Hearthwise
Join the beta
Legal

Privacy Policy

Last updated May 7, 2026

Who we are

Hearthwise is a private family life-admin vault operated at hearthwise.xyz. When this policy says we, it means the operators of Hearthwise. When it says you, it means the person whose account holds the data.

What we collect

  • Account info — name and email, via our auth provider (Clerk).
  • Family content — anything you upload, forward, type, or capture: documents, photos, emails, notes, tasks, calendar events.
  • Connected services — if you connect Gmail or another integration, the OAuth tokens and the messages you choose to import.
  • Usage logs — server logs (IP, user agent, request paths) for security and debugging. We do not run third-party analytics tracking inside the authenticated app.

What we do with it

  • Run the product: store your content, organize it, surface what needs attention.
  • Process content with AI to suggest filing, extract dates, summarize, and search. Our AI provider (OpenAI) processes content under their API terms and does not train on your data.
  • Send transactional email (sign-in, invites, reminders, weekly briefings if you turn them on).
  • Diagnose bugs and detect abuse.

We do not sell your data. We do not share it with advertisers. We do not use your content to train models — ours or anyone else's.

Sub-processors

We use a small set of vendors to operate Hearthwise:
  • Clerk — authentication and waitlist
  • Supabase — Postgres database and file storage
  • Vercel — application hosting
  • OpenAI — AI processing for inbox triage, summarization, search
  • Resend — outbound email delivery
  • Mailgun — inbound email parsing
  • Sentry — error tracking with PII scrubbing

Where your data lives

Hearthwise data is stored in the United States. If you are in the EU/UK, please consider this when deciding whether to use the product.

How long we keep it

We keep your content while your account is active. When you delete your account, we mark it for deletion and purge it within 30 days. Backups roll off within 60 days.

Your rights

You can:
  • Export everything any time (PDF + ZIP + JSON), on any plan.
  • Delete your account from settings.
  • Request a copy or deletion of your data by emailing privacy@hearthwise.xyz.
  • Object to processing or restrict it (EU/UK GDPR rights). We'll honor those.

Children

Hearthwise is not directed at children under 13. If you add a child as a family member with an account, you do so as their parent or legal guardian.

Security

Data is encrypted in transit (TLS) and at rest. OAuth tokens for connected services are encrypted with a server-side key. We use role-based access and per-item visibility inside families. We log security-relevant events. We are a small team — we follow good practices but make no claims of certifications like SOC 2 or HIPAA.

Changes

When this policy materially changes, we'll email account owners and update the "Last updated" date. Continued use after a change means you accept it.

Contact

Questions or requests: privacy@hearthwise.xyz.