Legal

Privacy Policy

Effective 23 May 2026 — last updated 23 May 2026

Heirloom is built on a single promise: your photographs belong to you, and only to you. This policy explains exactly what we collect, why we collect it, and how we protect it.

1. Who we are

Heirloom is an iOS application available at heirloom.blekhaus.com. For any privacy questions, contact us at privacy@heirloom.blekhaus.com. We respond to all privacy requests within 14 days.

2. What we collect

We collect only what is necessary to provide the service:

• Email address — used for account authentication. Never shared with third parties for marketing.
• Uploaded photographs — the image you choose to restore or compose. Stored temporarily, deleted within 24 hours of job completion (see Section 4).
• Generated results — the restored or composed photograph produced for you. Stored in your private account folder, accessible only to you. Deleted when you delete your account.
• Job metadata — technical records such as processing status, timestamps, and quality scores. Used to operate the service and process refunds. No image content is stored here.
• Subscription status — whether you have an active membership. Managed via RevenueCat (see Section 5).

We do not collect: your name, phone number, location, contacts, or any device identifiers beyond what Apple's App Store framework automatically provides for app analytics.

3. What we never do with your photographs

We will never:

• Use your photographs to train any model, algorithm, or dataset
• Share your photographs with third parties for any purpose other than processing your request
• Use your photographs in marketing, advertising, or any promotional material
• Sell or license your photographs to any party
• Retain your source photographs beyond the job lifetime plus 24 hours

4. How long we keep your data

• Source photographs: deleted automatically within 24 hours of job completion, regardless of outcome.
• Generated results: retained in your private account until you delete them or delete your account.
• Account data (email, job records): retained while your account is active. Deleted when you request account deletion.
• Account deletion: when you delete your account in the app, your source photos and generated results are archived for a 30-day grace period (in case of an error), then permanently and irreversibly deleted. During this grace period you cannot sign in.

5. Third-party services

Heirloom uses the following third parties to operate the service. Each is bound by its own privacy policy.

OpenAI — used to process your photographs (restoration and composition). All requests are made with store: false, meaning OpenAI does not retain your images or use them for training. OpenAI processes your photographs ephemerally for the duration of your request only. See OpenAI's Privacy Policy.

Supabase — provides our database, authentication, and storage infrastructure. Your photographs are stored in private, access-controlled storage buckets. Supabase processes data in accordance with GDPR and other applicable regulations. See Supabase's Privacy Policy.

RevenueCat — manages subscription and purchase information for Heirloom Membership. RevenueCat receives your anonymised device ID and subscription status; it does not receive your photographs or email address directly. See RevenueCat's Privacy Policy.

6. Security

Your photographs are stored in private, encrypted storage buckets. Access is restricted by row-level security policies so that only your authenticated session can read your files. We use HTTPS for all data in transit. No employee or contractor can access your photographs in the normal course of operations.

7. Children

Heirloom is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, contact privacy@heirloom.blekhaus.com and we will delete it promptly.

8. Your rights

You have the right to:

• Access the personal data we hold about you
• Delete your account and all associated data (via the Account screen in the app, or by email request)
• Request a copy of your data
• Correct inaccurate information
• Withdraw consent for any processing based on consent

To exercise any of these rights, use the Account screen in the Heirloom app or email privacy@heirloom.blekhaus.com. We respond within 14 days.

9. Changes to this policy

If we make material changes to this policy, we will notify you via the app or by email at least 14 days before they take effect. The current version is always available at heirloom.blekhaus.com/privacy.

10. Contact

Privacy requests, concerns, or questions:
privacy@heirloom.blekhaus.com