Last updated 7 May 2026
Privacy policy
This policy explains what Heirlume collects, how we use it, who we share it with, and the rights you have over your information. We've tried to write it in plain English. The short version is at the top. For our security posture, see Trust & security.
Our promise
- We do not sell, rent, or trade your personal information. Not now, not ever. Heirlume's revenue comes from subscription fees paid by you. We have no advertising business and no data-broker partnerships.
- We do not share your data for marketing. Third parties listed below are subprocessors that help operate Heirlume — payments, hosting, document parsing, identity. They are bound by contract to use your data only to deliver those services.
- You control your data. Export it, change it, or delete it at any time from your account or by emailing privacy@heirlume.ai.
What we collect
Heirlume captures information you provide so it can act as your private estate folio. Specifically:
- Account & identity: name, email, date of birth, citizenship, occupation, and similar fields you enter under People.
- Financial accounts: when you connect a bank, brokerage, or credit account through Plaid, Heirlume receives balances, holdings, liability balances, and account metadata. We do not receive your bank login credentials. Plaid does. (Plaid's terms apply to that exchange.)
- Estate documents: wills, trusts, deeds, insurance policies, powers of attorney, healthcare directives, HIPAA authorizations, LLC operating agreements, and other files you upload.
- Credentials: if you choose to use the credential vault, we store the encrypted ciphertext only — see How we secure below.
- Connections: the names and contact emails of the beneficiaries, executors, trustees, and guardians you invite to your plan.
- Operational data: server logs, error telemetry, and audit events, retained for security and reliability.
We do not collect biometric data, location data, or browsing history. We do not track you across the web.
How we use it
- To run the product you've signed up for — render dashboards, generate plans, extract document data, sync balances, and deliver invitations to people you designate.
- To bill you and prevent fraud.
- To improve Heirlume — diagnose bugs, measure feature health, and respond to support requests. We never use your data to train external AI models.
- To comply with law, respond to lawful requests, and enforce our terms.
How we secure
- Documents are encrypted at rest in Convex storage.
- Plaid access tokens are stored encrypted with AES-256-GCM using a key held server-side and never exposed to the browser.
- Credential vault entries are encrypted in your browser using AES-256-GCM with a key derived from your password and Vault PIN via PBKDF2 (600,000 iterations). Heirlume's servers never see your plaintext credentials — not even hashed.
- Authentication runs through WorkOS AuthKit. MFA is supported.
- Transport is TLS-only. We do not allow insecure HTTP.
Subprocessors we use
Heirlume uses a small number of vetted vendors to operate the product. Each is bound by a data-processing agreement and may not use your data for any purpose other than serving Heirlume.
- Convex — application database and document storage.
- Vercel — application hosting and edge delivery.
- WorkOS — authentication and session management.
- Plaid — financial account connectivity (subject to Plaid's End User Privacy Policy).
- Stripe — subscription billing. Heirlume does not store full card numbers; Stripe does.
- Anthropic — AI document extraction and estate-intelligence features. Documents you upload are sent to Anthropic only when you explicitly trigger an analysis. Anthropic's API does not retain inputs for model training.
- Resend — transactional email delivery (account confirmations, invitations to people you designate).
- Google Analytics — anonymized traffic analytics on the Heirlume marketing pages. We do not pass identifiable account data to Google. We use IP anonymization and do not enable Google Signals or advertising features.
How long we keep it
We keep your data for as long as your account is active. When you delete your account or a specific record, the underlying data is purged within 30 days. Backups are rotated on a 30-day cycle and are also encrypted at rest.
We retain limited records longer when required by law (for example, tax records for invoices we issued).
Your rights
You can, at any time:
- Access and export your data
- Correct or update inaccurate information
- Delete your account and data
- Withdraw consents you previously granted
- Lodge a complaint with a supervisory authority
California residents (CCPA/CPRA), EU/UK residents (GDPR), and Virginia, Colorado, Connecticut, Utah, Texas, and Oregon residents have additional statutory rights. We honor those rights regardless of the legal label — write us at privacy@heirlume.ai.
Children
Heirlume is not intended for anyone under 18. We do not knowingly collect data from children. If you believe a child has used the service, contact us and we'll delete the account.
Changes to this policy
We will notify account holders by email if we make material changes. Older versions are archived; we'll link to the prior text in any announcement.
Contact
Privacy questions: privacy@heirlume.ai.
Heirlume, Inc. is the data controller for the information described above.
This policy is provided in good faith to describe our practices. It is not legal advice. Heirlume is reviewing this text with counsel ahead of general availability and may revise wording without changing the underlying commitments above.