Privacy Policy

1. Introduction

Legacy Heirloom (“we,” “us,” or “our”) operates a digital vault for documenting meaningful personal belongings, preserving their stories, and recording inheritance wishes. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website at mylegacyheirloom.com and our application at app.mylegacyheirloom.com (collectively, the “Service”).

Because Legacy Heirloom handles sensitive family and estate-related information, we take your privacy seriously. We encourage you to read this policy carefully to understand how your data is handled.

By using the Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Service.

Legacy Heirloom is not a law firm and does not provide legal advice. Nothing in the Service, including any documents generated through the Service, constitutes legal advice or creates an attorney-client relationship. The Service is designed to help families organize and document personal property wishes as a complement to formal estate planning. Any documents generated by the Service may not satisfy the legal requirements of your state or jurisdiction. We make no representations about the legal validity or enforceability of any records created using the Service. You should consult a licensed attorney for advice specific to your estate planning needs.

2. Information We Collect

2a. Account Information

When you create an account, we collect the following through our authentication provider, Clerk:

• Email address
• First and last name

We also collect the following profile information as part of account setup:

• Date of birth
• State of residence
• Marital status
• Profile photo

2b. Vault and Family Data

When you use the Service, you may provide:

• Vault information: Vault names and settings
• Item records: Names, descriptions, categories, locations, rooms, and tags for personal belongings
• Stories: Written narratives, audio recordings, and video recordings about your items
• Media: Photos, videos, audio files, and documents you upload
• Relationships between vault members: The relationship between you and other vault members (such as spouse, child, sibling, or parent)
• Assignments: Records of which items you wish to leave to which vault members, along with any instructions or personal notes
• Comments and reactions: Discussions and responses on items within your vault

We store the media files you upload but do not review, moderate, or scan the content of individual photos, videos, or documents. You are solely responsible for ensuring that any media you upload complies with applicable law and does not infringe the rights of others. Legacy Heirloom is not responsible for the content of media files uploaded by users.

2c. Information About Non-Users

Users with permission to add new members to the vault may enter personal information about people who have not yet created an account. This may include:

• First and last name
• Date of birth
• Email address
• Relationship to the vault owner
• Profile photo

This information is used to create a membership record within the vault. If an email address is provided, an invitation email is sent so they can create their own account and access the vault.

If someone has entered your information in a vault and you have questions about your data, please contact us at support@mylegacyheirloom.com.

2d. Billing Information

When you subscribe to a paid plan, we use Stripe to process payments. We store a Stripe customer identifier and subscription identifier in our system. We do not store your credit card number, expiration date, or security code. That information is collected and held by Stripe directly.

2e. Activity and Audit Data

We maintain an immutable audit log of significant actions taken within each vault. For each recorded action, we capture:

• What action was taken, including:
  • Adding, editing, or deleting an item
  • Inviting, editing, or removing a member
  • Adding, editing, or deleting an heir assignment
  • Generating a report
  • Other significant actions within the vault
• Who performed the action
• When the action occurred

Audit logs are retained indefinitely and cannot be modified or deleted by any user, including vault owners. Full user identity is preserved in audit logs even after an account is closed. This logging exists to support transparency and future defensibility of estate planning records.

2f. Technical Data

We use essential cookies provided by our authentication provider (Clerk) to manage your login session. These cookies are necessary for the Service to function and cannot be disabled.

We also use PostHog, a product analytics tool, which may use cookies or local storage to track usage patterns and feature interactions within the Service. We do not use advertising cookies or tracking pixels, and we do not share behavioral data with advertisers.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: Storing your items, stories, media, and assignment records; displaying vault content to authorized members; managing vault membership and access levels
• Generating reports: Creating Tangible Personal Property Memorandum (TPPM) PDF documents that compile your vault data upon vault owner's request
• Processing payments: Managing subscriptions and billing through Stripe
• Sending transactional emails: Delivering vault invitations and service-related notifications
• Transcribing audio: Converting audio story recordings to text using our transcription provider
• Maintaining audit logs: Recording vault activity for transparency and future defensibility
• Improving the Service: Fixing bugs, resolving support requests, and maintaining service reliability

We do not use your information for advertising. We do not build behavioral profiles. We do not sell your data.

4. How We Share Your Information

We share your information with the following third-party service providers, supporting the Service:

We do not sell your personal information. We do not share your data with advertisers or data brokers. We do not allow our service providers to use your data for any purpose other than providing their service to us.

5. Sharing Within Vaults

Legacy Heirloom is designed for families to collaborate on estate documentation. When a vault owner invites members to a vault, those members can see content within the vault based on their access level:

• Owner / Co-Owner can see and manage all vault content, members, and settings
• Contributor can add, edit, and organize items in the vault
• Commenter can add comments, memories, and reactions to items
• View-Only can browse and view all items in the vault

All vault members can see item names, descriptions, photos, stories, assignments, instructions, personal notes, and comments within their vault. The vault owner controls who has access and at what level.

If you are a vault member and have concerns about who can see your information within a vault, please speak with the vault owner.

