Privacy Policy

Last updated on May 23th, 2023

HeyTaco's approach to your privacy boils down to doing the right thing. You should never feel surprised about the information we know about you or when we contact you. Every interaction should be valuable to both you and HeyTaco. If you ever feel like the information we know about you is surprising, please let us know.

When it comes to being stewards of your information, we'll do the right thing and won't use your information without your permission. We strive to collect the least amount of information possible. Your information takes up space, and we like space.

Why should you trust HeyTaco?

Because you support HeyTaco with your financial support, our relationship with you helps us achieve our company vision. It's not good to anger people you're in a relationship with. That isn't good for the taco business, our happiness, and helping spread kindness worldwide.

If you disagree with this privacy policy, please do not use our Services for any reason. Our Services are defined as anything HeyTaco, LLC creates and owns.

Here's a list of sections to learn more about your privacy:

First, a note about who you are

If you use HeyTaco's Services, you are either a Member or an Administrator. Your HeyTaco Community is made up of Members and Administrators. Administrators have access to all Member data and have control of your Community's settings and data.

If you are not an Administrator and have data questions, requests, or concerns, please get in touch with your Administrator so they can fulfill your needs. If you cannot contact your Administrator or have a dispute, please get in touch with us at [email protected].

What we collect and why

When an Administer adds HeyTaco to your chat platform (e.g., Slack, Microsoft Teams, Discord), we collect information necessary for our Services to function. But, of course, we also collect information if you give it to us.

Any of the information we collect from you may be used in one of the following ways: (a) Personalize your experience. (b) Better respond to your individual needs. (c) Operate and improve our Services. (d) Improve customer service. (e) Contact you.

Here is what we collect and why:

If you have any questions about the information we collect, please contact us at [email protected].

Where your information is stored and protections

Security and Storage

We use Heroku and Amazon Web Services as hosting providers in the United States to store and protect your information. They are up-to-date, set up with the latest security standards, and undergo recurring security assessments to protect your information.

When you submit information via our Service, your information is protected and encrypted at rest and in transit through secure connections. We implement a variety of security measures to maintain the safety of your personal information. If your data is exposed to an unknown 3rd party, we will notify you within 72 hours of the reported incident.

HeyTaco may transfer your data to countries you don't live in. We offer European Union Model Clauses, known as Standard Contractual Clauses, to meet General Data Protection Regulation requirements for Administrators and Members who are citizens of the European Union. A copy of our data processing addendum, including Model Clauses, is available by contacting us.

If you have any questions about data security and storage, please contact us at [email protected].

How long do we retain data about you?

We use historical data about people who use our Services to generate internal research reports and for you to view historical information about your usage.

If you stop using the Service, your data is also available to Administrators for your HeyTaco account. Administrators can use your old data to see historical taco giving, messages you gave and received, and any other data collected about you.

We remove your data after an Administrator removes or stops using our Services, and sufficient time has passed to warrant data removal. The Administrators for your account are responsible for your data. In most circumstances, they must approve of any data removal or modifications. If you are a Member of the European Union and your Administrator will not request to remove your data, please get in touch with us at [email protected].

Cookies and how we use them (hint: we don't eat them)

Cookies are small files a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow), enabling the sites or service providers' systems to recognize your browser and capture and remember certain information.

We use cookies to aggregate data about site traffic and interaction to offer better Services now and in the future. We may contract with third-party service providers to better understand our site visitors and operate HeyTaco. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our Services.

Here are a few examples of how we use cookies:

You have the right to accept or reject our cookies. You can exercise that right by not using our Services or your web browser to accept or refuse cookies. You can visit your web browser's help menu to learn how to accept and reject cookies.

If you have questions or feedback about the cookies we use, please let us know at [email protected].

Who has access to your information?

Your information will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the Services requested. We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. Below is a list of current third parties that may have access to your data.

Third Party Link Reason
Stripe Billing and payment processor for purchases. (Administrator contact data only)
Heroku Hosting provider for app and data storage.
Amazon Web Services Hosting provider for app and data storage.
Google Analytics Service analytics to track and analyze Service usage.
ProfitWell Helps us do billing updates and analyze subscriptions. (Administrator contact data only)
HotJar Ltd. If you leave your name or email in a survey, itโ€™s stored with HotJar until we remove it.
HubSpot Customer relationship management

We may also release your information when we believe it is appropriate to comply with the law, enforce our site policies, or protect others' rights, property, or safety. However, non-personally identifiable information may be provided to other parties for marketing, advertising, or other uses. An example would be creating an advertisement about how people who use HeyTaco on Slack recognize each other X times per month on average. This is where you aggregate data to make it so the people behind it cannot be identified.

How can you control your data?

You will have different rights regarding your data if you are an Administrator or Member. If you are an Administrator, you can request us to send, remove or modify any information about your account. You can export data on the Admin page of your HeyTaco site or by emailing us. To permanently remove your data, you must email us at [email protected], and we will remove your data within 30 days of notice.

If you are a Member, you can export some of your data on your Profile page. If you would like to view, modify, or remove all or some of your data, please contact your Administrator and have them email us to do so. If you don't know your Administrator or have questions, please email us at [email protected].


If you do not consent to the collection, use, or disclosure of your personal information as outlined in this policy, please do not provide any personal information to our Service or agree to our Terms of Service and Privacy Policy. If you have provided personal information and no longer consent to its use or disclosure as outlined herein, please notify us at [email protected].

Data Protection Authority

Subject to applicable law, you have the right to (i) restrict HeyTaco's use of your Personal Data and (ii) lodge a complaint with your local data protection authority. If you are a resident of the European Economic Area and would like to complain, please contact your Data Protection Authority. You can find a list of Data Protection Authorities by clicking here. (

Please get in touch with us before complaining. We will do our best to meet your needs, and adhere to applicable laws, our Terms of Service, and this Privacy Policy.

Contacting HeyTaco

If there are any questions regarding this privacy policy, you may contact us at [email protected]