Privacy Policy

Last updated: April 9, 2026  ·  Effective: April 9, 2026

Before publishing, replace the bracketed company-name and mailing-address placeholders below with HeirStories' final legal details.

This Privacy Policy explains how HeirStories ("HeirStories," "we," "us," or "our") collects, uses, stores, discloses, and otherwise processes personal information when you use our websites, applications, hosted software, memorial pages, story tools, AI-assisted features, payment flows, digital-heir workflows, support tools, and related services (collectively, the "Service").

This Privacy Policy should be read together with our End User License Agreement and Terms of Service.

1. Scope

This Privacy Policy applies to personal information we collect from account holders, invited readers, invited collaborators, designated digital heirs, memorial visitors, support requestors, and other individuals who interact with the Service.

2. Information We Collect

A. Information you provide directly

  • Account and profile information: first name, last name, full name, email address, phone numbers, date of birth, profile photo, preferred speech language, and similar profile details.
  • Story and memorial content: chapter titles, descriptions, story text, briefs, prompts, life-period information, city, state, country, uploaded photos, uploaded videos, and related metadata.
  • Invitation and relationship information: names, email addresses, relationship labels, invitation types, invite status, and related records for readers, collaborators, and digital heirs.
  • Digital-heir information: designated heir email address, designation status, heir-session activity, deceased dates submitted through the Service, memorial preferences, and heir actions taken through the dashboard.
  • Contact and support submissions: your name, email address, subject line, message contents, and any follow-up correspondence.
  • User-generated exports and uploads: PDF exports, profile-picture uploads, chapter-media uploads, and content you create or store in the Service.

B. Information collected automatically

  • Authentication and session information: session IDs, refresh-token records, session expiration timestamps, login timestamps, and related security events.
  • Device and usage information: browser type, operating system, IP address, general app activity, page or route access, feature usage, notification status, and timestamps.
  • Cookie and token data: Service cookies such as session and refresh cookies, heir-session cookies, and technical state values used to complete authentication flows.
  • Security and anti-abuse data: rate-limit data, suspicious-activity indicators, support and moderation records, and reCAPTCHA verification signals where enabled.

C. Information from third parties

  • Google sign-in: if you choose Google authentication, we may receive your Google account identifier, name, email address, and profile image made available through the selected Google scopes.
  • Payment providers: we receive payment status, subscription status, billing period, customer IDs, subscription IDs, payment intent IDs, invoice events, and similar billing metadata from providers such as Stripe. We do not receive or store your full payment card number or CVV.
  • AI providers: when you use AI features, we receive AI-generated output and token/usage metadata from the AI provider handling the request.

3. How We Use Personal Information

We use personal information to:

  • create, authenticate, maintain, and secure your account;
  • provide story-writing, reading, collaboration, memorial, and digital-heir features;
  • send magic-link login emails, invitation emails, billing emails, support responses, and other service communications;
  • process subscriptions, renewals, downgrades, cancellations, one-time purchases, payment failures, and fraud-prevention checks;
  • store, render, organize, search, export, and display your content based on your visibility settings and the Service's workflows;
  • operate AI-assisted features such as polish, interview prompts, summaries, translations, obituary drafts, eulogy drafts, and historical-context features;
  • administer reader, collaborator, and digital-heir invitations and related access decisions;
  • provide customer support, moderation, abuse prevention, auditing, troubleshooting, and service analytics;
  • protect the rights, safety, integrity, and security of the Service, our users, and the public;
  • comply with legal obligations, court orders, enforcement requests, and dispute-resolution needs.

4. Legal Bases for Processing

If you are in a jurisdiction that requires a legal basis for processing, we generally rely on one or more of the following:

  • Contract: when processing is necessary to provide the Service you requested.
  • Legitimate interests: when processing is reasonably necessary for security, fraud prevention, product improvement, support, moderation, and business operations, and those interests are not overridden by your rights.
  • Consent: where we specifically ask for it or where law requires it.
  • Legal obligation: when we must process data to comply with applicable law.

5. AI Processing

When you use AI-assisted features, we may send the content you submit for that feature, along with relevant surrounding context, to a third-party AI provider selected by our configuration. Depending on the feature, that may include your chapter text, life period, title, location details, recipient name, relationship, and cross-chapter context.

  • We use this information to generate the output you requested.
  • We may log the feature used, credits consumed, token counts, associated chapter IDs, and timestamp.
  • You are responsible for deciding what information you submit to AI features.

6. Google Sign-In and Google User Data

If you choose Google sign-in, we use Google account data only to authenticate you, create or link your HeirStories account, and display basic account identity information in the Service. We do not use Google user data for advertising or unrelated profiling.

