Draft — pending legal review. This document was prepared by Heirloom’s team and has not yet been reviewed by an attorney. It is published for transparency while we finalize our terms before public launch. It is not yet a binding agreement.

Privacy Policy

Last updated: June 6, 2026

Heirloom holds some of the most personal content a person can create — the voice, face, and stories of the people you love. This policy explains, in plain language, what we collect, why, how we protect it, and the rights you have over it.

1. Overview

Heirloom (“Heirloom,” “we,” “us”) operates the Heirloom service and is the data controller for the information described here. We have designed Heirloom with the principles of the GDPR and the CCPA in mind and with strong security controls; formal certifications are works in progress, not completed claims.

2. Information we collect

Information you give us

  • Account information: your name, email address, phone number, and — optionally — your date of birth.
  • Your stories: the voice, video, and written stories you record in your family’s archive.
  • Photos and videos: the images and videos you upload, including older photos you scan or import, along with any captions you add.
  • Phone calls: when you or a family member call the Family Line phone service, the call is recorded and transcribed (see “Phone calls and recording” below).
  • Family member information: the names, relationships, email addresses, and phone numbers of the people you invite into your family archive, and the names and dates of birth of any children added.
  • Payment information: handled by our payment processor; we do not store full card numbers.

Information we collect automatically

  • Basic device and browser information, and IP address, for security and abuse prevention.
  • Faces and voices (biometric information): to help your family find and organize memories, we use face recognition to group the people who appear across your photos, and we process the voice in your recordings. See “Faces and voices” below.
  • Audit records of consequential actions (for example, a story being recorded or a family member invited), retained for compliance.
  • Privacy-respecting product analytics that never include the content of your stories.

3. How we use your information

We use your information only to:

  • operate the service — host your family’s archive and make it accessible to the family members you invite;
  • provide the AI features you choose to use (see “AI features” below);
  • operate the Family Line phone service for the people you authorize;
  • send invitation emails to the people you invite into your family;
  • process your monthly subscription;
  • protect the service and our users from fraud and abuse;
  • communicate with you about your account and the service.

4. What we will never do

These are firm commitments, written into how the product is built:

  • We will never train AI on your content. Every request we make to an AI provider explicitly opts your content out of training. Your stories are excluded from any analytics.
  • We will never synthesize or clone a person’s voice. Where you hear a loved one, it is their own real recorded voice — never an artificial imitation.
  • We will never sell or rent your personal information to anyone.
  • We will never use your stories in marketing without your explicit, written opt-in.

5. Phone calls and recording

Heirloom offers a phone service (“the Family Line”) so family members, including those who do not use apps, can take part by phone. When a call connects to the Family Line, the caller hears a notice that the call is recorded, and the recording is transcribed and saved to your family’s archive as a story.

Recording laws differ by location, and some require every person on a call to consent. You are responsible for using the Family Line only with people who understand and agree that the call is recorded. Do not use it to record people without their knowledge. We are actively reviewing this feature with legal counsel and will update both the product and this policy as that review concludes.

6. Faces and voices (biometric information)

To make a family’s photos and recordings searchable and organized — for example, “show me every photo with Grandpa” — Heirloom uses face recognition to group the same person across photos, and processes the voice contained in recordings. Depending on where you live, this may be considered biometric information.

We use it only to operate these features for your family, we never sell it, and we do not use it to identify people outside your family archive. This information is retained while your account is active and deleted when you delete the underlying content or your account, subject to the retention rules below. We are finalizing a formal biometric consent and retention notice with counsel; if you are in a jurisdiction with specific biometric-privacy laws and have questions, contact us.

7. AI features

Heirloom uses AI to help families capture and revisit memories: the Interview Assistant suggests questions; photos can be described and organized automatically; you can ask questions of your own family’s archive and hear answers drawn from what was actually recorded; and the Family Line answers in a natural voice. These features run on vetted AI providers under agreements that prohibit training on your content.

AI answers are assembled from your family’s own recordings and may be imperfect; they are not professional advice. We design these features to draw only from real recorded content rather than to invent details, and we never synthesize a person’s voice.

8. How your content is protected

Your audio, video, and written content is encrypted at rest with AES-256. Encryption keys are managed through a dedicated key-management service, with per-family key isolation, so Heirloom staff cannot read your stories — we can only host them.

Every file is written to durable, versioned storage with a daily integrity check, and a backup copy lives in a separate region. Transport is encrypted with TLS.

9. Service providers

We share the minimum necessary data with vetted service providers who help us run Heirloom — for authentication, database hosting, file storage, transactional email, telephony, AI processing, payment processing, and error monitoring. Each provider is bound by a data-processing agreement and may use the data only to provide their service to us. A current list of subprocessors is available on request.

10. Family members and access

When you invite a family member by email, we send them an invitation containing a single-use link. Anyone holding a valid, unconsumed link can preview one story from your family archive before being asked to sign in. Once a family member accepts an invitation, they have ongoing access to every story in your family archive until they are removed.

Children may be added by name and date of birth without an invitation; a guardian (an adult family member you nominate) holds access on their behalf. Family members can be removed by anyone with the appropriate role; removal revokes their access immediately but does not erase the stories they were able to see while they were members.

11. Your rights

Depending on where you live, you have rights over your personal data, including the right to access it, correct it, export it, and request its deletion. Under the GDPR you may also object to or restrict certain processing; under the CCPA you may opt out of any “sale” of personal information (we do not sell it). To exercise any of these rights, contact hello@yourheirloom.app. We will respond within the timeframes the law requires.

12. Retention and deletion

We retain the stories in your family archive for as long as you keep your account open. When you delete a story, it enters a 30-day quarantine before permanent deletion; this protects against compromised accounts and momentary regret. Audit records are retained as long as needed for legal and compliance purposes.

13. Your data after a storyteller passes

Because Heirloom is a living archive — the family already holds it — nothing changes about access when a storyteller passes away. The stories they recorded remain in the family archive, accessible to the same family members who could already see them. We do not detect or verify deaths, and we do not initiate any new action when one occurs.

The archive may let the family continue to hear that person’s own real recorded voice — for example, by asking the archive a question and hearing a clip they actually recorded. This uses only their real recordings, never a synthesized voice, and we encourage capturing a person’s wishes about this while they are living. We are reviewing the handling of a person’s voice and likeness after death with counsel.

If the deceased was the founder of the family who held the billing relationship, a surviving family member may contact us to update billing details where applicable. The archive itself continues uninterrupted.

14. Cookies

We use a small number of cookies that are necessary to operate the service — primarily to keep you signed in. We do not use advertising or cross-site tracking cookies.

15. Children

Heirloom is for adults. We do not knowingly collect personal information from anyone under 18 as an account holder. Children may be added to a family archive by name and date of birth by a parent or guardian, who holds access on the child’s behalf until the child is old enough to claim their own login. A parent or guardian who wants a child’s information removed can contact us.

16. Changes to this policy

We may update this policy. Material changes will be announced by email and reflected in the “last updated” date above.

17. Contact

For privacy questions or to exercise your rights, contact hello@yourheirloom.app. Security concerns can be sent to security@yourheirloom.app.