Hey Beth
← Back to Hey Beth

Hey Beth Privacy Policy

1. Introduction

This Privacy Policy describes how Hey Beth LLC (“Company,” “we,” “us,” or “our”), operator of the Hey Beth service (“Service”), collects, uses, discloses, and protects information in connection with the Service. This Policy applies to information collected through the Service, the Hey Beth website at heybeth.co, and related communications.

By using the Service, you (“Customer,” “Broker,” or “you”) consent to the practices described in this Policy. If you do not agree, do not use the Service.

This Policy is incorporated by reference into the Hey Beth Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.

2. Who This Policy Covers

This Policy describes our practices with respect to:

We treat data from Customers and Carriers under different obligations because Customers have consented to this Policy and Carriers have not. Sections 3 and 4 describe each category specifically.

3. Customer Information

3.1 Information Customers Provide Directly

When you create or use a Customer Account, we collect:

3.2 Information Collected via Gmail (with Customer Consent)

When the Customer connects a dedicated email address to Beth via Google OAuth, the Service receives access to that specific email inbox to perform its function. The Service:

The Customer is responsible for setting up the dedicated email address such that only carrier-related inquiries are routed to it. The Company has no technical means to determine whether an email received at the dedicated address is from a Carrier, a personal contact, or any other party.

3.3 Information Collected Automatically

We collect technical and usage information automatically when you use the Service, including:

3.4 Google API Data and User-Facing Service Improvement

Where the Service accesses Customer email through Google OAuth or related Google APIs, we use data obtained from the connected dedicated inbox only to provide, maintain, secure, support, debug, evaluate, and improve Hey Beth’s user-facing features, including email response handling, intent classification, routing, escalation, response quality, safety systems, and Customer-specific configuration. We do not use Google API data for advertising, unrelated research, unrelated products, sale of data, or training third-party foundation models.

4. Carrier Information

4.1 Limited Carrier Data Collection

When Carriers communicate with a Customer’s dedicated Beth email address, we receive and process the content of those communications, including:

4.2 No Direct Relationship with Carriers

We do not have a direct relationship with Carriers. Carriers communicate with the Customer’s brokerage; the Service processes those communications on the Customer’s behalf. Specifically:

4.3 Use of Carrier Information

We use Carrier information only for purposes related to the Service, including to:

We do not sell, rent, or share Carrier information with parties outside the subprocessors listed in Section 7, except as required by law, with the Customer’s instruction, or as otherwise described in this Policy.

4.4 Data Minimization

We retain Carrier-provided information only as long as reasonably necessary for the purposes described in this Policy, including providing the Service, customer support, quality review, audit logging, dispute resolution, security, legal compliance, Service Improvement Data, and aggregate, anonymized, or de-identified analytics. After termination of the Customer Account, Carrier information may be deleted, de-identified, archived, or retained subject to the retention provisions and exceptions in Section 8.

4.5 Carrier-Facing Notice Page

We may maintain a general carrier-facing notice page at heybeth.co/carriers or a successor URL. The page may explain that freight brokers may use Hey Beth to assist with carrier email responses, that Hey Beth acts on behalf of broker customers, and that final booking remains subject to broker approval, carrier setup, and written rate confirmation. This general notice page is not a substitute for any disclosure that a Customer is legally required to provide to a Carrier.

5. How We Use Information

We use the information described in Sections 3 and 4 to:

We do not use Customer Data or Carrier information for purposes unrelated to the Service without obtaining additional consent.

6. AI Use of Information

6.1 Third-Party LLM Processing

The Service uses third-party large language models (“LLMs”) to interpret email content and generate responses. When the Service processes a Carrier communication or generates a response, the relevant content is sent to one or more LLM providers (currently Anthropic and OpenAI) for processing.

6.2 Foundation Model Training and Hey Beth Service Improvement

We do not use Customer Data or Carrier Communications to train, fine-tune, or improve third-party foundation models, general-purpose LLMs, or public AI models unless the Customer has expressly opted in or we update this Policy and obtain any consent required by applicable law. Specifically:

However, the Service necessarily uses Customer Data and Carrier Communications to operate and improve Hey Beth-specific functionality. We may use Customer Data, Carrier Communications, and Service Improvement Data to provide, maintain, secure, debug, evaluate, test, and improve the Service, including intent classifiers, routing logic, escalation systems, response-quality systems, prompt templates, safety systems, customer-specific configurations, and other Service-specific machine-learning or rules-based components.

