This Privacy Policy explains how 42AI, Inc. (“42AI,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information in connection with the HEY42 Platform, websites, mobile applications, billboards (physical and digital), application programming interfaces, and related services (collectively, the “Platform”). This Policy is incorporated into, and forms part of, the HEY42 Master Terms of Service. Capitalized terms used but not defined here have the meanings given in the Master Terms of Service.
YOUR CHOICES MATTER. YOU CAN OPT OUT OF SALE/SHARING OF YOUR PERSONAL INFORMATION FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING AT ANY TIME BY (I) CLICKING THE “DO NOT SELL OR SHARE MY PERSONAL INFORMATION” LINK IN THE PLATFORM FOOTER, (II) ENABLING THE GLOBAL PRIVACY CONTROL (GPC) SIGNAL IN YOUR BROWSER, OR (III) EMAILING PRIVACY@HEY42.COM. WE HONOR GPC SIGNALS AS A VALID OPT-OUT.
42AI, Inc. is the controller (and, where applicable, a business as defined under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020) responsible for the personal information we process about You in connection with the Platform.
Privacy Officer / Data Protection Lead
Email: privacy@hey42.com
Website: hey42.com/privacy
Postal: 42AI, Inc., Privacy Office, c/o registered agent address listed at hey42.com/contact, Delaware, U.S.A.
We collect personal information from and about You in the following categories. The categories below are presented using the CCPA § 1798.140 categories so You can map them against Your statutory rights.
Name, postal address, billing address, telephone number, email address, Account username, IP address, device identifiers, advertising identifiers (IDFA, AAID), cookie identifiers, and similar identifiers.
Information such as name, address, phone number, payment instrument information (collected and tokenized through our payment processors — we do not store full card data), and any other information You provide on a registration form, profile page, billing form, or order page.
Records of products or services You acquire, browse, or considered, including Slot acquisitions and resales, Subscriptions, Collectible Cards, transaction histories, and patterns of consumption.
Browsing history, search history, information regarding Your interaction with the Platform, advertisement, billboard impressions, click-throughs, scrolls, taps, hover times, and other engagement metrics, log files, device and browser characteristics, referring URLs, pages You access on the Platform, and the times and durations of such access.
Approximate location derived from IP address; precise geolocation only where You expressly grant permission via a device-level setting (for example, when using a mobile feature that requires fine location). We treat precise geolocation as Sensitive Personal Information.
Photos, videos, audio, and other media You upload as Content. If You contact our customer service by phone or video, we may record such interactions for quality, training, and dispute purposes; we will provide notice and obtain consent where required.
Information relevant to business or professional Users, such as company name, role, and tax-reporting information.
Inferences we draw from any of the above to create a profile of Your preferences, characteristics, predispositions, behavior, or attitudes (used, for example, to recommend Slots You may be interested in).
If You provide it, we may collect Sensitive Personal Information including precise geolocation, government-issued identification numbers (for tax-reporting purposes only when You sell on the Platform and meet 1099-K thresholds), and account log-in credentials. We do not use or disclose Sensitive Personal Information for purposes other than those permitted under California Civil Code § 1798.121, and You have the right to limit such use as described in Section 8.
We do not knowingly collect personal information of children under 13. We do not collect biometric identifiers, health, racial or ethnic origin, religious beliefs, philosophical beliefs, sex life or sexual orientation, trade-union membership, genetic data, or political opinions, except where You voluntarily submit such information as Content (in which case it is governed by Your Content license under the Master Terms of Service).
We collect personal information directly from You (when You register, transact, or communicate with us); automatically (through cookies, pixels, SDKs, server logs, and similar technologies); and from third parties (including advertising partners, fraud-prevention vendors, identity-verification vendors, blockchain explorers for on-chain information, public databases, and our affiliates and service providers).
We use personal information for the following business and commercial purposes:
We disclose personal information to the following categories of recipients:
Under the CCPA, the use of certain online tracking technologies for cross-context behavioral advertising is treated as a “sale” or “sharing” of personal information, even where no money changes hands. In the past twelve (12) months, we have shared the following categories of personal information for cross-context behavioral advertising: identifiers, internet or other electronic network activity, commercial information, and inferences. We have not knowingly sold or shared the personal information of consumers under sixteen (16). You may opt out at any time as described in Section 8.
We use cookies, pixels, beacons, software development kits (SDKs), local storage, and similar technologies to operate, secure, and improve the Platform; to remember Your preferences and Account state; to authenticate sessions; to analyze use of the Platform; and (where You permit) for advertising and measurement. Most browsers allow You to refuse, delete, or limit cookies through browser settings. Refusing strictly necessary cookies may impair the Platform's functionality. We honor the Global Privacy Control (GPC) signal as an opt-out of sale/sharing for cross-context behavioral advertising.
Subject to applicable law, You have rights to: (a) know what personal information we collect, use, disclose, and (where applicable) sell or share about You; (b) access a copy of the personal information we hold about You; (c) correct inaccurate personal information; (d) delete personal information we hold about You; (e) opt out of sale or sharing of personal information for cross-context behavioral advertising; (f) limit the use and disclosure of Sensitive Personal Information; (g) opt out of profiling for decisions that produce legal or similarly significant effects, where applicable; and (h) be free from retaliation for exercising any of these rights.
