Trust

A space built to last,
in their voice.

An archive of voice and stories is only as good as the system holding it. Here’s what we built — and what we promise — to make sure yours stays safe and accessible.

Our commitment, in plain English.

Your stories are encrypted, stored across multiple providers, and verified daily. They’re visible only to members of your family. AI never trains on them. If Heirloom itself fails, the archive outlives us. None of this is marketing language — it’s the actual architecture.

The architecture

How your archive stays safe.

Each layer assumes the layer above it might fail. That’s the point.

  1. Layer 1

    Multi-region storage

    Every recording is written to two independent storage providers in different regions before we mark it saved. A daily checksum job verifies both copies match. A third cold-archive copy in AWS Glacier joins them at public launch.

  2. Layer 2

    Encryption you control

    Your content is encrypted at rest with AES-256 using keys managed by AWS KMS. Each family gets isolated keys. Heirloom employees cannot decrypt your stories — we can only host them.

  3. Layer 3

    Family-scoped access

    Stories are only ever visible to members of the family that owns them. Passwordless magic-link sign-in for everyone; we never store family passwords because there aren’t any.

  4. Layer 4

    No AI training on your content

    Every API call we make to AI providers explicitly opts your content out of training. We do not include your recordings in any analytics. The only AI that ever sees your content is the Interview Assistant when you choose to use it.

  5. Layer 5

    Continuity beyond Heirloom

    If Heirloom shuts down, our archive code becomes open-source the same day, and a partner cooperative continues hosting families’ archives. No business outcome erases your stories.

Five things we will not do

Promises kept by saying no.

  • We will not train AI on your content.
  • We will not sell or share your content with third parties.
  • We will not use customer recordings in marketing without explicit written opt-in.
  • We will not promise future delivery of any kind — the archive is yours, today.
  • We will not delete anything in less than 30 days.

Want the technical details?

Our security page covers encryption, audit logging, threat model, and the compliance commitments behind the trust posture above.

Read the security overviewStart your archive