Privacy Policy
Last Updated: March 2026
1. Who We Are
Hearth Dating Inc. ("Hearth," "we," "us," or "our") operates the Hearth mobile application. We are the data controller responsible for your personal information.
Contact:
- Email: gwen@hearthdating.com
- Address: Available upon request
2. Information We Collect
2.1 Information You Provide
| Category | Examples | Source |
|---|---|---|
| Account credentials | Email address, passkey, Google or Apple sign-in token | You, via account creation |
| Profile demographics | Name, gender identity, age/date of birth, pronouns, height, location, occupation, relationship intent, partner preferences, religion, lifestyle habits (e.g., smoking, drinking) | You, via onboarding chat |
| Photos | Profile photos, bug report screenshots | You, via app upload |
| Messages | Text messages to Ember (AI coach), text messages to other users (P2P chat), connection coaching messages | You, via in-app messaging |
| Voice audio | Real-time voice audio during conversations with Ember | You, via in-app voice sessions |
| ID verification documents | Government-issued ID submitted through Trusona's hosted verification flow | You, via ID verification |
| Feedback | Emoji reactions to matches, "We Met" responses, bug reports | You, via in-app prompts |
2.2 Information Generated by AI
| Category | Description |
|---|---|
| Preference documents | Structured personality profiles extracted from your Ember conversations, covering six categories: core values, emotional intelligence, lifestyle patterns, future vision, personality temperament, and social dynamics. Each category has a "has" profile (who you are) and a "wants" profile (what you seek in a partner). |
| Embeddings | 768-dimensional numerical vectors generated from your preference documents, used for compatibility scoring. |
| Match portraits | Text descriptions of you written by the AI for presentation to potential matches. |
| Semantic memories | Contextual information the AI retains from your conversations to personalize future interactions. |
| Dealbreaker profile | Structured summary of your stated dealbreakers for matching. |
2.3 Information Collected Automatically
| Category | Examples | Source |
|---|---|---|
| Device information | Device model, operating system version, app version, IDFV (Identifier for Vendor) | Your device |
| Analytics events | App usage events (~80+ event types), screen views, feature interactions, user ID, behavioral data | PostHog SDK and Firebase Analytics |
| Push notification tokens | FCM (Firebase Cloud Messaging) device tokens, APNs tokens | Firebase and Apple Push Notification service |
| Consent records | Timestamps and versions of consents granted (AI consent, terms acceptance) | Generated when you grant consent |
Note on Firebase Analytics: Firebase Analytics data collection is disabled in the Hearth app. The Firebase SDK is included for push notification functionality only.
3. How We Use Your Information
We use your information for the following business purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Matching | Profile demographics, preference documents, embeddings, dealbreakers | Providing the service you requested |
| AI coaching (Ember) | Chat messages, profile data, semantic memories, preference documents | Providing the service you requested |
| Compatibility scoring | 768-dim embeddings across six preference categories, with optional AI reranking | Providing the service you requested |
| Match portraits | Your preference documents, profile data | Providing the service you requested |
| Voice AI conversations | Real-time voice audio streamed to Google Gemini | Providing the service you requested; consent |
| Connection coaching | Match data, both users' profiles, chat context | Providing the service you requested |
| Date planning | Search queries, location preferences | Providing the service you requested |
| ID verification | Government ID via Trusona hosted flow | Identity verification; safety |
| Safety and moderation | Messages, reports, blocks, profile photos (screened by Google Cloud Vision) | Safety and legal obligations |
| Anonymized preference analytics | Aggregated, anonymized user preference data (no individual-level data) | Legitimate business interest in improving matching quality |
| Push notifications | FCM/APNs tokens, notification content | Providing the service you requested |
| Product analytics | Analytics events, device info, behavioral data | Legitimate business interest in improving the service |
| Account management | Account credentials, profile data | Providing the service you requested |
| Bug reports | Screenshots, device info, user-submitted descriptions | Improving the service |
We do not use your information for advertising. We do not sell your personal information.
4. AI and Automated Processing
Hearth uses artificial intelligence extensively. This section describes each type of AI processing.
4.1 Personality Extraction
When you chat with Ember (our AI coach), your conversations are analyzed to generate structured personality profiles ("preference documents"). These profiles describe who you are and what you want in a partner across six categories. This processing is performed by Anthropic's Claude API. The resulting preference documents are stored in your account and used for matching.
4.2 Embedding-Based Compatibility Scoring
Your preference documents are converted into 768-dimensional numerical vectors ("embeddings") by Google's Gemini embedding model. These embeddings are compared against other users' embeddings using cosine similarity to calculate compatibility scores. Candidates pass through radius filtering, matching gates (hard filters), two-pass scoring, and preference filters before being presented to you.
