HearthKeepSign in

Privacy Policy

Last updated: March 13, 2026

1. Introduction

HearthKeep ("we," "our," or "us") operates the HearthKeep household management application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our website at www.hearthkeep.ai and any related applications.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, name, and household details when you create an account.
  • Household data: information about household members, dependents, tasks, budgets, savings goals, and subscriptions that you enter into the Service.
  • Transaction data: financial transaction details you manually enter, import via CSV/OFX files, or scan via receipt images.
  • Communications: any messages or feedback you send to us.

2.2 Information Collected Through Plaid

When you choose to link a financial account, we use Plaid Inc. ("Plaid") to connect your bank accounts to our Service. By linking your accounts through Plaid, you acknowledge and agree that:

  • Plaid collects your financial institution credentials, account numbers, balances, transaction history, and other financial data necessary to provide the Service.
  • Plaid's use of your data is governed by the Plaid End User Privacy Policy.
  • We receive from Plaid: account names, types, balances, and transaction details (date, amount, merchant name, category).
  • We store an access token to maintain the connection and sync transactions on your behalf. We do not store your bank credentials.

2.3 Information Collected Automatically

  • Log data: IP address, browser type, pages visited, time and date of visits.
  • Device information: device type, operating system, and unique device identifiers.
  • Cookies: session cookies necessary for authentication and service functionality.

2.4 Information From Third-Party Services

  • Google OAuth: when you sign in with Google, we receive your email address and profile name.
  • Google Calendar: if you connect your calendar, we push task and subscription reminders to your calendar. We do not read or store your existing calendar events.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Sync and display your financial account balances and transactions.
  • Categorize transactions and detect recurring subscriptions.
  • Generate household budgets, spending insights, and tax summaries.
  • Process receipt and bill images using AI to extract transaction details.
  • Send you notifications, spending digests, and task reminders (with your consent).
  • Respond to your requests, comments, or questions.
  • Monitor and analyze usage trends to improve user experience.
  • Protect against fraudulent, unauthorized, or illegal activity.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

  • Household members: data within a household is shared among all members of that household as part of core Service functionality.
  • Service providers: we share data with third-party providers who assist us in operating the Service, including:
    • Plaid — for financial account connectivity and transaction data.
    • Supabase — for database hosting and authentication.
    • Anthropic (Claude AI) — for receipt scanning and transaction categorization. Data sent to AI is processed in real-time and not stored by the AI provider.
    • Resend — for sending email notifications.
    • Vercel — for application hosting.
  • Legal requirements: if required by law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to you.

5. Data Storage and Security

  • Your data is stored in a secure PostgreSQL database hosted by Supabase with row-level security (RLS) policies ensuring household-level data isolation.
  • All data is encrypted in transit using TLS/SSL.
  • Database backups are encrypted at rest.
  • Plaid access tokens are stored securely and encrypted. We never store your bank login credentials.
  • Authentication is handled via secure magic links and OAuth — we do not store passwords.
  • We implement access controls so that only authenticated household members can access their household's data.

While we use commercially reasonable measures to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • We retain your data for as long as your account is active or as needed to provide the Service.
  • If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.
  • Transaction history and financial data linked through Plaid will be deleted when you unlink the account or delete your HearthKeep account.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete personal information.
  • Delete your personal information and account.
  • Export your data in a portable format (CSV/PDF export is available for transactions and tax data).
  • Withdraw consent for data processing at any time.
  • Disconnect linked financial accounts at any time through the Service.
  • Opt out of non-essential communications and notifications.

To exercise any of these rights, please contact us at admin@hearthkeep.ai.

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete that information.

9. Third-Party Links

The Service may contain links to third-party websites or services (such as Plaid and Google). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

admin@hearthkeep.ai

© 2026 HearthKeep. All rights reserved.