Last updated: April 5, 2026
HeirLoft ("we," "us," or "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and how we protect it. HeirLoft is a digital estate management tool — your data is yours, and we handle it with the care that reflects that.
Account information: When you register, we collect your email address and an encrypted password (managed by Supabase Auth).
Content you create: Accounts, domains, successor names, notes, and intent designations you enter are stored in our database and associated with your user ID.
Payment information: When you subscribe to a Pro plan, payment is processed by Stripe. We never see or store your full card number. Stripe provides us with a customer ID and subscription status only.
Email archive imports: If you choose to upload a Google Takeout archive, the file is parsed entirely in your browser. The extracted account summaries you choose to save are stored in our database; the archive itself never leaves your device.
Email archive import: Users can upload their own Google Takeout archive. The archive is parsed entirely in your browser — it never leaves your device except for the extracted account summaries you choose to save. HeirLoft does not request or receive access to any email account.
— To provide the HeirLoft service and display your estate inventory. — To process subscription payments through Stripe. — To generate your downloadable Handoff Guide PDF (generated locally in your browser — we never see its contents). — We do not sell your data to third parties. We do not use your data for advertising.
Your data is stored in Supabase, a SOC 2 Type II compliant database platform hosted on AWS. Data is encrypted at rest and in transit (TLS). Row-level security policies ensure that only authenticated users can access their own records.
Passwords are never stored in plain text — they are hashed by Supabase Auth using bcrypt.
Your data is retained for as long as your account is active. If you delete your account, all associated data — accounts, domains, and personal information — is permanently deleted within 30 days.
To request account deletion, email us at privacy@heirloft.app.
We use the following third-party services:
— Supabase (database and authentication): supabase.com/privacy — Stripe (payment processing): stripe.com/privacy — Vercel (hosting): vercel.com/legal/privacy-policy
Each of these services has its own privacy policy governing their use of data.
Depending on your location, you may have rights under GDPR, CCPA, or other privacy laws, including:
— The right to access the data we hold about you. — The right to correct inaccurate data. — The right to delete your data. — The right to export your data.
To exercise any of these rights, contact us at privacy@heirloft.app.
We may update this policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date. Continued use of HeirLoft after changes constitutes acceptance of the revised policy.
For privacy-related questions or requests:
Email: privacy@heirloft.app HeirLoft · Digital Estate Management