Privacy Policy

This policy applies to personal information processed by Heirloom in connection with the Services. It does not apply to services operated by third parties that we do not control.

• Account data: name, email, authentication details, session state, and security status.
• Workspace data: household/family records, invited user roles, and collaboration settings.
• Planning data: assets, gifts, loans, support records, distribution allocations, charitable entries, and wishes/notes.
• Will preparation data: state selection, executor inputs, and generated educational draft outputs.
• AI feature data: prompts submitted for extraction/drafting and returned output.
• Technical and security logs: request metadata, timestamps, audit events, and fraud/abuse prevention signals.

You are responsible for having appropriate permissions before submitting personal information about other people.

• Operate and secure the Services.
• Provide collaboration features, invitations, and role-based access control.
• Generate requested planning and educational outputs.
• Maintain service reliability, integrity, support, and troubleshooting.
• Detect, prevent, and investigate fraud, abuse, and security incidents.
• Comply with legal obligations and enforce our Terms.

We do not sell personal information. We share information only as needed for service operation and legal compliance.

• Within your workspace based on role and permission configuration.
• With service providers supporting hosting, authentication, storage, delivery, and support.
• With AI processing providers when you invoke AI-powered features.
• With legal/compliance advisors and as required by law or legal process.
• As part of a merger, financing, acquisition, or corporate transaction with appropriate safeguards.

Core subprocessor categories currently include Supabase-based infrastructure services and OpenRouter/model-provider AI processing.

AI outputs may be incomplete or inaccurate. You are responsible for review and should use licensed professionals for legal, tax, and investment decisions. Do not submit data you are not authorized to share.

We use essential cookies and local storage to manage authentication, session security, and core app functionality. We do not use the Services for third-party behavioral advertising.

We retain data for as long as needed to provide the Services, maintain security, satisfy legal obligations, resolve disputes, and enforce agreements. Data may persist in backups for limited periods.

We use administrative, technical, and organizational safeguards, including encrypted transport, access controls, session protections, and monitoring. No security program can guarantee absolute security.

Depending on where you live, you may have rights to request access, correction, deletion, or portability, and to appeal where required by law.

To submit a request, email hello@planheirloom.com with "Privacy Request" in the subject line. We may verify identity before completing a request.

U.S. state privacy notice: we do not sell personal information or share it for cross-context behavioral advertising.

The Services are intended for adults and are not directed to children under 18 as account holders.

We operate in and from the United States. If you use the Services from outside the U.S., your information may be processed in the U.S. and other jurisdictions where our providers operate.

We may update this policy over time. We will update the "Last Updated" date and provide additional notice where required by law.

Heirloom

Email: hello@planheirloom.com