Privacy Policy

Introduction

This Privacy Policy explains how Heartfelt ("we", "us", or "our") collects, uses, and protects your personal information when you use our services at heartfeltapp.com, app.heartfeltapp.com, and our mobile applications (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you have any questions, contact us at support@heartfeltapp.com.

Information We Collect

Account Information

• Email address -- provided during sign-up or via Google OAuth
• Password -- securely hashed by Firebase Authentication (we never store plaintext passwords)
• Google account data -- if you sign in with Google, we receive your name and email from Google OAuth

Profile Information

• Names of the couple (used for note personalization)
• Mailing address (optional, for return address on notes)
• Preferred language
• Profile photo (optional)

Guest and Gift Data

• Guest names
• Guest mailing addresses and email addresses
• Gift descriptions and memories
• Generated thank-you notes

Voice and Audio Data

• Voice recordings are temporarily sent to the Google Gemini API for transcription
• Audio data is processed in real time and is not stored on our servers

Generated Content

• AI-generated thank-you note drafts based on your gift and guest data

Payment Information

• Payment processing is handled entirely by Stripe
• We do not collect, store, or have access to your credit card numbers or banking details
• We receive confirmation of successful transactions and subscription status from Stripe

Usage Analytics

• We use Google Analytics 4 (GA4) to collect anonymized usage data, only with your consent
• This includes page views, feature usage patterns, and device information

Error Tracking

• We use Sentry to capture error reports and performance data to improve service reliability
• Error reports may include device type, browser version, and anonymized interaction data

How We Use Your Information

• Service delivery -- to operate, maintain, and provide the features of Heartfelt
• Transcription -- to convert voice recordings into text using the Google Gemini API
• Payments -- to process credit purchases and manage subscriptions via Stripe
• Transactional emails -- to send account confirmations, password resets, and purchase receipts
• Analytics -- to understand how the Service is used and to improve it (with consent)
• Personalization -- to tailor AI-generated note suggestions to your preferences

Third-Party Services

We use the following third-party services to operate Heartfelt. Each has its own privacy policy:

• Firebase (Google Cloud) -- Authentication, database, and hosting. Firebase Privacy Policy
• Google Gemini API -- Voice transcription and AI note generation. Google AI Privacy
• Stripe -- Payment processing. Stripe Privacy Policy
• Sentry -- Error tracking and performance monitoring. Sentry Privacy Policy
• Google Analytics 4 -- Usage analytics (with consent). Google Analytics Privacy
• Google Fonts -- Web font delivery. Google Fonts Privacy

Data Storage and Security

• All data is stored on Google Cloud infrastructure via Firebase
• Data is encrypted at rest and in transit
• All connections use HTTPS
• Database access is scoped per user -- you can only access your own data
• We follow industry-standard security practices to protect your information

Data Retention

• Account data -- retained for as long as your account is active; deleted upon account deletion
• Voice audio -- processed in real time and not retained after transcription
• Error tracking data -- retained by Sentry for 30 days
• Analytics data -- retained according to Google Analytics default retention settings

Your Rights and Choices

You have the following rights regarding your personal data:

• View your data -- all your guest, gift, and note data is visible within the app
• Delete individual items -- you can delete specific guests, gifts, or notes at any time
• Delete your account -- you can permanently delete your account and all associated data from Settings
• Analytics consent -- you can enable or disable analytics tracking in the app
• Cookie control -- you can manage cookie preferences through your browser settings

Cookies and Local Storage

We use the following browser storage technologies:

• Firebase Authentication -- session cookies to keep you signed in
• Google Analytics 4 -- tracking cookies, only set with your consent
• Sentry -- minimal cookies for error tracking
• localStorage -- to store app preferences and cached data
• IndexedDB -- to store offline-capable app data
• Service Worker -- to enable offline functionality and faster load times

Children's Privacy

Heartfelt is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@heartfeltapp.com and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact us at:

Email: support@heartfeltapp.com