Last updated: April 12, 2026

Privacy Policy

This Privacy Policy describes how Heyseed (“Heyseed,” “we,” “us,” or “our”) collects, uses, and shares information when you use our websites, applications, and related services (collectively, the “Service”), including www.heyseed.shop.

1. Who we are

The Service is operated by Heyseed. For privacy questions, contact us.

2. Information we collect

We collect information in the following categories, depending on how you use the Service:

2.1 Account and profile information

When you register, apply for access, or maintain an account, we may collect identifiers and business details such as name, email address, password (stored hashed), phone number, business name, business address, role (for example, Retailer or Brand user), and preferences you set in your profile.

2.2 Applications

If you submit a Brand application, Retailer application, or similar form, we collect the information you provide in that flow so we can review and process your request.

2.3 Orders, payments, and financial records

When you place or fulfill orders, we collect order details (items, quantities, pricing, shipping addresses, status, messages related to fulfillment) and transaction metadata needed to operate the marketplace and accounting.

Payments are processed by Stripe. Stripe collects payment method details (such as card numbers) on their systems. We generally receive limited payment information from Stripe (for example, payment status, brand and last four digits, expiration, and tokens/IDs needed to operate checkout and saved payment methods).

2.4 Communications

If you use messaging or support channels on the Service, we process the content of those messages, participants, timestamps, and related metadata as needed to deliver the feature, provide support, and protect users.

2.5 Mobile app, API access, and devices

If you use our mobile applications or APIs, we may collect device and technical information such as device type, operating system, app version, IP address, and authentication tokens (for example, JWT access and refresh tokens) used to secure API requests.

If you enable push notifications, we may collect and store push notification tokens (including Expo push tokens) associated with your account so we can deliver notifications you request.

2.6 Content you upload

Brands and users may upload images, documents, and other files (for example, product photos, import files). We store and process this content to provide the Service.

2.7 Cookies, sessions, and logs

We use cookies and similar technologies to keep you signed in, protect the Service, remember preferences, and understand usage. Server logs may include IP address, user agent, timestamps, and diagnostic data for security and reliability.

3. How we use information

We use information to:

  • Provide, operate, maintain, and improve the Service;
  • Create and manage accounts; authenticate users; secure sessions and APIs;
  • Process applications; onboard Brands and Retailers; perform risk and fraud prevention;
  • Facilitate checkout, payments, payouts, refunds, and related reporting;
  • Facilitate messaging between users where the feature is available;
  • Send transactional emails and in-product notifications (for example, order updates);
  • Send push notifications when enabled and consistent with your preferences;
  • Provide customer support and respond to legal requests;
  • Comply with law and enforce our terms and policies.

4. Legal bases (EEA/UK users)

If data protection laws in the European Economic Area or United Kingdom apply, we may rely on one or more of the following legal bases: performance of a contract with you, legitimate interests (such as securing the Service and preventing fraud, balanced against your rights), consent where required (for example, certain marketing communications), and legal obligations.

5. How we share information

We share information as follows:

  • Between marketplace participants. For example, Brands receive information needed to fulfill orders (such as shipping details). Retailers see Brand storefront and product information needed to purchase.
  • Service providers. We use vendors to help us run the Service, including:
    • Stripe for payments, payouts, and related fraud prevention;
    • Amazon Web Services (S3) and related cloud infrastructure for hosting and file storage;
    • Postmark (or similar email infrastructure) for transactional email delivery;
    • Heroku (or similar hosting providers) for application hosting;
    • Expo (or similar push infrastructure) for delivering mobile push notifications.
  • Legal and safety. We may disclose information if we believe it is necessary to comply with law, protect rights, safety, and property, or respond to lawful requests from public authorities.
  • Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards where required.

We do not sell your personal information for money as a traditional “data broker” sale. We may use analytics or advertising tools in the future; if we do, we will update this policy and choices as required by law.

6. Retention

We retain information for as long as needed to provide the Service, comply with legal obligations (including tax and accounting rules), resolve disputes, and enforce agreements. Order and financial records may be retained longer than marketing preferences or transient logs.

7. Security

We implement reasonable technical and organizational measures designed to protect information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

8. Your choices and rights

Depending on your location, you may have rights to access, correct, delete, export, or restrict certain processing of your personal information, and to object to certain processing. You may also have the right to lodge a complaint with a supervisory authority.

To exercise your rights, email us. We may need to verify your request before responding.

California. If the California Consumer Privacy Act (CCPA/CPRA) applies, California residents may have additional rights regarding personal information, including rights to know, delete, and correct certain information, and to opt out of certain sharing (if applicable). Contact us at the email above. We do not knowingly sell or share personal information of minors under 16 for cross-context behavioral advertising.

Notifications. Where the Service provides notification preferences (including email or push categories), you can adjust those settings in your account or device settings.

9. Children’s privacy

The Service is not directed to children, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.

10. International users

Heyseed is based in the United States and processes information in the United States and other locations where we or our service providers operate. If you use the Service from other countries, your information may be transferred to the United States or other jurisdictions that may not provide equivalent protections to your home country. Where required, we use appropriate safeguards for international transfers.

11. Third-party links

The Service may link to third-party websites or services. Their privacy practices are governed by their own policies. Stripe’s privacy materials are available on Stripe’s website.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the “Last updated” date. If changes are material, we may provide additional notice as appropriate.

13. Contact

Heyseed — Privacy inquiries: contact us

Terms of Service