H
Heartwoven

Privacy Policy

Last updated: May 15, 2026

1. What We Collect

When you use Heartwoven, we collect:

  • Email address — provided before letter generation. Used to save your progress, deliver your finished letter, and send order updates.
  • Names — your name, the recipient's name, and their partner's name (if applicable). Used only within your letter.
  • Style preference — the vibe you select (heartfelt / playful / poetic). Used only within your letter.
  • Conversation responses — the answers you provide during the 5-question guided conversation. Used solely to generate your letter.
  • Photographs — if you upload photos (1-3 photos), they are stored on Cloudinary to be included in your finished book. Photos are tied to your order and never used elsewhere unless you separately opt into our showcase program (see §4).
  • Photo captions — text you write or template defaults you select for each photo.
  • Edits to your letter — if you edit the AI-generated letter, we save the edited version (not the original draft).
  • Shipping address (Hardcover and Heirloom tiers only) — collected by Gumroad at checkout and forwarded to us solely to fulfill your physical order via Lulu.
  • Payment information — processed entirely by Gumroad (our payment provider). We never see or store your credit card number.

2. How We Use Your Information

  • To generate your personalized letter from your conversation responses, photos, and style preference.
  • To save your progress so you can resume your session later (via email magic link).
  • To send you your completed letter via email.
  • To send abandoned-session reminders (you can opt out at any time).
  • To process your payment through Gumroad and fulfill physical orders through Lulu.

3. What We Do Not Do

  • We do not sell your personal information to third parties.
  • We do not use your conversation content, photos, or letters to train AI models.
  • We do not share your letter or photos with anyone other than you and the printing partner (Lulu) for physical orders.
  • We do not send marketing emails beyond session-related reminders and order updates.
  • We do not use tracking cookies for advertising purposes.

4. Optional Showcase Program (Opt-In)

We may invite you, after your order is complete, to opt in to one or both of the following programs. Both are off by default. Participation is entirely voluntary and may be withdrawn at any time.

  • Anonymized Showcase. We may publish your letter (in part or in full) on our website, social media, or marketing materials, with all identifying names changed to pseudonyms or initials, and all photographs blurred or omitted. You will be shown the exact excerpt before publication and may decline.
  • Aggregate Analysis. We may include your conversation responses in aggregate, anonymized analyses (for example, “the average heartfelt letter mentions 2.3 shared objects”) used solely to improve our prompts and product. No individual responses are identifiable.

To withdraw consent at any time, email privacy@heartwoven.gift.

5. Third-Party Services

  • Supabase — database hosting.
  • Cloudinary — photo storage and CDN delivery.
  • Anthropic Claude / OpenAI GPT — AI processing for letter generation, routed through OpenRouter. Your conversation data is sent to AI models for processing but is not used for model training.
  • Gumroad — payment processing and order fulfillment. Subject to Gumroad's Privacy Policy.
  • Lulu — print-on-demand fulfillment for Hardcover and Heirloom orders. We provide only your shipping address and the PDF of your book.
  • Resend — email delivery.
  • Vercel — website hosting.

6. Data Retention

  • Unpaid sessions: 90 days from last activity, then automatically deleted.
  • Paid orders (PDF, Hardcover, Heirloom): 1 year from order date, so you can redownload your letter.
  • Photos: retained alongside the order they are attached to.
  • Showcase-participating excerpts (opt-in only): retained as long as displayed on our website, unless you withdraw consent.

You can request immediate deletion of all your data at any time by emailing privacy@heartwoven.gift.

7. Data Security

All data is transmitted over HTTPS. Database access is restricted to authenticated server-side connections only. We do not store passwords (there are no user accounts — sessions are linked via email magic link). Payment data is handled entirely by Gumroad and never touches our servers.

8. Your Rights

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Withdraw consent for email communications or showcase participation.
  • Export your data (letter content, conversation responses, photos) in a portable format.

To exercise any of these rights, contact privacy@heartwoven.gift.

9. Children's Privacy

Heartwoven is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. Continued use of Heartwoven after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this privacy policy? Email privacy@heartwoven.gift.