All apps

Is Hebbia safe with your data?

C
Hebbia icon

Hebbia

Hebbia AI Inc.

65/100

Partial disclosure · high confidence

Hebbia earns a C (65/100) because it discloses its data practices only in part.

#49

of 116 apps ranked

65

score · Finance avg 56

+9

vs category average

Grade scaleA · 85–100B · 70–84C · 55–69D · 40–54F · 0–39

Hebbia's policy is strong on data-subject rights, sharing transparency, and a clear no-training pledge for customer data. It loses ground on vague retention with no day-count, an absent breach-notification timeline, and silence on output ownership and on shorter AI-log retention. The grade rests on the company's own May 2026 privacy policy at hebbia.com/privacy, with all applicable indicators resolved by a quoted clause or documented silence.

What Hebbia's privacy policy says about your data

No customer-data training

The policy states that Hebbia does not use Personal Data contained in Customer Data to train or improve generalized or third-party AI or machine learning models, and limits any internal use to debugging, performance monitoring, and feature development.

Does not sell or share

Hebbia states it does not sell personal information for monetary consideration and does not sell or share for cross-context behavioral advertising. It provides a named Do Not Sell or Share My Personal Information opt-out in cookie preferences.

Named transfer safeguards

For international transfers the policy relies on the European Commission standard contractual clauses (2021) and the UK International Data Transfer Addendum, and it names a Data Protection Officer along with EU and UK representatives.

Vague retention and no breach timeline

Retention is framed as the duration of the customer relationship plus a period afterward, and prospect data is held until it no longer has business value, with no day-count given. The security section commits to no breach-notification timeframe.

What the policy is silent or vague on

  • Not stated: a way to opt out of training
  • Not stated: whether training use differs by plan
  • Not stated: your ownership of generated outputs
  • Not stated: shorter retention for AI conversation logs

Hebbia privacy rating

Training-data use1 of 4 disclosed
Keeps user inputs out of model training, or makes training opt-inDisclosed
Names a way to opt out of or into trainingSilent
Says whether training use differs by plan or tierSilent
Lets the user keep ownership of generated outputsSilent
Data-subject rights5 of 5 disclosed
Grants a right to access your dataDisclosed
Grants a right to delete your dataDisclosed
Offers data portability in a usable formatDisclosed
Grants a right to correct your dataDisclosed
Grants a way to object to or opt out of processingDisclosed
Retention and deletion0 of 4 disclosed
States a retention period for your dataPartial
States a deletion timeline after closure or requestPartial
Sets a shorter retention for AI conversation logsSilent
Commits to collecting only the data it needsSilent
Third-party sharing5 of 5 disclosed
Lists the categories of third parties it shares withDisclosed
References a sub-processor list or data processing agreementDisclosed
Does not sell or share data for advertising, or offers opt-outDisclosed
Names a safeguard for international data transfersDisclosed
States a standard for government and law-enforcement accessDisclosed
Transparency3 of 4 disclosed
Discloses that you are interacting with AIDisclosed
Marks AI-generated or synthetic outputNot applicable
Enumerates the categories of data it collectsDisclosed
Maps processing purposes to legal basesDisclosed
Is versioned and dated, with change noticePartial
Sensitive data and children1 of 3 disclosed
Discloses automated decisions and a human-review pathPartial
Limits the use of special-category dataSilent
Governs biometric data specificallyNot applicable
States protections for children's dataDisclosed
Security and accountability1 of 3 disclosed
Describes its security safeguardsPartial
Commits to breach notificationSilent
Names a certification or a privacy contactDisclosed
DisclosedPartialSilentAdverseNot applicable

Details

Category
Finance
Modalities
text
Processes biometrics
No
Policy last updated
2026-05-08
Region scored
Global / US-default
Assessed
2026-06-20
Read Hebbia's privacy policy

Other finance apps

AlphaSense iconAlphaSenseCPigment iconPigmentCRogo iconRogoD

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.

Is Hebbia safe with your data? Grade C | AI App Trust & Transparency Index