HeartToldHeartTold

Privacy Policy

Last updated: 4 May 2026

Who We Are

The data controller for HeartTold is HeartTold Ltd, a company registered in England and Wales (company number 17173319) with its registered office at 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom. You can contact us at hello@hearttold.com for any questions about this policy or your data.

1. About HeartTold

HeartTold ("we", "us", "our") is a service that helps families preserve their stories through AI-guided interviews and memoir generation. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use HeartTold at hearttold.com.

This policy applies to users in the United States, the United Kingdom, and Australia. We comply with the California Consumer Privacy Act (CCPA), the UK General Data Protection Regulation (UK GDPR), and the Australian Privacy Act 1988.

2. Information We Collect

  • Account information: Email address and display name when you create an account.
  • Interview content: Audio recordings, transcripts, and text responses you provide during interviews. This content may include personal and family narratives.
  • Generated content: Memoir drafts and stories produced from your interviews.
  • Payment information: Billing details processed securely by Stripe. We do not store card numbers.
  • Usage data: Pages visited, features used, and session duration, collected via PostHog analytics.
  • Device information: Browser type, operating system, and IP address.

3. How We Use Your Information

  • To provide the HeartTold service, including conducting AI interviews and generating memoirs.
  • To process payments and manage your subscription.
  • To send transactional emails (account confirmation, receipts, memoir delivery).
  • To improve our product through aggregated, anonymised analytics.
  • To respond to support requests.

We use Anthropic's Claude AI to process interview content and generate memoir text. Content sent to Claude is governed by Anthropic's usage policies. We do not use your family stories to train AI models without explicit consent.

4. Data Storage and Security

Your data is stored in Supabase (hosted on AWS, us-east-1). Audio recordings and generated documents are stored in Supabase Storage. We use industry-standard encryption in transit (TLS) and at rest.

We treat family narratives as highly sensitive data and apply strict access controls. Only you and people you explicitly invite can access your interview content and memoirs.

5. Sharing Your Information

We do not sell your personal information. We share data only with:

  • Anthropic, to process interview content via the Claude API.
  • Stripe, to process payments.
  • Supabase, for database and file storage.
  • PostHog, for anonymised product analytics.
  • Resend, to send transactional emails.

All third-party processors are bound by data processing agreements.

Meta (Facebook and Instagram)

We use Meta's advertising platform (Facebook and Instagram) to show ads about HeartTold and to measure how those ads perform. We share aggregated and event-level data with Meta when you visit our website or interact with our ads. This includes pages viewed, actions taken (such as starting a conversation or completing a purchase), and information your browser provides. Meta uses this data to deliver and measure ads, and may combine it with information you have provided to Meta directly. You can manage your ad preferences in your Facebook or Instagram account settings.

6. Your Rights

Depending on your location, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information.
  • Delete your account and all associated data (right to erasure).
  • Export a copy of your data in a portable format.
  • Opt out of marketing communications at any time.
  • Object to processing of your data (UK GDPR / AU Privacy Act).

To exercise any of these rights, email us at hello@hearttold.com. We will respond within 30 days.

You can delete your account and all data from within the app under Settings → Account → Delete Account.

7. Cookies and Tracking

We use essential cookies to maintain your login session and functional cookies to remember your preferences. Analytics cookies (PostHog) are used to understand how the product is used. You can manage cookie preferences via the cookie consent banner on your first visit.

Advertising cookies (Meta Pixel)

We use the Meta Pixel, a cookie-based tracking technology provided by Meta. The Pixel records actions you take on hearttold.com (page views, sign-ups, purchases) and reports them to Meta so we can measure ad performance, build audiences for future campaigns, and reach people similar to our existing users. You can opt out of advertising cookies through your browser settings or via your Meta ad preferences.

8. Children's Privacy

HeartTold is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required by law to retain it (e.g., billing records for 7 years under tax laws).

10. Changes to This Policy

We may update this policy from time to time. We will notify you by email and update the "Last updated" date above. Continued use of HeartTold after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions or to exercise your rights:

Email: hello@hearttold.com