We updated our Privacy Policy as of June 10th, 2026, and created this guide to walk you through what changed and what it means for your practice. It's here to make the changes easier to understand, but the full Privacy Policy is the official version, and you can read it anytime at joinheard.com/privacy.
The biggest updates reflect where Heard has grown: we've added AI-powered features like Haven, we've gotten more specific about what data we collect and why, and we've cleaned up some outdated language. Here's what you need to know.
More data types are now listed explicitly
The original policy described the information we collect in broad terms. The updated policy adds several new categories to be more transparent about what we actually collect as the product has evolved.
What's new in the list:
- Job titles: We now explicitly list job titles alongside names, email addresses, and phone numbers for you and your employees or contractors.
- Commercial information: Things like which Heard plan you've purchased or considered, or your purchasing history on the platform.
- Geolocation: Physical location based on your IP address, device data, or region. (This was implicit before, given that we collect IP addresses, we've just named it directly.)
- Interactions with marketing or advertising: If you've engaged with a Heard ad or campaign on social media or elsewhere, we may collect information about that interaction.
- Photos, video, and audio: If you provide these to us in any context.
- Haven conversations: The policy now explicitly includes information you share with Haven, our AI financial assistant, under the "Feedback and correspondence" category.
None of these represent brand new practices, they reflect what we already do, described more clearly. All of this information is used to run and improve your bookkeeping, tax, and support experience.
How we use your data
This is the most significant change in the policy.
The original policy didn't mention artificial intelligence at all. The updated policy does, in two important places.
First: We use your data to provide, improve, and develop Heard's AI and machine learning features, including Haven. This is how AI-powered tools work: they get better with use, and that improvement draws on data.
Second: Heard may use aggregated, de-identified, or anonymized data from your use of the platform, including AI features, to train and improve those features over time. We will not use your individually identifiable data to train general-purpose AI models in a way that makes it available to other users without your consent.
How we share your data: also updated for AI
The "How we disclose" section now explicitly includes AI and machine learning service providers among the types of third-party service providers we may work with. This reflects the reality that some of the infrastructure behind our features, including AI tools, involves third-party providers processing data on our behalf.
One subtle but important change: the original policy said SMS opt-in data "will not be shared with any third parties." The updated policy says it "will not be shared with any third parties for marketing or promotional purposes." That qualifier was added to reflect that third-party systems involved in actually delivering your text messages (like carriers and messaging platforms) may technically process that data to do so.
We updated who this policy covers
The original policy covered two groups: therapists using Heard, and visitors to our website.
The updated policy adds a third: anyone else who provides personal information to Heard. This is a catch-all that covers scenarios like someone contacting Heard support who isn't a registered user.
We removed the specific breach notification promise
The 2023 policy included this: "We will notify you by email if we have reason to believe that your personal information has been compromised due to a security breach."
That language has been removed from the updated policy. This doesn't mean we've changed our practices around breach response, it means we've aligned our written commitments with what we're legally required to do, which varies by jurisdiction and circumstance.
If you ever have concerns about your account security, contact us immediately.
The California-specific section was removed
The original policy had a dedicated "Notice to California Residents" section covering CCPA rights, non-discrimination, and the "Shine the Light" law.
That section has been removed from the updated policy. California residents still have rights under the CCPA, those haven't gone away.
The "Your Choices" section was simplified
The 2023 policy listed a detailed set of rights: update your information, object to processing, request deletion, request portability, cancel your account, stop communications.
The updated policy simplifies this section to focus on the two most common requests: opting out of marketing emails and stopping SMS messages. The underlying rights still exist, they're just not enumerated in this section.
To opt out of marketing emails, use the unsubscribe link in any email from us. To stop texts, reply STOP to any message.
For data deletion, access, or correction requests — including California (CCPA) rights — please reach out to our Support team.
We updated our mailing address
Our contact address has changed:
New: 600 1st Ave Ste 330 PMB 77170, Seattle, WA 98104-2246 Old: 500 Yale Ave N, Seattle, WA 98109
What didn't change
A few things worth noting stayed the same:
- We do not sell your personal information
- We restrict our Service to users 18 and older
- Your data is retained as long as your account is active or as needed for legal and business purposes
- The Service is intended for US residents; international users should be aware that data is processed in the United States
- SSL encryption is still used to protect your data in transit