HeirStories' use and transfer of information received from Google APIs will comply with applicable Google API Services and Google Identity requirements, including the Limited Use requirements where they apply.

7. How We Share Personal Information

We do not sell your personal information for money. We may share personal information in the following circumstances:

  • With service providers: including providers for hosting, storage, email delivery, billing, fraud prevention, identity services, analytics, support tooling, and AI processing.
  • With other users you authorize: such as readers, collaborators, invited users, and designated digital heirs, based on your account settings, memorial settings, release settings, and invitation activity.
  • With memorial visitors or the public: for story or memorial content that you or an authorized heir make public through the Service.
  • With legal or safety recipients: if we believe disclosure is necessary to comply with law, protect rights or safety, prevent fraud or abuse, enforce our agreements, or respond to lawful requests.
  • With transaction counterparties: in connection with a merger, acquisition, financing, reorganization, sale of assets, insolvency event, or similar corporate transaction.

8. Cookies and Similar Technologies

We use cookies and similar technical mechanisms to operate and secure the Service. Depending on configuration, these may include:

  • sessionToken: used to keep you signed in to your main HeirStories account.
  • refreshToken: used to renew authentication sessions.
  • heirSessionToken: used for designated digital-heir access.
  • OAuth and anti-abuse state values: used to complete sign-in and security checks.

These technologies are used for authentication, security, fraud prevention, session continuity, and service functionality rather than behavioral advertising.

9. Data Retention

  • We keep personal information for as long as reasonably necessary to provide the Service, maintain account functionality, and fulfill the purposes described in this Privacy Policy.
  • Account content may remain available until you delete it, your account is deleted, or we remove it under our policies.
  • Billing, support, audit, abuse-prevention, heir-action, and legal-compliance records may be retained longer where reasonably necessary or required by law.
  • Backups and logs may persist for a limited period after deletion requests.

10. Account Deletion and Content Removal

The Service includes account-deletion functionality. When you delete your account, we will delete or de-identify relevant account data within a reasonable period, except where we need to retain information for legal compliance, security, fraud prevention, dispute resolution, financial recordkeeping, backup integrity, or enforcement purposes.

Publicly shared or memorialized content may continue to exist in copies, archives, caches, screenshots, exports, or third-party systems outside our control even after removal from the Service.

11. Security

We use administrative, technical, and organizational measures designed to protect personal information, including measures such as:

  • HTTPS/TLS for data in transit where configured and deployed;
  • HTTP-only session cookies and refresh-token handling;
  • token hashing for stored refresh tokens;
  • access controls and role-based internal admin access;
  • security headers, rate limiting, and file-type validation for uploads;
  • separate heir-session handling for deceased-account workflows.

No system is perfectly secure, and we cannot guarantee absolute security. You also play a role in protecting your data by securing your email account and devices.

12. International Data Transfers

HeirStories and its service providers may process personal information in the United States and other countries where privacy laws may differ from those in your jurisdiction. Where required, we rely on appropriate safeguards for international transfers.

13. Your Privacy Rights

Depending on where you live, you may have rights such as:

  • to access personal information we hold about you;
  • to correct inaccurate personal information;
  • to request deletion of certain personal information;
  • to request a portable copy of certain information;
  • to object to or restrict certain processing;
  • to withdraw consent where processing is based on consent;
  • to appeal or complain to a regulator where permitted by law.

Some of these rights can be exercised directly in the Service, such as profile editing, account deletion, and certain export features. For other requests, please contact us using the details below.

14. California Privacy Disclosures

If you are a California resident, you may have rights under California privacy law, including rights to know, delete, and correct certain personal information, subject to exceptions. We do not sell personal information for money and do not share personal information for cross-context behavioral advertising as described in this Privacy Policy.

15. Children's Privacy

The Service is intended for adults. We do not knowingly offer the Service to children under 18 or knowingly collect personal information directly from children under 18 for independent use of the Service. If you believe a child has provided us personal information improperly, please contact us.

16. Third-Party Sites and Services

The Service may link to or integrate with third-party services, including Google and Stripe. We are not responsible for the privacy practices of those third parties, and your interactions with them are governed by their own policies and terms.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify you through the Service, by email, or by updating the effective date at the top of this page. Your continued use of the Service after the updated policy becomes effective means the updated policy applies to your continued use.

18. Contact Us

For privacy questions, data-rights requests, or complaints, contact:

[Insert HeirStories Legal Entity Name]
Privacy / Support Email: support@heirstories.com
Contact Page: /contact
Mailing Address: [Insert HeirStories Mailing Address]