Privacy Policy

1. Who We Are

Heirloom Letters (“Heirloom,” “we,” “us”) operates heirloomletters.net. We provide a guided letter-writing subscription service. This policy explains how we collect, use, and protect your information.

2. Information We Collect

Account information: When you create an account, we collect your name, email address, and password.

Letter content: The letters you write through Heirloom are stored securely. Your letter content is private and belongs to you.

Payment information: We use Stripe to process payments. We do not store your full credit card number, CVV, or other payment card details on our servers. Stripe handles all payment data in compliance with PCI DSS.

Usage data: We may collect anonymised usage data such as pages visited, features used, and device type to improve our service.

Waitlist information: If you join our waitlist, we collect your email address.

3. How We Use Your Information

We use your information to: provide and maintain the Heirloom service; process subscriptions and payments; send you writing prompts and service updates; produce and deliver your hardcover book when ordered; respond to support requests; and improve our service.

4. Data Security

We take the security of your letters seriously. All data is transmitted over HTTPS/TLS encryption. Letter content is stored in encrypted databases. Access to personal data is restricted to authorised personnel only. We use Supabase for data storage with row-level security policies.

5. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with: Stripe (payment processing); our book printing partner (only the letter content needed to produce your book, and only when you order one); and hosting providers necessary to operate the service.

6. Your Rights

You have the right to: access your personal data; correct inaccurate data; request deletion of your data; export your letters at any time; and withdraw consent for marketing communications. To exercise any of these rights, contact us at hello@heirloomletters.net.

7. Cookies

We use essential cookies required for the service to function (authentication, session management). We do not use advertising cookies. Analytics cookies, if used, are anonymised and can be opted out of.

8. Children’s Privacy

Heirloom is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice on our website.

10. Contact

For questions about this privacy policy or your data, contact us at hello@heirloomletters.net.