Privacy Policy

Last updated: June 2026

1. Introduction

Heirloom ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our digital inheritance vault service.

2. Zero-Knowledge Architecture

Heirloom operates on a zero-knowledge basis:

  • Your vault data is encrypted in your browser using AES-256-GCM before being stored.
  • We cannot decrypt or access your vault contents under any circumstances.
  • We do not store your encryption keys or passwords.
  • Only encrypted ciphertext is stored on our servers and IPFS.

3. Information We Collect

We collect only the minimum necessary information:

  • Account information: email address (for authentication only).
  • Encrypted vault data: ciphertext that we cannot decrypt.
  • Inheritance plan metadata: beneficiary email, wait time, and status (not vault contents).
  • Usage data: check-in timestamps and plan status changes.

4. How We Use Your Information

  • To provide the inheritance vault service.
  • To send check-in reminders and inheritance trigger notifications.
  • To maintain account security and prevent fraud.
  • We never sell or share your data with third parties for marketing.

5. Data Storage & Security

  • Encrypted data is stored on Supabase and IPFS (distributed storage).
  • All data transfers use TLS/SSL encryption.
  • Access is controlled via Row Level Security (RLS) policies.
  • Regular security audits and backups are performed.

6. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data.
  • Delete your account and associated data.
  • Export your vault data ( decryption key required ).
  • Rectify inaccurate information.
  • Object to processing (contact us).

To exercise these rights, email us at: privacy@heirloom.app

7. Data Retention

We retain your data only as long as your account is active. Upon deleting your account, all encrypted vault data and metadata are permanently removed from our servers within 30 days. Note: encrypted data on IPFS may persist on the distributed network but is inaccessible without your keys.

8. Changes to This Policy

We may update this policy. Significant changes will be communicated via email. Continued use after changes constitutes acceptance.

9. Contact

Questions? Contact us at: privacy@heirloom.app

โ† Back to Heirloom