HeartToldHeartTold

Privacy Policy

Last updated: 29 March 2026

1. About HeartTold

HeartTold ("we", "us", "our") is a service that helps families preserve their stories through AI-guided interviews and memoir generation. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use HeartTold at hearttold.com.

This policy applies to users in the United States, the United Kingdom, and Australia. We comply with the California Consumer Privacy Act (CCPA), the UK General Data Protection Regulation (UK GDPR), and the Australian Privacy Act 1988.

2. Information We Collect

  • Account information: Email address and display name when you create an account.
  • Interview content: Audio recordings, transcripts, and text responses you provide during interviews. This content may include personal and family narratives.
  • Generated content: Memoir drafts and stories produced from your interviews.
  • Payment information: Billing details processed securely by Stripe. We do not store card numbers.
  • Usage data: Pages visited, features used, and session duration, collected via PostHog analytics.
  • Device information: Browser type, operating system, and IP address.

3. How We Use Your Information

  • To provide the HeartTold service, including conducting AI interviews and generating memoirs.
  • To process payments and manage your subscription.
  • To send transactional emails (account confirmation, receipts, memoir delivery).
  • To improve our product through aggregated, anonymised analytics.
  • To respond to support requests.

We use Anthropic's Claude AI to process interview content and generate memoir text. Content sent to Claude is governed by Anthropic's usage policies. We do not use your family stories to train AI models without explicit consent.

4. Data Storage and Security

Your data is stored in Supabase (hosted on AWS). Audio recordings and generated documents are stored in Supabase Storage. We use industry-standard encryption in transit (TLS) and at rest.

We treat family narratives as highly sensitive data and apply strict access controls. Only you and people you explicitly invite can access your interview content and memoirs.

5. Sharing Your Information

We do not sell your personal information. We share data only with:

  • Anthropic — to process interview content via the Claude API.
  • Stripe — to process payments.
  • Supabase — for database and file storage.
  • PostHog — for anonymised product analytics.
  • Resend — to send transactional emails.

All third-party processors are bound by data processing agreements.

6. Your Rights

Depending on your location, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information.
  • Delete your account and all associated data (right to erasure).
  • Export a copy of your data in a portable format.
  • Opt out of marketing communications at any time.
  • Object to processing of your data (UK GDPR / AU Privacy Act).

To exercise any of these rights, email us at hello@hearttold.com. We will respond within 30 days.

You can delete your account and all data from within the app under Settings → Account → Delete Account.

7. Cookies

We use essential cookies to maintain your login session and functional cookies to remember your preferences. Analytics cookies (PostHog) are used to understand how the product is used. You can manage cookie preferences via the cookie consent banner on your first visit.

8. Children's Privacy

HeartTold is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required by law to retain it (e.g., billing records for 7 years under tax laws).

10. Changes to This Policy

We may update this policy from time to time. We will notify you by email and update the "Last updated" date above. Continued use of HeartTold after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions or to exercise your rights:

Email: hello@hearttold.com

Note: This policy is a working document. Lawyer review is recommended before commercial launch, particularly for payment, health, or children's data features.