Service Improvement Data” means labels, annotations, classifications, routing outcomes, quality-assurance notes, error reports, evaluation records, prompt-test results, safety-system outputs, de-identified excerpts, aggregate metrics, and other data or metadata derived from Customer Data or Carrier Communications and used to provide, maintain, secure, debug, evaluate, test, or improve the Service.

Raw Customer Data and raw Carrier Communications may be accessed and used only for permitted business purposes, including providing the Service, support, troubleshooting, quality review, security, abuse prevention, customer-specific tuning, classifier evaluation, error analysis, and legal compliance. We use commercially reasonable access controls and data-minimization practices for such access.

6.3 Inference-Time Data Handling by LLM Providers

LLM providers may temporarily process and cache submitted content as necessary to generate responses. This processing is governed by the LLM providers’ own terms and privacy policies, which are referenced in Section 7.

6.4 Customer Override and Control

The Customer controls Beth’s behavior through configured parameters. The Customer may, at any time, pause Beth, override individual decisions, modify parameters, or terminate the Service. Beth makes autonomous decisions only within the bounds the Customer has configured.

7. Subprocessors

We use the following third-party service providers (“Subprocessors”) to operate the Service. Each Subprocessor is contractually bound to protect data consistent with this Policy:

Subprocessor Purpose Data Processed Location
Anthropic AI inference (Claude API) Email content for response generation United States
OpenAI AI inference fallback (GPT API) Email content for response generation United States
Supabase Database and authentication All Customer Data and Carrier Communications United States
Stripe Payment processing Billing information, transaction data United States
Replit Application hosting All processed data United States
Google (Gmail API) Email inbox access Email content via OAuth United States
Plausible Analytics Website analytics Aggregated, anonymized site usage data European Union (privacy-compliant)

We maintain an updated Subprocessor list at heybeth.co/subprocessors. We may add or change Subprocessors from time to time. Material changes will be communicated to Customers via email or dashboard notice with reasonable advance notice.

8. Data Retention

8.1 General Retention Standard

We retain information for as long as reasonably necessary to provide, maintain, secure, support, debug, evaluate, and improve the Service; comply with legal, tax, accounting, security, audit, and contractual obligations; resolve disputes; enforce our agreements; prevent fraud or abuse; maintain business records; and exercise or defend legal rights.

We do not promise blanket automatic deletion of all Customer Data or Carrier Communications immediately upon account termination. Retention periods may vary based on the type of information, the purpose for retention, the Customer’s account status, legal requirements, backup practices, security needs, and whether a dispute, investigation, legal hold, or compliance obligation exists.

8.2 Typical Retention Categories

Subject to the exceptions in this Policy, our typical retention practices are:

8.3 Retention After Termination

After termination, cancellation, or deactivation of a Customer Account, we may delete, de-identify, archive, or retain Customer Data and Carrier Communications according to this Policy and our then-current retention practices. We may retain information where reasonably necessary for legal, tax, accounting, security, fraud prevention, abuse prevention, audit, dispute, backup, business-continuity, Service Improvement Data, aggregate, anonymized, de-identified, or compliance purposes.

Customer is responsible for exporting or preserving any records it needs for broker recordkeeping, legal, tax, regulatory, operational, or compliance purposes before terminating the Service. We are not obligated to retain or restore Customer Data after termination unless expressly agreed in writing.

8.4 Customer-Initiated Deletion Requests

The Customer may request deletion of eligible Customer Data via the dashboard or by emailing sam@heybeth.co. We will respond within the timeframe required by applicable law. We may deny, limit, or delay deletion where retention is permitted or required for legal, tax, accounting, security, fraud prevention, abuse prevention, audit, backup, dispute resolution, contract enforcement, Service Improvement Data, aggregate, anonymized, de-identified, or other legitimate business purposes described in this Policy.

9. Aggregate and Anonymized Data

We collect and use aggregate and anonymized data derived from the operation of the Service for purposes including analytics, marketing, product improvement, and research. Aggregate and anonymized data does not identify any specific Customer, Carrier, or communication.

