Privacy Policy

Last updated: April 24, 2026

Heirloom ("we," "our," or "the app") helps families preserve stories from the people they love. We take privacy seriously because the memories you record in Heirloom are personal and irreplaceable. This policy explains what we collect, how we use it, and the choices you have.

1. Who we are

Heirloom is operated by Jackson Estes ("Heirloom"). If you have questions about this policy or your data, contact us at privacy@getheirloomapp.com.

2. Information we collect

2.1 Information you provide

• Storyteller profiles — the name, relationship, optional birthday, optional bio, and contact info (phone number or email) you add for people you want to record.
• Family viewer profiles — the name, relationship, and contact info of people you invite to watch responses.
• Prompts you send — the text of questions you send to storytellers.
• Video responses — video recordings created in response to prompts, along with duration and optional transcripts.
• Account color / avatar preferences — cosmetic choices that customize profile cards.

2.2 Information collected automatically

• Anonymous user ID — when you first open Heirloom, we create an anonymous Firebase Authentication account. This ID lets your data sync across your own devices. It is not tied to your real identity.
• Device and usage data — via Firebase Analytics, we collect app launches, feature usage, and crash reports to improve the app. This includes approximate device type, iOS version, and anonymous event metrics.
• Crash diagnostics — via Firebase Crashlytics, we collect stack traces and non-fatal error reports when the app misbehaves, so we can fix bugs.

2.3 Information we do not collect

• We do not ask for your real name, email, or phone number to use the app.
• We do not collect precise location data.
• We do not access your camera roll, microphone, contacts, or photo library until you explicitly grant permission, and only for the feature you're using.
• We do not sell your data.
• We do not use your data to train AI models.

3. How we use information

• Sync and backup — your profiles, prompts, and responses are stored in Google Firebase (Firestore for text, Firebase Storage for video) so you can access them across devices.
• Send invitations — when you invite a storyteller or viewer, we use the phone number or email you provide to send an SMS or email invitation via your device's built-in messaging apps. We do not store or share that contact info beyond what's needed to display the invitation status in the app.
• Scheduled prompts — if you enable auto-prompts, the app automatically sends a new question to a storyteller on your chosen cadence. You can pause or remove this at any time.
• Improve the app — aggregated analytics and crash reports help us prioritize bug fixes and new features.

Legal basis for processing (GDPR): If you are located in the EU or UK, we process your data under the following bases: contract performance — to provide the core service you've signed up for; legitimate interests — for analytics and security, where those interests are not overridden by your rights; and consent — for optional features such as analytics, which you may withdraw at any time.

4. Who can see your data

• You — you can read and write all of your own profiles, prompts, and responses.
• Invited viewers — family members you explicitly invite can view responses shared with them. They see only what you grant them access to.
• Nobody else — our Firebase security rules restrict access to your own data tree. No other Heirloom user can read your content.
• Google / Firebase — our hosting provider stores your data on its servers and processes it solely to provide the service. Google and Heirloom operate under a Data Processing Agreement (DPA). For EU/UK users, Firebase's Standard Contractual Clauses govern international data transfers. See Google's privacy policy at policies.google.com/privacy.
• Law enforcement — we will disclose data only if required by valid legal process, and will attempt to notify you unless prohibited by law.

5. Permissions

Heirloom requests these iOS permissions only when the feature that needs them is used:

• Camera — to record video responses.
• Microphone — to capture audio with your video responses.
• Photo Library — to save responses to your library or import existing videos.
• Contacts — to make it faster to invite family members as storytellers or viewers.

You can revoke any permission at any time in iOS Settings → Heirloom.

6. Data retention and deletion

• Your data stays in Heirloom until you delete it.
• Deleting a profile, prompt, or response in the app removes it from our servers immediately.
• Deleting your account — use Settings → Delete Account within the app, or email us at privacy@getheirloomapp.com with the anonymous user ID shown in Settings → About. We will permanently delete your data within 30 days.
• Analytics and crash logs are retained by Firebase for up to 26 months and are not tied to your anonymous user ID in a way that would let us link them back to you.

7. Children's privacy

Heirloom is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has used Heirloom without parental consent, contact us and we will delete the associated data.

8. Security

• All traffic between the app and our servers uses TLS encryption.
• Data at rest is encrypted by Google Firebase.
• Access is controlled by per-user security rules enforced at the database and storage layer.
• We use anonymous authentication by default — there is no password for an attacker to steal.

No system is perfectly secure. If you suspect a breach, email security@getheirloomapp.com.

9. Your rights

You have the right to:

• Access a copy of the data we hold about you.
• Correct inaccurate information.
• Delete your data.
• Export your responses as video files.
• Opt out of analytics (iOS Settings → Heirloom → Analytics — or uninstall the app).

For California residents (CCPA) and EU/UK residents (GDPR), you have the same rights plus the right to lodge a complaint with your local regulator. We do not sell personal information.

10. International users

Heirloom's servers are located in the United States. If you use Heirloom from outside the US, your data will be transferred to and processed in the US. By using the app you consent to this transfer.

11. Changes to this policy

We may update this policy as the app evolves. Material changes will be announced in-app. Continued use of Heirloom after a change indicates acceptance of the new policy. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Email: privacy@getheirloomapp.com
Mailing address: 2140 S Carroll Rd, Indianapolis, IN 46239

Heirloom is built with care. Thank you for trusting us with your family's stories.