Privacy Policy

How we collect, use, and protect your information

Last Updated: February 27, 2025

🔒

Our Privacy Commitment

Your trust is paramount. We never sell your personal data or uploaded content to third parties. Your family memories are yours alone.

1. Introduction

Heirloomify ("we," "us," or "our") operates the heirloomify.ai website and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

By using Heirloomify, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide when you:

Create an account: Name, email address, password
Update your profile: Profile photo, display preferences, contact information
Upload content: Photos, videos, documents, and associated metadata (file names, dates, locations if embedded)
Communicate with us: Support inquiries, feedback, survey responses
Set up beneficiaries: Names and contact information of designated beneficiaries

2.2 Information Automatically Collected

When you use our Service, we automatically collect:

Usage data: Pages viewed, features used, time spent, click patterns
Device information: IP address, browser type, operating system, device identifiers
Cookies and tracking: Session cookies, authentication tokens, analytics data
Log data: Error logs, performance metrics, access times

2.3 Information from Third Parties

We may receive information from:

Authentication providers: If you sign in using Google or other OAuth providers
Payment processors: Stripe for subscription billing (we do not store credit card numbers)
Digitization vendors: If you authorize a vendor to upload content on your behalf

3. How We Use Your Information

We use collected information to:

Provide the Service: Store, organize, and display your uploaded content
Process your content: Generate thumbnails, extract metadata, perform facial recognition (if enabled)
Authenticate access: Verify your identity and manage your account
Enable features: Family sharing, beneficiary notifications, Dead Man's Switch
Process payments: Handle subscription billing and invoicing
Communicate with you: Send service updates, security alerts, support responses
Improve the Service: Analyze usage patterns, fix bugs, develop new features
Ensure security: Detect fraud, prevent abuse, enforce our terms
Comply with legal obligations: Respond to lawful requests, protect rights

4. Facial Recognition Technology

⚡ OPTIONAL FEATURE: You have full control

Our facial recognition feature is optional and works as follows:

Automatically detects faces in uploaded photos using AI models
Creates mathematical representations (facial embeddings) for matching
Allows you to tag detected faces with names
Helps you search and organize photos by person
All processing occurs on secure cloud infrastructure
Facial data is never sold or shared with third parties
You can disable this feature at any time in your account settings

If you disable facial recognition, we will delete all facial embeddings associated with your account.

5. Data Storage and Security

5.1 Where We Store Data

Your data is stored using the following services:

Google Cloud Storage: Photos, videos, and documents
Supabase (PostgreSQL): Account information, metadata, family relationships
Google Cloud Run: Application backend and API services

All services are hosted in secure data centers with industry-standard physical and network security.

5.2 Security Measures

We implement multiple layers of security:

Encryption in transit: All data transmitted using HTTPS/TLS
Encryption at rest: All stored files are encrypted
Access controls: Role-based permissions limit who can access what
Authentication: Secure password hashing, optional two-factor authentication
Monitoring: Continuous security monitoring and intrusion detection
Regular audits: Periodic security assessments and updates

5.3 Your Responsibility

Important: While we implement strong security measures, no system is 100% secure. You are responsible for maintaining independent backups of critical data.

6. How We Share Your Information

✓ WE DO NOT SELL YOUR PERSONAL DATA

We share your information only in these limited circumstances:

6.1 With Your Consent

Family members you explicitly invite to your vault
Beneficiaries you designate to receive access
Digitization vendors you authorize to upload content

6.2 Service Providers

We share data with trusted service providers who help us operate the Service:

Cloud infrastructure: Google Cloud Platform (storage, computing)
Database: Supabase (PostgreSQL hosting and authentication)
Payment processing: Stripe (subscription billing)
Email delivery: Resend (transactional emails)
Analytics: Privacy-focused analytics tools (if implemented)

All service providers are contractually obligated to protect your data and use it only to provide their services to us.

6.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests (subpoenas, court orders) or to protect our rights, safety, or property.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and data
Portability: Export your data in a machine-readable format
Opt-out: Unsubscribe from marketing communications
Object: Object to certain processing of your data
Restrict: Request limitation of how we process your data

To exercise any of these rights, contact us at privacy@heirloomify.ai

8. Data Retention

We retain your information for as long as:

Your account is active and you continue to use the Service
Necessary to provide the Service and fulfill transactions
Required by law or to resolve disputes
Needed for legitimate business purposes (security, fraud prevention)

When you delete your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law or for legitimate business reasons.

9. Children's Privacy

Heirloomify is not intended for users under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@heirloomify.ai and we will delete it.

Note: You may upload photos of minors as part of your family archive, but you must have legal authority to do so (parent, legal guardian, or with appropriate consent).

10. International Data Transfers

Heirloomify operates globally. Your information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Keep you signed in between sessions
Remember your preferences and settings
Understand how you use the Service
Improve performance and user experience

You can control cookies through your browser settings, but disabling them may limit Service functionality.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Updating the "Last Updated" date
Sending an email to your registered email address
Displaying a prominent notice on the Service

Your continued use after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Privacy Officer: Heirloomify Privacy Team
Email: privacy@heirloomify.ai
Support: support@heirloomify.ai
Website: heirloomify.ai

Back to Home