Back to Home

Privacy Policy

Last updated: February 2026

At Heirloy, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Information You Provide

  • Account Information: Name, email address, password, and phone number when you create an account
  • Storyteller Information: Name, phone number, and relationship to you when you set up a story session
  • Story Content: Text messages, voice notes, photos, and videos shared during the storytelling journey
  • Payment Information: Payment details processed securely through Sola
  • Buyer Notes: Additional memories or notes you add to the story

Information Collected Automatically

  • Usage Data: How you interact with our service, pages visited, features used
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP addresses, access times, error logs

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our storytelling service
  • Send daily questions to Storytellers via WhatsApp or SMS
  • Process voice notes and transcribe audio content
  • Generate story outputs (PDF, video memoir, flipbook)
  • Fulfill printed book orders
  • Process payments and prevent fraud
  • Send service-related emails and notifications
  • Respond to customer support requests
  • Improve and personalize our service
  • Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

Service Providers

  • WhatsApp Business API: To send and receive messages
  • Twilio: For SMS and voice call functionality
  • Sola: For secure payment processing
  • Microsoft Azure: For cloud hosting and storage
  • OpenAI: For AI-powered story generation and conversation
  • Print fulfillment partners: To produce printed books

With Your Consent

When you share a story via a public link, the content becomes accessible to anyone with that link. You control who receives the sharing link.

Legal Requirements

We may disclose information if required by law, subpoena, or court order, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Story Privacy and Access

Your Stories Are Private

All story content is private by default. Stories are only accessible to the account holder through their dashboard. We do not read, review, or access your stories or conversations. Story content is processed by automated AI systems solely to provide our service (generating questions, compiling outputs), and no Heirloy employee views your content unless you specifically request support assistance.

Shared Stories

If you choose to generate a shareable story (flipbook, video, or PDF), a unique private link is created. This link is not listed anywhere on our website, not indexed by search engines, and cannot be found by browsing. Only people you share the link with can access the story. You are responsible for controlling who you share this link with.

AI Processing

Story content is sent to third-party AI services (OpenAI) for processing. This includes generating follow-up questions, transcribing voice notes, and compiling final story outputs. We do not use your story content to train AI models. OpenAI processes data under our data processing agreement and does not retain your content for training.

5. Data Storage and Security

Storage

Your data is stored on secure Microsoft Azure servers in the United States. Story content, including voice notes and photos, is encrypted at rest.

Security Measures

  • SSL/TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Employee training on data protection

Data Retention

  • Active accounts: Data retained while account is active
  • Story content: Stored free for 1 year after generation; retained as long as a hosting subscription ($29/year) is active
  • Deleted accounts: Personal data deleted within 30 days; story content may be retained longer if shared with family members
  • Backups: Retained for 90 days

6. Your Rights and Choices

Access and Portability

You can request a copy of your data at any time by contacting us. We will provide your information in a commonly used format.

Correction

You can update your account information through your dashboard or by contacting us to correct any inaccuracies.

Deletion

You can request deletion of your account and associated data. Note that some data may be retained as required by law or for legitimate business purposes.

Communication Preferences

You can opt out of marketing emails by clicking the unsubscribe link. Service-related communications cannot be opted out of while using our service.

Storyteller Rights

Storytellers can:

  • Decline to participate before or during the session
  • Request their responses be deleted
  • Opt out of receiving messages at any time by replying "STOP"

7. Children's Privacy

Heirloy is not intended for children under 18. We do not knowingly collect information from children. Stories shared by elderly Storytellers may include memories about their children or grandchildren, but we do not directly collect information from minors.

8. International Data Transfers

If you are located outside the United States, your information will be transferred to and processed in the United States. By using Heirloy, you consent to this transfer.

9. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

  • Right to know what personal information we collect
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at privacy@heirloy.com.

10. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

Our legal basis for processing is your consent (for story content) and contractual necessity (for account management and service delivery).

11. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you signed in
  • Remember your preferences
  • Understand how you use our service
  • Improve our platform

You can control cookies through your browser settings. Disabling cookies may affect the functionality of our service.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

  • Email: privacy@heirloy.com
  • Support: help@heirloy.com

For GDPR-related inquiries, our Data Protection Officer can be reached at dpo@heirloy.com.