Examples of aggregate data we may publish or use:

We maintain an internal threshold for aggregation: no published aggregate statistic will be derived from a sample so small that individual Customers or Carriers could be identified by inference.

10. Disclosure of Information to Third Parties

10.1 We Do Not Sell or Rent Information

We do not sell, rent, or trade Customer Data or Carrier Communications to any third party for any purpose. We have not done so in the prior 12 months and have no plans to do so.

10.2 Disclosure to Subprocessors

We disclose information to Subprocessors as necessary to operate the Service, subject to confidentiality and data protection obligations as described in Section 7.

10.3 Legal Disclosures

We may disclose information if required by law, legal process, or governmental request, including:

Where legally permitted, we will notify the affected Customer prior to making any disclosure.

10.4 Business Transfers

If the Company is involved in a merger, acquisition, asset sale, bankruptcy, or similar transaction, Customer Data and Carrier Communications may be transferred to the successor entity, subject to this Policy or a successor policy that provides equivalent or greater protection. Customers will be notified of any such transfer.

11. International Data Transfer

The Service is intended for US-based Customers and is operated from the United States. We do not actively market the Service to Customers outside the United States. Customer Data and Carrier Communications are stored on United States-based infrastructure (with the exception of Plausible Analytics, which is EU-hosted but processes only aggregate, anonymized site analytics).

If a Carrier communicating with a Customer’s dedicated email address is located outside the United States, their communications may be processed by the Service. The Customer is responsible for any obligations arising from international data transfers triggered by such Carrier communications.

We do not maintain GDPR, UK GDPR, or PIPEDA compliance programs. Customers operating in or transferring data from jurisdictions with such requirements should consult their own legal counsel.

12. Children’s Information

The Service is intended for business use by adult freight broker professionals. We do not knowingly collect information from children under 13 years of age (or the relevant minimum age in the Customer’s jurisdiction). If we become aware that we have collected such information, we will delete it promptly. If you believe we have collected information from a child, please contact us at sam@heybeth.co.

13. User Rights (CCPA and Aligned)

California residents and residents of other states with comparable privacy laws have the following rights with respect to their personal information:

To exercise any of these rights, contact us at sam@heybeth.co. We will respond within 45 days, with up to a 45-day extension where reasonably necessary. We may need to verify your identity before processing requests.

These rights apply to personal information of Customers and, where applicable, Carriers. Carrier-side requests should generally be directed to the Customer through whom the Carrier communicated, as the Customer is the party with the operational relationship to the Carrier. We will assist the Customer in fulfilling such requests as needed.

14. Cookies and Tracking Technologies

We use limited cookies and tracking technologies on the Hey Beth website and dashboard:

You can control cookies through your browser settings, though disabling essential cookies will impair the Service.

15. Security

We implement administrative, technical, and physical safeguards designed to protect personal information. Our security practices include:

No system is fully secure. We cannot guarantee absolute security. In the event of a data breach affecting Customer or Carrier information, we will notify affected Customers as required by applicable law and consistent with the severity of the incident.

We do not claim compliance with HIPAA, PCI DSS, SOC 2, ISO 27001, or any other formal security certification. Our infrastructure providers (notably Stripe for payments) maintain their own certifications, and we rely on those certifications for the relevant data they process.

16. Updates to This Policy

We may update this Policy from time to time. When we make material changes, we will:

Continued use of the Service after the effective date of an update constitutes acceptance of the updated Policy, except where applicable law requires affirmative consent.

17. Customer Consent and Acceptance Record

When a Customer creates an account, connects a dedicated email inbox, checks an “I agree” box, clicks an acceptance button, or uses the Service after being presented with this Policy and the Terms of Service, the Customer consents to the Company’s collection, use, disclosure, retention, and processing practices described in this Policy.

We may maintain records of the Customer’s acceptance and consent, including the accepted document version, timestamp, account email, organization name, IP address, user identifier, and related onboarding acknowledgments. We use those records to demonstrate consent, authorization, account activity, legal compliance, and enforcement of the Terms of Service.

18. Contact Information

Questions, requests, or concerns regarding this Policy may be directed to:

Hey Beth LLC Attention: Privacy sam@heybeth.co 2521 Stony Creek Road, Lansdale, PA 19446

Last Updated: June 18, 2026 Version: 2.0 — Effective June 18, 2026