Our Promise: Your family's memories are sacred. We collect only what's necessary to deliver the Heirloom experience, we never sell your data, and we give you full control over what you've shared.
Table of Contents
1. Information We Collect
Account Information
- Email address: used for magic-link authentication and weekly digest emails
- Family name: used to organize your family vault
Family Memories & Content
When you use Heirloom, you may upload:
- Written stories and moments: text descriptions of family memories
- Photos: images of family members, events, and documents
- Videos: family video recordings and messages
- Voice recordings: audio stories and voice memos
- Metadata: dates, names of family members, event types, and descriptive tags you provide
Automatically Collected Information
- Submission timestamps: when memories are uploaded
- Basic usage data: pages visited, features used (no third-party tracking)
- Device information: browser type and screen size (for optimizing the experience)
2. How We Use Your Information
We use your information exclusively to provide and improve the Heirloom service:
- Preserve your memories: store and organize family content in your private vault
- AI-powered insights: analyze memories to extract themes, wisdom, and connections
- Memory Keeper conversations: power AI conversations about your family history
- Voice transcription: convert audio recordings to searchable text
- Weekly digest emails: send summaries of your family's preserved moments
- Authentication: verify your identity via magic link emails
- Service improvement: understand usage patterns to make Heirloom better (aggregated, non-personal)
We never: sell your data, share your family memories with other families, use your content for advertising, or allow third parties to mine your information.
3. AI Processing & Your Data
Heirloom uses artificial intelligence to enrich your family vault:
- Anthropic (Claude): powers the Memory Keeper AI conversations and moment analysis. Your family content is sent to Anthropic's API for processing. Anthropic does not use customer data to train their models.
- OpenAI (Whisper): used for voice-to-text transcription of audio recordings. Audio is processed and the transcript is returned. OpenAI does not use API data for training.
- ElevenLabs: powers Sage Speaks (voice cloning). Voice samples you upload are used to create a private voice profile for your family. ElevenLabs does not use customer voice data to train shared models.
AI processing is performed only to deliver features you explicitly use. We do not bulk-process your content for purposes beyond what you've requested.
Memorygram — Our Proprietary Family-Memory Model
We are building Memorygram, a proprietary AI model specifically trained to understand how families preserve voice, stories, and wisdom across generations. Memorygram is Heirloom's own model, not a third-party service.
Training data consent is explicit and opt-in. By default, your moments are never used to train any model. If you choose to help Memorygram learn (toggle available in Settings), the following applies:
- Anonymization: identifying details (names, dates, specific places) are removed or replaced before training use.
- Aggregation only: no individual moment or voice sample becomes part of the model directly. Only emergent patterns across thousands of families inform Memorygram.
- Opt-out anytime: turning off training consent stops future training use of your data immediately. Data already used in completed training cannot be removed from a trained model, but no new training will include your content.
- Separation: your private vault is never exposed to other families. Memorygram learns patterns, not individual memories.
If you want your previously consented data excluded from our next training run, email hello@tryheirloom.family and we will honor the request within 30 days.
4. Data Storage & Security
Where Your Data Lives
- Database: Supabase (PostgreSQL), hosted on secure cloud infrastructure
- Media files: Cloudinary, with secure upload and delivery
- Encrypted backups: redundant storage for sealed legacy moments
Security Measures
- HMAC-SHA256 signed authentication tokens
- HTTPS encryption for all data in transit
- Passwordless authentication (no passwords to steal)
- Environment-variable based secrets management
- Cross-Origin security headers (COEP/COOP) for browser-side processing
While we take security seriously and implement industry-standard protections, no system is 100% secure. We continuously work to improve our security posture.
5. Information Sharing
We share your information only with the service providers necessary to operate Heirloom:
- Supabase: database hosting
- Cloudinary: media file storage and delivery
- Anthropic: AI conversation and analysis
- OpenAI: voice transcription
- ElevenLabs: voice cloning for Sage Speaks
- Resend: transactional email delivery
- Netlify: web hosting and serverless functions
- Stripe: payment processing
We may also disclose information if required by law, to protect our rights, or to prevent fraud or abuse.
6. Your Rights & Choices
You have control over your data:
- Access: view all memories stored in your vault at any time via the dashboard
- Export: request a full export of your data by contacting us
- Deletion: request deletion of your account and all associated data
- Correction: update or correct any information in your vault
- Email preferences: unsubscribe from weekly digests at any time
To exercise these rights, email us at hello@tryheirloom.family. We will respond within 30 days.
7. Children's Privacy
Heirloom is designed for adults managing family memories. We do not knowingly collect information from children under 13. Family memories may naturally include references to or photos of children, uploaded by their parents or guardians. If you believe a child under 13 has independently created an account, please contact us and we will promptly delete it.
8. Cookies & Analytics
Heirloom uses minimal cookies:
- Authentication token: stored in your browser's localStorage to keep you signed in
- No third-party tracking cookies: we do not use Google Analytics, Facebook Pixel, or any advertising trackers
- No cross-site tracking: your browsing behavior is not shared with anyone
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice on the site. The "Effective Date" at the top of this page will always reflect the most recent revision.
10. Contact Us
If you have any questions about this Privacy Policy or how we handle your data:
- Email: hello@tryheirloom.family
- Website: tryheirloom.family