How we handle your data.
EFFECTIVE 2026-05-09 · LAST UPDATED 2026-05-09
Who we are
Tomjar Invest AB ("we", "us", "our") operates Hey Molly (heymolly.io and app.heymolly.io).
- Tomjar Invest AB
- Organization number: 559317-2520
- Sweden (EU)
- Contact: hello@heymolly.io
We are the data controller for personal data we collect through Hey Molly.
What information we collect
Account information
- Email address
- Name
- Password (stored as hashed values, never in plain text)
- Profile photo (if you upload one)
Subscription information
- Billing address (collected via Stripe)
- VAT/Tax ID, if applicable (collected via Stripe)
- Payment information — handled entirely by Stripe; we don't store credit card details
- Subscription status, plan, and billing history
Content you create
- Brand profiles you create
- Domains you connect
- Content you generate (blog posts, social posts, emails, etc.)
- Images you generate or upload
- Chat conversations with Molly
Usage data
- Word and image quotas used per billing cycle
- Features used
- Login times and session activity (for security)
Technical data
- IP address (for security and abuse prevention)
- Browser type and version
- Device information
- Approximate location (country/region, derived from IP)
What we don't collect
- Credit card numbers (handled by Stripe)
- Social Security numbers or other government IDs
- Health information
- Information about minors (Hey Molly is not for users under 16)
How we use your information
We use your information to:
- Provide Hey Molly's services to you
- Process subscription payments via Stripe
- Send transactional emails (account confirmations, billing receipts, usage notifications)
- Improve the product based on aggregated usage patterns
- Detect and prevent fraud or abuse
- Comply with legal obligations (e.g., tax records)
We do not:
- Sell your data to third parties
- Use your generated content to train AI models
- Share your content with other users
- Send marketing emails without your consent
- Use your data for purposes you haven't agreed to
AI processing
Hey Molly uses Google's Gemini AI models to:
- Analyze your brand voice from your website
- Generate content (blog posts, social posts, emails, images)
- Power Molly Chat
When we send your content to Gemini for processing:
- Data is processed under Google Cloud's data processing agreements
- Your content is not used by Google to train their models
- Data is processed in EU data centers when possible
Where your data is stored
Your data is stored on Lovable Cloud infrastructure, primarily in EU data centers when available. We follow GDPR requirements for data residency and protection.
Your rights (GDPR)
As an EU resident, you have the right to:
- Access: request a copy of your data
- Correction: update inaccurate data
- Deletion: request deletion of your account and data
- Portability: export your data in a machine-readable format
- Restriction: limit how we process your data
- Objection: object to specific processing
- Withdraw consent: where processing is based on consent
To exercise these rights, email hello@heymolly.io. We respond within 30 days. You can also export your data anytime through Settings → Account → Export your data.
How long we keep your data
- Account data: as long as your account is active, plus 90 days after deletion (for billing/legal records)
- Billing records: 7 years (Swedish accounting law requirement)
- Content you create: until you delete it or close your account
- Usage logs: 12 months for security purposes
Third parties we work with
- Stripe — payment processing (stripe.com/privacy)
- Lovable Cloud — hosting infrastructure
- Google Cloud / Gemini — AI processing
- Resend — transactional email delivery
These services have their own privacy policies. We have data processing agreements with each.
Security
We implement appropriate technical and organizational measures to protect your data:
- TLS 1.3 encryption for data in transit
- Encrypted database storage
- Access controls and authentication
- Regular security reviews
No method of transmission or storage is 100% secure. We do our best to protect your data and notify you of breaches as required by GDPR.
Children
Hey Molly is not directed to children under 16. We do not knowingly collect data from anyone under 16. If you believe we have collected such data, contact us at hello@heymolly.io and we will delete it.
Changes to this policy
We may update this Privacy Policy. Material changes will be communicated via email and shown in the app. Continued use after changes constitutes acceptance.
Complaints
If you have concerns about how we handle your data, please first contact us at hello@heymolly.io.
You also have the right to file a complaint with your local data protection authority. In Sweden, this is the Integrity Protection Authority (Integritetsskyddsmyndigheten / IMY): www.imy.se.
Contact
For privacy questions or to exercise your rights:
- Tomjar Invest AB
- Organization number: 559317-2520
- Email: hello@heymolly.io (subject: "Privacy request")
Get in touch.
Questions about your data, or want to exercise a GDPR right? Email us with the subject "Privacy request".
hello@heymolly.io