Heir

Privacy Policy

Last updated: February 2026

1. Introduction

Heir ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your information.

2. Data We Collect

We collect the following categories of data:

  • Account information: email address, full name, and mobile number provided during signup.
  • Encrypted vault data: your vault contents are encrypted on your device before transmission. We store only ciphertext that we cannot read or decrypt.
  • Usage metadata: heartbeat check-in timestamps, vault access modes, and heir relationship statuses required for the Service to function.
  • Push notification tokens: device tokens for delivering notifications, cleared on logout.

3. Data We Cannot Access

Your vault contents, encryption keys, and biometric data never leave your device in a readable form. We operate on a zero-knowledge architecture: our servers store only encrypted data that we cannot decrypt, read, or recover.

4. How We Use Your Data

  • To provide and maintain the Service
  • To process heir invitations and vault releases
  • To send notifications (heartbeat reminders, vault freshness nudges, heir activity)
  • To communicate important updates about the Service

5. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We may share data only when required by law or to protect our legal rights.

6. Data Storage and Security

Your data is stored on Supabase infrastructure with row-level security policies. All data in transit is protected by TLS. Vault data is additionally protected by AES-256 client-side encryption.

7. Data Retention

We retain your account data for as long as your account is active. When you delete your account, your data is permanently removed from our servers. Push notification tokens are cleared when you sign out.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Withdraw consent for push notifications at any time

9. Cookies and Analytics

The Heir website may use minimal, privacy-respecting analytics. The mobile application does not use tracking cookies or third-party analytics SDKs.

10. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes through the app or email.

12. Contact

For privacy-related questions or requests, contact us at hello@heir.sg.