Privacy Policy

Last updated: February 24, 2026

1. Introduction

Heirloom ("we," "our," or "us") provides a platform that helps families record, preserve, and share their stories. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, and password when you create an account.
  • Profile information: display name and avatar image.
  • Story content: voice recordings, text stories, transcriptions, subjects, tags, and people you mention.
  • People & circles: names and contact information of family members you add to the platform.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, and interaction patterns.
  • Device information: browser type, operating system, and device identifiers.
  • Log data: IP address, access times, and referring URLs.

2.3 Third-Party Sign-In

If you sign in using Google, we receive your name, email address, and profile picture from Google. We do not receive your Google password.

3. How We Use Your Information

  • Provide, maintain, and improve the Service.
  • Process and store your stories, recordings, and transcriptions.
  • Facilitate sharing stories with people and circles you choose.
  • Send transactional emails (e.g., invitations, account verification).
  • Respond to your support requests.
  • Detect, prevent, and address technical issues or abuse.

4. Data Storage & Security

Your data is stored securely using Supabase (backed by PostgreSQL) with row-level security policies ensuring that only you can access your data unless you explicitly share it. Audio files are stored in encrypted cloud storage. We use industry-standard security measures including HTTPS encryption in transit and encryption at rest.

5. Sharing of Information

We do not sell, rent, or trade your personal information. We may share data in the following limited circumstances:

  • With your consent: when you share stories with specific people or circles.
  • Service providers: third-party services that help us operate (e.g., transcription via OpenAI, email delivery, hosting). These providers are contractually obligated to protect your data.
  • Legal requirements: when required by law, regulation, or legal process.

6. Cookies & Local Storage

We use cookies and browser local storage to maintain your authentication session and remember your theme preference. We do not use cookies for advertising or cross-site tracking.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and all associated data.
  • Export your stories and data in a portable format.
  • Withdraw consent for data processing at any time.

To exercise any of these rights, please contact us at the email address below.

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at support@heirloom.fm.