Heirloom - Privacy Policy

Last Updated: December 31, 2025

1. Introduction

Heirloom ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use the Heirloom mobile application and web service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

Name: Used to personalize your memoir experience
Email Address: Used for account creation and authentication
Date of Birth: Optional, used for memoir context
Profile Information: Family relationships, biographical information

2.2 Audio Recordings

IMPORTANT: Heirloom collects voice recordings as the core functionality of the app. This requires the RECORD_AUDIO permission.

Voice Recordings: Audio files of your stories and memoirs
Transcriptions: Text transcriptions of your recordings
Purpose: To preserve and share your family stories
Storage: Securely stored in Google Firebase Cloud Storage

2.3 Usage Data

App Interactions: How you use the app (optional analytics)
Device Information: Device type, operating system version
Error Logs: Crash reports and error logs for improving the app

3. How We Use Your Information

We use your information to:

Provide memoir creation and storage services
Enable family sharing features
Transcribe audio recordings using Google Cloud Speech-to-Text
Generate AI interview questions (optional feature)
Improve app functionality and user experience
Ensure account security and prevent fraud
Communicate important service updates

4. Data Storage and Security

Cloud Storage: All data is stored securely on Google Firebase
Encryption in Transit: All data is encrypted using HTTPS/TLS
Encryption at Rest: Audio files and data are encrypted in Firebase Storage
Access Control: Only you and authorized family members can access your memoirs
No Public Access: Your recordings and stories are private by default

5. Data Sharing

We do NOT sell your data. We only share your information with:

Google Firebase/Cloud: Our infrastructure provider (required for service operation)
Google Cloud Speech-to-Text: For audio transcription (processed securely)
Family Members: Only those you explicitly grant access to your memoirs
Legal Requirements: When required by law or to protect our rights

We do NOT share your data with:

Third-party advertisers
Data brokers
Social media platforms (unless you explicitly share)

6. Your Rights

You have the right to:

Access Your Data: View all data we have about you
Delete Your Data: Request deletion of your account and all associated data
Export Your Data: Download your recordings and transcriptions
Correct Your Data: Update or correct your profile information
Revoke Access: Remove family member access to your memoirs
Opt-Out: Disable analytics and optional features

7. Children's Privacy

Heirloom is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

8. Permissions Required

8.1 RECORD_AUDIO Permission

Why we need it: This is the core functionality of Heirloom - to record your voice stories and memoirs.

How we use it: To capture audio recordings when you press the record button in the app.

When we access it: Only when you explicitly start a recording session.

Can you deny it: Yes, but you won't be able to record stories. You can still view and edit existing memoirs.

8.2 Internet Access

Required to sync your memoirs with Firebase cloud storage and enable family sharing.

8.3 Storage Access

Required to temporarily store audio recordings before uploading to cloud storage.

9. Data Retention

Active Accounts: Data retained as long as your account is active
Deleted Accounts: Data permanently deleted within 30 days of account deletion
Backups: Deleted data may persist in backups for up to 90 days
Legal Requirements: Some data may be retained longer if required by law

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Updating the "Last Updated" date at the top
Sending you an email notification (for major changes)
Displaying an in-app notification

11. International Users

Heirloom uses Google Firebase, which may store data in data centers around the world. By using our service, you consent to the transfer of your information to these locations.

12. Third-Party Services

We use the following third-party services:

Google Firebase: Authentication, database, and storage (Privacy Policy)
Google Cloud Speech-to-Text: Audio transcription (Privacy Policy)
Google Gemini API: AI-powered interview question generation (Privacy Policy)
Google Cloud Text-to-Speech: Voice synthesis for question playback (Privacy Policy)
ElevenLabs: Voice cloning technology (optional, with explicit consent) (Privacy Policy)

12.1 Voice Cloning (Premium Feature)

IMPORTANT: Voice cloning is an optional premium feature that requires explicit consent. We use ElevenLabs API to create voice models from your audio recordings.

Data Shared with ElevenLabs: Audio recordings (minimum 3 minutes for Instant Voice, 30+ minutes for Professional Voice)
Purpose: Create a digital voice clone for personalized question playback
Consent: You must explicitly opt-in to voice cloning before any data is shared
Control: You can revoke consent and delete your voice model at any time
Processing: Voice data is processed securely by ElevenLabs and not shared with other third parties

13. iOS-Specific Permissions

On iOS devices, Heirloom requires the following permissions:

13.1 Microphone Access (NSMicrophoneUsageDescription)

Why we need it: To record your voice stories and memoirs
When we access it: Only when you tap the record button
Can you deny it: Yes, but you won't be able to record new stories (you can still view existing memoirs)

13.2 Speech Recognition (NSSpeechRecognitionUsageDescription)

Why we need it: To transcribe your voice recordings to text in real-time
When we access it: During recording sessions when transcription is enabled
Can you deny it: Yes, recordings will still work but automatic transcription will be disabled

13.3 Photo Library (Optional)

Why we need it: To add photos and videos to your memoirs
When we access it: Only when you choose to add media from your library
Can you deny it: Yes, you can still create audio-only memoirs

14. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request disclosure of what personal information we collect, use, and share
Right to Delete: Request deletion of your personal information
Right to Opt-Out: We do NOT sell personal information, so opt-out is not applicable
Right to Non-Discrimination: You will not be discriminated against for exercising your rights

To exercise your CCPA rights: Email privacy@heirloom-app.com with subject line "CCPA Request"

15. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

Right to Access: Obtain a copy of your personal data
Right to Rectification: Correct inaccurate personal data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Export your data in a machine-readable format
Right to Object: Object to processing of your personal data
Right to Withdraw Consent: Withdraw consent for data processing at any time
Right to Lodge a Complaint: File a complaint with your local data protection authority

15.1 Legal Basis for Processing (GDPR)

We process your data based on the following legal grounds:

Consent: Voice cloning, AI interview features (you explicitly opt-in)
Contract Performance: Providing memoir creation and storage services
Legitimate Interests: Improving app functionality, security, fraud prevention
Legal Obligations: Compliance with applicable laws and regulations

16. Do Not Track & Advertising

No Advertising ID: We do NOT use the Advertising Identifier (IDFA) on iOS
No Third-Party Ads: Heirloom does not display third-party advertisements
No Cross-App Tracking: We do not track you across other apps or websites
No Data Selling: We do NOT sell your personal information to any third parties

17. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@heirloom-app.com
Support: support@heirloom-app.com
Project: Heirloom - AI-Powered Memoir Assistant

Response Time: We aim to respond to all privacy inquiries within 48 hours.

18. Your Consent

By using Heirloom, you consent to this Privacy Policy and our collection and use of information as described herein.