Privacy Policy

Hearth (“Hearth”, “we”, “us”) is operated by Trey Leong, an individual based in Singapore, who is the data controller responsible for your personal data under this policy. You can reach us any time at legal@hearth.contact.

This policy is governed by the Personal Data Protection Act 2012 (the “PDPA”) of Singapore. Hearth is available internationally; if you use it from outside Singapore, you understand your data is handled under Singapore law as described here.

Hearth is built so that the sensitive information you store about your relationships is unreadable to us. When you add or edit a contact, that data — names, notes, birthdays, phone numbers, locations, history, photos, and everything else about the people in your life — is encrypted in your browser with a key derived from your password (and, optionally, your passkeys or your recovery key). Only encrypted blobs (“ciphertext”) ever reach our servers.

Because the encryption key never leaves your device in a form we can use, we cannot read, search, sell, or hand over your contact data in a usable form, and neither can anyone who might compromise our servers. This also means that if you lose your password and your recovery key, we cannot recover your data for you.

To run the service we do store a small amount of information in readable form. To be precise:

What we can see (functional data, stored in plain form):

• Your account email address — it is your login identifier and lets us contact you.
• Your display name and app settings (theme, reminder cadence, notification toggles).
• Billing metadata from our payments provider — a customer ID and, for Pro users, a subscription ID. We never see or store your card details.
• Session and device information used to keep you signed in and let you review and revoke your devices: a session token, the browser user-agent string, the IP address a session was created from, and last-seen timestamps. For passkeys we store only the public key and related non-secret identifiers.
• For Pro reminder emails, a non-identifying “reminder snapshot”: three aggregate counts (people overdue for a reach-out, birthdays within seven days, follow-ups due) plus your timezone offset. These are just numbers — they reveal no names or contact identities — and let our daily job email you even when the app is closed.

What we cannot see (your encrypted vault):

• All of your contact records and their contents, your photos of contacts, and anything you write in Hearth about another person. These are stored only as ciphertext, plus the cryptographic material (salt, verifier, and wrapped key blobs) needed to let you — and only you — unlock them.

We use the limited data above only to:

• Provide, secure, and maintain your account and the service.
• Process payments and manage Free and Pro subscriptions.
• Send you transactional email (sign-up verification, account and security notices) and, for Pro users who opt in, reminder digests.
• Keep your account secure and let you manage your active sessions and devices.
• Diagnose errors and keep the service reliable.

We do not sell your personal data, and we do not use your data for advertising or third-party profiling.

We rely on a small number of processors to operate Hearth. They handle only the functional data described above — never your decrypted contacts:

• Hosting & database: our cloud hosting and database provider stores the encrypted vault and account records.
• Payments: our merchant-of-record billing provider processes payments and holds your card details directly; we receive only billing metadata.
• Email delivery: our email provider delivers transactional and reminder emails to your address.
• Error monitoring: when enabled, our error-monitoring provider receives diagnostic events that are scrubbed of emails, cookies, headers, and request bodies; session replay is deliberately disabled.

Some providers may process data outside Singapore. Where personal data is transferred abroad, we take reasonable steps so it remains protected to a standard comparable to the PDPA.

We keep your account data for as long as your account is active. When you delete your account, we delete your encrypted vault and account records. Some limited records may be retained where required for legal, tax, or fraud-prevention purposes, and backups are purged on a rolling basis.

Under the Personal Data Protection Act 2012 (the “PDPA”) of Singapore, you have the right to ask for access to the personal data we hold about you and to request that we correct it. You may also withdraw consent and close your account. Because your contact vault is end-to-end encrypted, you already hold direct access to it through the app — we cannot read it, but you can export or delete it yourself at any time.

To make an access or correction request, or to ask a question about how we handle your data, email legal@hearth.contact. We will respond within a reasonable time.

Beyond end-to-end encryption of your vault, we use modern authentication (password hashing via OPAQUE, optional passkeys, and a recovery key), encrypted transport (HTTPS), and a strict content-security policy. No system is perfectly secure, but our zero-knowledge design means the most sensitive data you store is never readable on our servers.

Hearth is not directed to children and is intended for users aged 18 and over. We do not knowingly collect personal data from children.

We may update this policy as the service evolves. When we make material changes we will update the effective date above and, where appropriate, notify you by email. Continuing to use Hearth after a change means you accept the updated policy.