4.3 AI Reranking
After initial scoring, an optional AI reranker (Anthropic Claude) may evaluate the top candidates and adjust the final selection. This reranking considers both users' full preference profiles.
4.4 AI-Generated Match Portraits
For each match recommendation, Ember writes a text portrait describing the other person. These portraits are generated by Anthropic's Claude API using both users' profile data and preference documents. Portraits are shown to potential matches.
4.5 Voice AI
Voice conversations with Ember are streamed in real time to Google's Gemini API. Audio is not stored by Hearth. Only text transcripts of voice conversations are retained. Hearth does not create, store, or use voiceprints for identification purposes. See Section 8 for additional voice data disclosures.
4.6 Connection Coaching
When two users match, Ember can provide connection coaching within the conversation. Coaching is user-initiated. The AI has context on both users' profiles and compatibility data to inform its responses. Coaching is processed by Anthropic's Claude API.
4.7 Date Planning
Ember assists with date planning by searching for venues via Google Places API. Search queries and location preferences are sent to Google. See Section 5 for details on data shared with Google.
4.8 Automated Decision-Making Disclosure
Hearth uses automated decision-making technology ("ADMT") in the following ways:
- Match recommendations: Your daily match recommendations are generated entirely by automated processing (embedding similarity scoring, filtering, and AI reranking). No human reviews or selects your matches.
- Profiling: Ember extracts personality profiles from your conversations, which are used to determine compatibility with other users.
- Safety filtering: Automated content moderation may flag or restrict content or accounts.
Your right to opt out: You have the right to opt out of automated decision-making technology. To exercise this right, contact gwen@hearthdating.com. Note that opting out of matching ADMT will prevent Hearth from providing match recommendations, as the service relies on automated compatibility scoring.
5. How We Share Your Information
We share your information with the following third parties, solely for the purposes described below. We require each provider to maintain data protection standards at least equivalent to our own.
5.1 AI Providers
| Provider | Service | Data Shared | Purpose |
|---|---|---|---|
| Anthropic (Claude API) | Text AI | Chat messages, profile data, semantic memories, match data, preference documents | Ember text conversations, personality extraction, match portraits, reranking, connection coaching |
| Google (Gemini API) | Voice AI, Embeddings | Voice audio streams (real-time, not stored), profile context, preference document text | Voice conversations with Ember, 768-dim embedding generation |
| Google (Cloud Vision API) | Photo moderation | Profile photo image data | Automated content safety screening (detecting violent, adult, or otherwise unsafe content) |
5.2 Infrastructure and Services
| Provider | Service | Data Shared | Purpose |
|---|---|---|---|
| Google (Firebase Auth) | Authentication | Email, passkey/Google credentials | Account authentication |
| Google (Cloud Firestore) | Database | All user data stored in the service | Primary data storage |
| Google (Firebase Storage) | File storage | Photos, bug report screenshots | File storage |
| Google (FCM) / Apple (APNs) | Push notifications | Device tokens, notification content | Delivering push notifications |
| Google (Firebase Analytics) | Analytics | Disabled; no data collected | Firebase SDK present for push notifications only |
| Google (Cloud Run) | Backend hosting | All backend request data | Hosting Hearth's backend |
| Google (Secret Manager) | Secrets management | API keys only (no user data) | Secure storage of service credentials |
| Google (Places API) | Venue search | Search queries, user location | Date planning venue recommendations |
5.3 Authentication
| Provider | Service | Data Shared | Purpose |
|---|---|---|---|
| Google (Sign-In) | Authentication | Google account identity token | Sign-in with Google |
| Apple (Sign-In) | Authentication | Apple ID identity token | Sign-in with Apple |
5.4 Analytics
| Provider | Service | Data Shared | Purpose |
|---|---|---|---|
| PostHog | Product analytics | Analytics events (~80+ event types), user ID, behavioral data | Product analytics and service improvement |
PostHog does not receive message content, profile text, photos, voice audio, or AI-generated data.
5.5 ID Verification
| Provider | Service | Data Shared | Purpose |
|---|---|---|---|
| Trusona | ID verification | Verification session via Trusona's hosted flow; ID images are captured and processed entirely within Trusona's environment | Identity verification |
ID images never touch Hearth's servers. After verification, Hearth receives and stores: verified name, date of birth, document type, document expiry date, and risk scores. Trusona may retain data per their own privacy policy.
5.6 What Other Users See
Other users may see: your profile information (name, age, photos, demographics you chose to share), and AI-generated match portraits about you.