6. Information About Non-Users

Users with permission to add new members to the vault may enter personal information about people who have not yet signed up for Legacy Heirloom. This is a core part of the Service, as estate planning often involves documenting wishes for family members who may not be actively using the platform.

When a new member is added, a membership record is created with the information provided (name, date of birth, relationship, and optionally email address and photo).

Only the person's name, relationship, role, and profile photo (if provided) are visible to other vault members. Additional information such as email address and date of birth is used to manage the membership record but is not displayed to other vault members.

If you believe your personal information has been entered into a Legacy Heirloom vault and you would like to know what information is held, or if you would like to request its removal, please contact the vault owner directly or reach us at support@mylegacyheirloom.com. Note that removal of your information may affect the vault owner's estate records.

7. Children's Privacy

Legacy Heirloom is designed as an intergenerational platform. Estate planning inherently involves children, grandchildren, and even great-grandchildren. However, Legacy Heirloom does not permit children under the age of 13 to create an account, in accordance with the Children's Online Privacy Protection Act (COPPA). Users with permission to add vault members may add individuals of any age as vault members, which creates a member record in our system. In order to create an account and engage with vault content, members must be 13 or older.

8. Data Retention

Estate planning is inherently long-term. Your records may be needed years or decades after they are created. For this reason, we retain your data indefinitely while your account or vault remains in existence.

Specifically:

• Active vault data is retained for as long as the vault exists
• Inactive vault data (vaults with lapsed subscriptions) is retained indefinitely. Your data is not deleted when a subscription lapses — the vault is placed in an inactive state and can be reactivated at any time
• Deleted items are soft-deleted, meaning they are removed from normal views but preserved in our system for audit and potential restoration purposes
• Audit logs are retained indefinitely. They are append-only and cannot be modified or deleted. Full user identity is preserved in audit logs even after an account is closed
• Memorial vaults (vaults that have completed the estate transition process) are retained as read-only archives

We believe this approach best serves families who rely on Legacy Heirloom to preserve important records across generations. If you have questions about data retention, please contact us at support@mylegacyheirloom.com.

9. Data Security

We implement technical and organizational measures to protect your personal information:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security)
• Encryption at rest: Your database and stored files are encrypted at rest using Google Cloud Platform's default encryption
• Access-controlled file storage: Media files (photos, audio, documents) are stored in Google Cloud Storage and accessed through signed URLs that expire after a limited time (15 minutes for uploads, 60 minutes for viewing). Files are stored by unique identifier rather than original filename to prevent unauthorized enumeration
• Role-based access control: Vault content is accessible only to invited members at their assigned access level, enforced on both the application interface and the server
• Audit trail integrity: Activity logs include cryptographic hashes (SHA-256) to support verification of log integrity
• Automated backups: Database backups are performed daily with the ability to restore to a specific point in time

No system is perfectly secure, and we cannot guarantee absolute security. If you become aware of any unauthorized access to your account, please contact us immediately at support@mylegacyheirloom.com.

10. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: You can view your personal information, vault content, and activity within the Service at any time
• Deletion: You may delete your account through the settings in your profile. Please note that audit logs retain your identity even after account deletion, as this is necessary for the defensibility of estate records.
• Data portability: You may request a copy of your data by contacting us at support@mylegacyheirloom.com

To exercise any of these rights, please contact us at support@mylegacyheirloom.com.

11. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it
• Right to delete: You may request that we delete your personal information, subject to certain exceptions (including our retention of audit logs as described in Section 8)
• Right to opt out of sale: We do not sell your personal information.
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

Categories of personal information we collect (as defined by the CCPA):

• Identifiers (name, email address)
• Personal records (date of birth, marital status, state of residence)
• Family information (relationships between vault members)
• Commercial information (subscription and billing records)
• Audio, visual, and similar information (photos, videos, audio recordings)
• Internet or electronic network activity (audit logs of actions taken within the Service)

To submit a CCPA request, please contact us at support@mylegacyheirloom.com.

12. International Users

Legacy Heirloom is operated in the United States. The Service is intended for use by residents of the United States. If you access the Service from outside the United States, your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

We do not currently offer services tailored to users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with specific data protection frameworks such as the GDPR. If you are located in one of these regions, please be aware that we have not implemented the compliance mechanisms required to serve you under those frameworks (such as Standard Contractual Clauses or a GDPR-compliant legal basis for processing). You should not use the Service if doing so would require our compliance with GDPR or similar laws.

If you are outside the United States and choose to use the Service, you do so at your own risk and are responsible for compliance with your local laws. By using the Service, you consent to your personal information being transferred to and processed in the United States.

13. Cookies and Tracking Technologies

Legacy Heirloom uses cookies provided by our authentication provider (Clerk) to manage your login session. These cookies are necessary for the Service to function. We also use PostHog for product analytics, which may use cookies or local storage to track usage patterns and feature interactions within the Service. We do not use advertising cookies, tracking pixels, or third-party behavioral tracking for marketing purposes.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the “Last Updated” date at the top of this policy.

If we make material changes to how we collect, use, or share your personal information, we will notify you by email or through a notice within the Service before the changes take effect.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy or how your information is handled, please contact us:

Email: support@mylegacyheirloom.com