Submit a request via privacy@hey42.com, the in-product “My Privacy” page, or the toll-free number listed on the Platform. We may verify Your identity to a degree of certainty proportional to the sensitivity of the request. Authorized agents may submit requests on Your behalf with written authorization. We will respond within forty-five (45) days, with one (1) forty-five (45)-day extension if reasonably necessary.
If we deny Your request, You may appeal by replying to our denial email within sixty (60) days; we will respond to Your appeal within sixty (60) days. If You remain dissatisfied, You may contact Your state attorney general.
California consumers have the rights described in Section 8 under the CCPA. In addition: (i) we provide the categories of personal information collected, used, sold or shared, and disclosed for a business purpose, by mapping them in Sections 2, 4, 5, and 6 above; (ii) the categories of sources are described in Section 3; (iii) the business and commercial purposes are described in Section 4; (iv) the categories of third parties to whom we disclose are described in Section 5; (v) we do not discriminate against consumers who exercise their rights, except where we may be unable to provide the Platform without certain information (in which case we will tell You); (vi) Your California Shine the Light rights (Cal. Civ. Code § 1798.83) are fulfilled by this Policy and by emailing privacy@hey42.com; and (vii) the right to limit Sensitive Personal Information may be exercised through the “Limit the Use of My Sensitive Personal Information” link or by emailing privacy@hey42.com.
Residents of states with comprehensive privacy statutes have rights to access, correct, delete, port, and opt out of targeted advertising, sale, and certain profiling. Texas residents are reminded that the Texas Data Privacy and Security Act (TDPSA) has no minimum revenue or volume threshold and applies to any business that processes the personal data of Texas residents. To exercise rights, contact privacy@hey42.com. We honor universal opt-out signals (GPC) where mandated.
Nevada residents may opt out of the sale of their covered personal information under N.R.S. § 603A.340. Email privacy@hey42.com.
If You are in the European Economic Area, the United Kingdom, or Switzerland, You have rights under the GDPR or UK GDPR including access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with a supervisory authority. Our lawful bases for processing include performance of a contract (Article 6(1)(b)), our legitimate interests (Article 6(1)(f)), Your consent (Article 6(1)(a)) where applicable, and compliance with legal obligations (Article 6(1)(c)). For international data transfers from the EEA/UK to the U.S., we rely on the Standard Contractual Clauses (SCCs) (and the UK International Data Transfer Addendum where applicable). Our EU representative under Article 27 is appointed and listed at hey42.com/eu-representative.
We retain personal information for as long as is reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law. The retention periods we apply are commensurate with the nature and sensitivity of the data, the risks of harm from unauthorized use or disclosure, and our legal, audit, and tax obligations. Specific retention periods include: (i) Account information: while the Account is active and for up to seven (7) years thereafter for tax, audit, and legal-defense purposes; (ii) transaction records and Form 1099-K supporting data: at least seven (7) years per IRS guidelines; (iii) Subscription consent and renewal evidence: at least three (3) years from enrollment, or one (1) year after termination, whichever is longer (per Cal. Bus. & Prof. Code § 17602 record-retention requirement); (iv) DMCA notices and counter-notices: for the duration legally required and to support repeat-infringer determinations under 17 U.S.C. § 512; (v) marketing data: until You opt out, plus a reasonable wind-down period.
We maintain reasonable administrative, technical, and physical safeguards to protect personal information against unauthorized access, alteration, disclosure, and destruction, including encryption in transit (TLS 1.2+), encryption at rest where technically feasible, role-based access controls, logging and monitoring, vendor due diligence, and incident-response procedures. No security measure is absolute; we cannot guarantee security against all threats.
We may use automated decision-making and profiling for fraud prevention, content-moderation triage, and personalized recommendations. We do not use solely automated decision-making to make decisions that produce legal or similarly significant effects on You without human oversight. Where required by applicable state law (including California's ADMT regulations effective January 2027), we will provide pre-use notices and opt-outs.
The Platform is intended for users 18 years of age and older. We do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act (15 U.S.C. §§ 6501–6506) or the FTC's COPPA Rule (16 C.F.R. Part 312, as amended effective April 22, 2026). If we learn that we have collected personal information from a child under 13, we will delete it. Parents who believe their child has provided personal information to the Platform may contact privacy@hey42.com.
We are headquartered in the United States. If You access the Platform from outside the United States, You acknowledge that Your personal information will be transferred to, stored, and processed in the United States and other countries, which may not provide the same level of data-protection rights as Your country of residence. Where required (including transfers from the EEA, UK, or Switzerland), we use approved transfer mechanisms such as the EU Standard Contractual Clauses.
Some browsers transmit a “Do Not Track” signal. There is no industry standard for processing such signals; we currently do not respond to Do Not Track. We do, however, honor the Global Privacy Control (GPC) signal.
We may update this Policy from time to time. We will post the revised Policy and update the Effective Date. For material changes, we will provide notice by email and/or in-product notification at least thirty (30) days before the changes take effect, except where shorter notice is required by law.
Questions about this Policy or our privacy practices? Contact privacy@hey42.com or write to 42AI, Inc., Privacy Office, c/o registered agent, Delaware, U.S.A.
© 2026 42AI, Inc. All rights reserved.