Other users do not see: your raw conversation transcripts with Ember, your preference documents, your embeddings, your ID verification documents, or your analytics data.
5.7 What We Do Not Do
- We do not sell your personal information. We have not sold personal information in the preceding 12 months.
- We do not share your personal information for cross-context behavioral advertising.
- We do not use advertising networks or ad tracking.
6. Sensitive Information
Hearth collects the following categories of sensitive personal information as defined under applicable state privacy laws:
- Gender identity and pronouns -- collected during onboarding; used for matching and profile display
- Sexual orientation -- implicit in partner gender preferences; used for matching
- Religious beliefs -- collected during onboarding if provided; used for matching preferences
- Lifestyle habits -- smoking, drinking, and similar preferences; used for matching filters
- Precise geolocation -- used for distance-based matching and date venue search
- Government-issued ID data -- name, date of birth, document type, expiry, and risk scores from ID verification (images handled by Trusona, not stored by Hearth)
We collect sensitive personal information only with your consent and only for the purposes of providing the Hearth service (matching, AI coaching, and identity verification). We do not use sensitive personal information for purposes beyond those disclosed here.
To limit our use of your sensitive personal information, see Section 15.
7. Consumer Health Data (Washington My Health My Data Act)
This section applies to consumers covered by the Washington My Health My Data Act.
7.1 Consumer Health Data We Collect
Under the Washington My Health My Data Act, the following data Hearth collects may qualify as "consumer health data":
- Gender identity
- Sexual orientation (implicit in partner preferences)
- Precise geolocation
7.2 Purposes
We collect this data for the following purposes:
- Gender identity and sexual orientation: to match you with compatible partners based on your stated preferences
- Precise geolocation: to calculate distances between users for location-based matching, and to search for date venues
7.3 Third Parties Receiving Consumer Health Data
- Google (Cloud Firestore): stores profile data including gender identity and location
- Google (Gemini API): receives profile context including gender identity for embedding generation
- Anthropic (Claude API): receives profile data including gender identity for personality extraction and matching
- Google (Places API): receives location data for venue search
- PostHog: receives location-related analytics events (not precise coordinates)
7.4 Your Rights
- Right to withdraw consent: You may withdraw consent for the collection of consumer health data at any time by contacting gwen@hearthdating.com. Withdrawing consent for gender identity or location data will prevent Hearth from providing matching services.
- Right to delete: You may request deletion of your consumer health data by contacting gwen@hearthdating.com or deleting your account.
7.5 No Sale of Consumer Health Data
We do not sell consumer health data. We will not sell consumer health data without your signed authorization.
7.6 Geofencing
Hearth does not geofence around healthcare facilities and will not use location data to identify consumers seeking healthcare services.
8. Voice Data
8.1 How Voice Data Is Processed
When you use voice mode to speak with Ember, your audio is streamed in real time to Google's Gemini API for processing. The audio stream is used solely to generate a conversational AI response.
8.2 Storage
Hearth does not store your voice audio. Audio is streamed to Google Gemini in real time and is not recorded or retained by Hearth.
Only text transcripts of voice conversations are retained by Hearth. These transcripts are stored in your account and are subject to the same retention and deletion policies as other chat messages (see Section 10).
8.3 No Voiceprints
Hearth does not create, store, or use voiceprints, voice templates, or any biometric identifiers derived from your voice for identification or authentication purposes.
8.4 Consent
Before your first voice session, you must accept the AI consent screen, which discloses that voice audio is streamed to Google for AI processing. You may choose text-only mode at any time.
8.5 Retention and Destruction
Voice transcripts are deleted when you delete your account. You may also request deletion of voice transcripts at any time by contacting gwen@hearthdating.com.
9. ID Verification
Hearth uses Trusona for identity verification.
- Document capture: The entire ID capture and verification process occurs within Trusona's hosted verification flow. Your ID images (photos of your government-issued ID) are captured by Trusona's interface and processed on Trusona's servers. ID images never touch Hearth's servers.
- What Hearth receives and stores: After successful verification, Trusona sends Hearth the following extracted data: your verified name, date of birth, document type, document expiry date, and risk scores.
- Purpose: Identity verification is used to confirm that users are real people and meet the minimum age requirement (18+). ID verification is not a background check (see Terms of Service).
- Trusona's retention: Trusona may retain data per their own privacy policy, which governs data within their hosted flow.
