Get a demoRequest access
Responsible AI Policy

Responsible AI Policy

How Heyou's AI is built and constrained — Gemini via Vertex AI as the approved provider, no training on your data, PII minimization before model calls, and human-in-the-loop for every externally visible action.

Effective: 2026-05-10Last updated: 2026-05-10Version: 1.0
In this document

Heyou operates AI-assisted relationship intelligence. This policy explains what Heyou’s AI does, what it cannot do, and how customers and individuals remain in control.

1. How Heyou’s AI Works

Heyou combines:

  1. A relationship graph built from Customer Data at the organizational level and User Data at the personal level;
  2. Classifiers, scoring models, and path-ranking models trained or calibrated on relationship signals; and
  3. Third-party large language models used to generate text, summaries, and action recommendations.

For personal-tier sources, Heyou processes metadata only, such as from, to, timestamp, interaction frequency, and similar non-content signals. Heyou does not process personal message content.

2. Model Inventory

Provider Purpose in Heyou Processing location Training on Customer Data
Google Gemini via Vertex AI Agent reasoning, message drafting, summarization, and recommendation support Region-aligned where supported by provider, model, and endpoint configuration Provider does not train foundation models on Customer Data submitted through enterprise controls

Heyou maintains an internal evaluation process for each model and may add, replace, or retire providers in line with the subprocessor change-notice procedure.

3. What the Agents Do and Do Not Do

Heyou agents can:

  • Suggest relationship paths and potential introducers;
  • Draft outreach messages and replies for user review;
  • Summarize relationships and prior interactions from authorized sources;
  • Recommend next actions and timing.

Heyou agents do not, without explicit human-in-the-loop action:

  • Send email or messages on a user’s behalf;
  • Perform externally visible engagement actions such as connection requests, comments, likes, follows, posts, or profile changes;
  • Surface personal-tier User Data content or private signals to the Customer or other Authorized Users unless the individual User has affirmatively chosen to share specific data with the organization;
  • Make decisions that produce legal or similarly significant effects on any individual;
  • Access communication content beyond authorized integration scopes, and never the content of personal messages connected as User Data;
  • Process special-category data, children’s data, protected health information, payment card data, or protected employment decisions as part of the standard service.

4. Training-Data Posture

Heyou’s AI posture distinguishes between third-party generative AI providers and Heyou’s proprietary non-generative relationship-scoring models.

Third-Party Generative AI Providers

Customer Data sent to third-party generative AI providers is not used by those providers to train foundation models. Heyou uses Google Gemini via Vertex AI with enterprise controls designed to prevent provider-side model training on Customer Data. Retention protections and regional processing controls are configured where supported by the provider, model, and endpoint configuration.

PII Minimization Before Third-Party Calls

Where identifiers are not required for the task, Heyou minimizes direct identifiers before sending data to third-party generative AI providers. Names, emails, phone numbers, and similar identifiers may be replaced with placeholders, then re-associated inside Heyou after the model response returns.

Heyou Proprietary Models

Heyou develops and improves proprietary non-generative classifiers, scoring models, path-ranking algorithms, and other relationship intelligence components. Heyou may use Customer Data and signals derived from it to improve these models in the course of delivering and enhancing the Services, subject to the DPA, applicable agreement, and applicable Order Form restrictions.

Heyou’s default posture is customer-scoped model improvement: business-specific relationship intelligence is learned and applied within the customer or user context from which the data was authorized. Heyou’s AI features are designed to use authorized tenant and user context, not unrestricted open-web access or uncontrolled external account access.

Safeguards include:

  • No third-party generative AI foundation-model training on Customer Data.
  • No individual cross-tenant leakage: one customer’s personal data does not appear in another customer’s outputs.
  • No business-specific cross-customer reuse: one customer’s relationship graph, messaging patterns, account strategy, outreach performance, sales motion, or GTM process is not used to generate business-specific recommendations for another customer.
  • Tenant isolation: customer records are not retrieved in another customer’s tenant.
  • Aggregation and de-identification where feasible.
  • Purpose limitation: model improvement is for relationship signal quality, path ranking, timing recommendations, safety, calibration, and service improvement, not for building or selling a contact database.

Any broader use of Customer Data for cross-customer model improvement requires support in the customer agreement, DPA, and applicable Order Form. Enterprise customers may address customer-specific model-improvement restrictions or opt-outs in the Order Form or DPA.

Statistical and Aggregated Insights

Heyou may derive aggregated, statistical insights from use of the Services, such as model calibration metrics or category-level benchmarks, provided such insights are de-identified and cannot reasonably be used to identify Customer, a Data Subject, or a natural person.

No Heyou-Owned Contact Database

Heyou does not combine data across customer tenants in its own database to build a contact directory, people-search product, or similar data product for sale or external use.

Future Changes

If Heyou materially changes its training-data practices in a way that expands customer-data use beyond the then-current agreement, Heyou will provide notice and obtain consent where required by contract or law.

5. Human Oversight

  • Every agent-suggested action is reviewable by a human before it has external effect.
  • Users can edit, approve, reject, or ignore AI-generated recommendations.
  • Admins may configure organizational guardrails where supported.
  • Action logs support auditability.

6. Transparency and Explainability

  • AI-generated drafts and recommendations are presented as assistive outputs.
  • Relationship scores may include top factors contributing to the score where supported.
  • Heyou discloses approved model providers and purposes through its model inventory or enterprise review materials.

7. Fairness and Non-Discrimination

Heyou is not a tool for hiring, firing, credit, insurance, housing, immigration, compensation, performance evaluation, or other high-stakes automated decisioning. Customers must not use Heyou outputs for those purposes. Heyou evaluates model behavior for quality, safety, and misuse risk as part of its AI governance program.

8. EU AI Act Alignment

Heyou’s current intended use cases are relationship intelligence and human-led engagement assistance. Heyou is not intended for prohibited or high-risk AI uses. If Heyou’s capabilities evolve into high-risk territory, Heyou will assess and implement applicable obligations before release.

9. Reporting AI Issues

Report suspected hallucinations, harmful outputs, or AI-related privacy concerns to ai-safety@heyou.com.