-language-model components in the Platform to generate recommendations and outputs; those outputs are subject to human review by operator personnel before any player-facing use, in line with applicable gaming-regulator requirements.

15. Data Protection Contacts and Representatives

For all privacy inquiries, including rights requests, contact us at privacy@heyseven.ai, or write to: Hey Seven, Inc., Attn: Privacy, 12060 NW 67th Ct, Parkland, FL 33076.

Data Protection Officer. We have assessed that the appointment of a Data Protection Officer is not required under GDPR Article 37 at our current scale. The Privacy contact above is responsible for privacy oversight.

16. Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date at the top reflects the most recent revision. If we make material changes, we will provide additional notice (for example, by email or by posting a notice on the Website). Your continued use of the Website or the Platform after the effective date of an update constitutes acceptance of the updated Policy.

17. Contact

Hey Seven, Inc.
Attn: Privacy
12060 NW 67th Ct, Parkland, FL 33076
Email: privacy@heyseven.ai