10. Data Retention
| Data Category | Retention Period |
|---|---|
| Profile data (demographics, photos, preferences) | Deleted upon account deletion |
| Chat messages (Ember, P2P, coaching) | Deleted upon account deletion |
| Voice transcripts | Deleted upon account deletion |
| AI preference documents and embeddings | Deleted upon account deletion |
| Semantic memories | Deleted upon account deletion |
| ID verification data (name, DOB, doc type, expiry, risk scores) | Deleted upon account deletion |
| Analytics data (PostHog) | Per PostHog project retention settings |
| Analytics data (Firebase Analytics) | Disabled; no data collected |
| Consent records (AI consent, terms acceptance) | 5 years from date of consent |
| Safety records (user reports, blocks) | Retained after account deletion for platform safety purposes |
| Bug reports and screenshots | 2 years from submission |
| Inactive accounts | Accounts with no activity for 2 years may be closed and data deleted |
When you delete your account, we initiate deletion of your data from our active systems. Some data may persist in backups for a limited period consistent with our backup retention schedule. Safety records (reports and blocks) are intentionally retained after account deletion to protect other users.
Account deletion covers all user data collections including: profile data, chat messages (Ember, P2P, connection coaching), voice transcripts, AI preference documents, semantic memories, date planning data, analytics events, consent records, feedback, and photos.
11. Your Rights
Depending on your state of residence, you may have the following rights regarding your personal information:
| Right | Description |
|---|---|
| Right to know | You can request the categories and specific pieces of personal information we have collected about you. |
| Right to access | You can request a copy of your personal information in a portable format. |
| Right to correct | You can request correction of inaccurate personal information. |
| Right to delete | You can request deletion of your personal information. You can also delete your account directly in the app (Settings > Delete Account). |
| Right to opt-out of sale/sharing | We do not sell or share your personal information for cross-context behavioral advertising. See Section 14. |
| Right to limit use of sensitive personal information | You can request that we limit the use of your sensitive personal information. See Section 15. |
| Right to opt-out of automated decision-making | You can opt out of automated decision-making technology used for profiling and matching. See Section 4.8. |
| Right to opt-out of profiling | You can opt out of profiling that produces legal or similarly significant effects. Contact us to exercise this right. |
| Right to data portability | You can request your data in a structured, commonly used format. |
| Non-discrimination | We will not discriminate against you for exercising any of these rights. We will not deny you service, charge different prices, or provide a different quality of service because you exercised a privacy right. |
How to Exercise Your Rights
Contact us at gwen@hearthdating.com to exercise any of these rights. We will verify your identity before processing your request. We will respond within the timeframe required by applicable law (generally 45 days, extendable by an additional 45 days with notice).
You may also designate an authorized agent to make a request on your behalf. We may require the agent to provide proof of authorization.
12. Data Security
We implement technical and organizational measures to protect your personal information:
- Encryption in transit: All data transmitted between the app and our servers is encrypted using TLS.
- Encryption at rest: Data stored in Google Cloud (Firestore, Firebase Storage, Cloud Run) is encrypted at rest using Google's default encryption.
- Infrastructure: Our backend runs on Google Cloud infrastructure, which maintains SOC 2, ISO 27001, and other security certifications.
- Authentication: We use Firebase Authentication with passkeys, Google Sign-In, and Apple Sign-In.
- Access controls: Backend API keys and credentials are stored in Google Secret Manager.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
13. Children
Hearth is intended solely for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. Age is verified during onboarding and confirmed through ID verification.
If we learn that we have collected personal information from a person under 18, we will delete that information and terminate the associated account.
14. Do Not Sell or Share My Personal Information
Hearth does not sell your personal information. Hearth has not sold personal information in the preceding 12 months.
Hearth does not share your personal information for cross-context behavioral advertising.
We share data with third-party service providers (listed in Section 5) solely for the purpose of operating the Hearth service. These providers are contractually restricted from using your data for any purpose other than providing their services to Hearth.
If you still wish to submit a "Do Not Sell or Share" request, contact gwen@hearthdating.com.
15. Limit the Use of My Sensitive Personal Information
Hearth uses sensitive personal information (gender identity, sexual orientation, religion, precise geolocation, and government ID data) only for the purposes of providing the Hearth service as described in this policy. We do not use sensitive personal information for purposes beyond what is necessary to provide the service.
If you wish to limit our use of your sensitive personal information, contact gwen@hearthdating.com. Note that limiting the use of certain sensitive data (such as gender identity or location) may prevent us from providing matching services.
16. Changes to This Policy
We may update this privacy policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top of this policy.
- For material changes, we will notify you via email (at the address associated with your account) or via an in-app notification before the changes take effect.
- We review this policy at minimum annually.
Your continued use of Hearth after the effective date of a revised policy constitutes acceptance of the revised terms.
17. Contact Us
If you have questions about this privacy policy or wish to exercise your privacy rights:
- Email: gwen@hearthdating.com