Privacy Policy

Last updated: 21 June 2026

Privacy first. Hearthyn was built around a simple principle: your family's information belongs to your family. Your family's location and Vault content are protected with end-to-end encryption — we cannot read them. Other household data is encrypted while stored on our systems and is only accessed when necessary to provide the service. We do not sell personal information, show advertisements, or use third-party tracking or analytics.

1. Who We Are

Hearthyn ("Hearthyn," "we," "our," or "us") is a family-organization and household-management platform designed to help families coordinate schedules, tasks, meals, shopping, and shared information while maintaining a high level of privacy.

If you have questions about this Privacy Policy or our privacy practices, contact us at [email protected].

2. Information We Collect

Account information

When you create an account, we collect a username and email address, and optionally a display name and a household or family name. Your email address, display name, and household name are encrypted while stored on our systems. For operational and abuse-prevention purposes, the email domain (for example, "gmail.com") may remain visible to our systems.

Household content

You may create and store calendar events, shopping lists, chores and tasks, pantry items, recipes, meal plans, pet records, and other household-organization data. This information is encrypted while stored on our systems.

Vault content

Vault notes, documents, and photos are protected using end-to-end encryption. Vault encryption keys never leave your family's devices; we store only encrypted data and cannot decrypt or access Vault contents.

Location data

If you enable Family Map features, your device encrypts location data before transmission. We store and relay only encrypted location data and cannot determine your family's location.

Technical information

To operate and secure the service, we collect limited technical information, including login timestamps, service-performance metrics, error reports, rate-limiting information, and security and abuse-prevention signals. We do not use advertising trackers or third-party analytics services.

3. How Encryption Works

End-to-end encryption

Family Map location data and Vault notes, photos, and documents are protected using end-to-end encryption. Encryption keys remain exclusively on your family's devices and are exchanged directly between authorized household members. Because we never possess these keys, we cannot read the data, cannot provide it to third parties, and cannot decrypt it even if requested.

End-to-end encrypted data cannot be recovered if your keys are lost. The keys for your Vault and Family Map exist only on your family's devices and are shared between them directly. They cannot be reset or recovered by us.

If every device that holds your family key is lost or reset, and you have not saved your family invite key somewhere safe, your end-to-end encrypted data (Vault contents and any location history) cannot be recovered by anyone, including Hearthyn. This is a deliberate consequence of true end-to-end encryption — keep your family invite key somewhere safe.

Encryption at rest

Most other Hearthyn content — events, lists, chores, pantry data, recipes, and household information — is encrypted while stored in our databases. To provide application functionality, Hearthyn servers temporarily decrypt this information during normal operation, which means we technically have the ability to access it when necessary to operate, maintain, secure, or support the service. A stolen database or storage device would contain only encrypted data.

4. What Our Team Can See

Our support and administration tools are intentionally designed to minimize access to user information. By default, support personnel can view only your email domain, household usage statistics, service-health information, and abuse-prevention indicators.

Support personnel cannot view your email address, family names, household content, Vault content, or location information. If support access to identifying account information becomes necessary, you must explicitly authorize a temporary support session. All such access is logged and may be made available for your review.

5. Within Your Household

Hearthyn is built for shared family use. Information added to a household — calendar events, lists, chores, pantry, recipes, meal plans, pet records, and the household's Vault and Family Map — is shared with the members of that household, because it is meant to be seen and used by the whole family. There is currently no separate per-member private area within a household; content you add is shared with your household.

The Vault and Family Map are end-to-end encrypted with a key held only on your family's devices. This protects your household's data from us and from outsiders — every member of your household who holds the family key can read it, but Hearthyn cannot. End-to-end encryption is not a barrier between members of the same household.

A household owner or administrator can manage the household — for example, inviting, disabling, or removing members and configuring household settings — but receives no special ability to decrypt or read data beyond what any household member can already see. Administrative actions do not grant access to end-to-end encryption keys.

6. Family Map & Location Controls

Location sharing is entirely optional and disabled by default. You control:

Whether it's enabled — off until you turn it on.
Precision — exact, approximate (~100 meters), or city-level. When reduced precision is selected, location data is generalized on your device before encryption and transmission.
Duration — share continuously, for a limited period, until a specified time, or until manually disabled.
Retention — only the most recent location is stored, it automatically expires after 24 hours, and stopping location sharing immediately removes active location records.

7. AI Meal Assistant

Hearthyn offers an optional AI-powered meal-suggestion feature. It is disabled by default and must be enabled for your household. When used:

The AI receives only your pantry items and recipe names. It never receives location data, Vault data, calendar events, household member names, email addresses, or pet information.
The AI runs exclusively on Hearthyn-operated infrastructure. Your information is not sent to external AI providers such as OpenAI, Google, Anthropic, Meta, or similar services.
Requests are processed in memory and discarded after completion. We do not store AI prompts, AI responses, or the pantry data used to generate a suggestion — we retain only anonymous feature-usage statistics.

8. Data Retention

We keep your information only as long as needed to provide the service, and we do not keep backups.

Active content remains available until you delete it or close your account.
Deletion is permanent. When you delete an item, or delete your account, it is removed from our systems and cannot be recovered. We do not retain backup copies or archived snapshots, so there is no earlier version to restore — once deleted, your data is gone for good. This is a deliberate privacy choice.
Location data — only your most recent shared position is stored, and it automatically expires after 24 hours (or sooner if you stop sharing).
Operational logs — limited security and performance logs (containing no household content) are retained for a short period, generally up to 30 days, and then deleted.

9. Third-Party Services

We use a limited number of third-party services to operate Hearthyn.

Calendar integrations — if you connect Apple, Google, Outlook, or another calendar, we access only the calendar feed URL you provide. We never collect or store your calendar account password.
Product information lookups — barcode scanning may query the Open Food Facts database to retrieve product names, ingredients, nutritional information, and product images.
Transactional email delivery — password resets, account-verification emails, and service notifications may be delivered through a trusted email provider.
Network delivery — Cloudflare may process network traffic to improve security, reliability, and performance.

We do not share user content with advertisers, marketing companies, or data brokers.

10. Cookies

Hearthyn uses a single secure, HttpOnly session cookie to keep you signed in. We do not use advertising cookies, behavioral tracking cookies, cross-site tracking technologies, or third-party analytics cookies.

11. Your Rights

Subject to applicable laws, you may access your information, correct inaccurate information, export your data, delete content, remove household members, and request account deletion. Requests may be submitted through the app or by contacting [email protected]. We support applicable privacy rights, including under the CCPA.

12. Children's Privacy

Hearthyn is intended for family use. Parents or guardians are responsible for managing accounts, permissions, and information belonging to children within their household.

13. Security

We employ technical, organizational, and administrative safeguards designed to protect your information from unauthorized access, disclosure, alteration, or destruction. No method of storage or transmission is completely secure, but we continuously work to maintain and improve our security practices.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When material changes are made, we will update the "Last updated" date above and provide notice within the app when appropriate. Continued use of Hearthyn after changes become effective constitutes acceptance of the updated Privacy Policy.