Privacy Policy
Last Updated: July 14, 2026
1. Who We Are
Hearth Dating Inc. ("Hearth," "we," "us," or "our") operates the Hearth mobile application and the website at hearthdating.com (together, the "Service"). We are the data controller responsible for your personal information.
Contact:
- Email: privacy@hearthdating.com
- Address: Available upon request
2. Information We Collect
2.1 Information You Provide
| Category | Examples | Source |
|---|---|---|
| Account credentials | Email address, passkey, Google or Apple sign-in token | You, via account creation |
| Profile demographics | Name, gender identity, age/date of birth, pronouns, height, location, occupation, relationship intent, partner preferences, religion, lifestyle habits (e.g., smoking, drinking) | You, via onboarding chat |
| Photos | Profile photos, bug report screenshots | You, via app upload |
| Messages | Text messages to Ember (AI coach), text messages to other users (P2P chat), connection coaching messages | You, via in-app messaging |
| Voice audio | Real-time voice audio during conversations with Ember | You, via in-app voice sessions |
| ID scan data | Date of birth and expiry date extracted from the barcode on your US driver's license, scanned on-device | You, via ID scan |
| Feedback | Emoji reactions to matches, "We Met" responses, bug reports | You, via in-app prompts |
2.2 Information Generated by AI
| Category | Description |
|---|---|
| Preference documents | Structured personality profiles extracted from your Ember conversations, covering six categories: core values, emotional intelligence, lifestyle patterns, future vision, personality temperament, and social dynamics. Each category has a "has" profile (who you are) and a "wants" profile (what you seek in a partner). |
| Embeddings | 768-dimensional numerical vectors generated from your preference documents, used for compatibility scoring. |
| Match portraits | Text descriptions of you written by the AI for presentation to potential matches. |
| Semantic memories | Contextual information the AI retains from your conversations to personalize future interactions. |
| Dealbreaker profile | Structured summary of your stated dealbreakers for matching. |
2.3 Information Collected Automatically
| Category | Examples | Source |
|---|---|---|
| Device information | Device model, operating system version, app version, IDFV (Identifier for Vendor) | Your device |
| Analytics events | App usage events (~80+ event types), screen views, feature interactions, user ID, behavioral data | PostHog SDK and Firebase Analytics |
| Web analytics (website visitors) | Pages viewed, referring URL, approximate location (derived from IP), device type, browser user agent, session duration, Ember chat widget interactions, pseudonymous visitor ID stored in browser localStorage | PostHog (via the hearthdating.com website) |
| Push notification tokens | FCM (Firebase Cloud Messaging) device tokens, APNs tokens | Firebase and Apple Push Notification service |
| Consent records | Timestamps and versions of consents granted (AI consent, terms acceptance) | Generated when you grant consent |
Note on Firebase Analytics: Firebase Analytics data collection is disabled in the Hearth app. The Firebase SDK is included for push notification functionality only.
2.4 Cookies and Similar Technologies
hearthdating.com uses cookies and similar browser storage for two purposes: first-party product analytics (PostHog), which we treat as an essential part of operating the site, and third-party advertising-measurement pixels (Reddit and Meta/Facebook), which load by default on an opt-out basis. These pixels measure clicks on our "Download now" button from people who arrived via a Reddit or Meta ad, and — because advanced matching is enabled — may share a hashed (one-way encrypted) version of an email address you enter on the site (and, for Reddit, a phone number) with Reddit and Meta to match those clicks to ad views. For the Meta pixel we also enable Limited Data Use, which supports the privacy laws of US states where Meta determines you may be located. You can opt out at any time via the "Do Not Sell or Share My Personal Information" link in the footer, the "Manage Cookies" toggle in the footer, or by enabling Global Privacy Control in your browser. See Section 5.4 for the full ad-measurement disclosure.
| Technology | Purpose | Set By | Expiry |
|---|---|---|---|
localStorage (PostHog) | Pseudonymous visitor ID for first-party analytics. Not linked to your Hearth account unless you sign in. | hearthdating.com | Persists until you clear browser storage |
localStorage (Ember chat widget) | Stores your in-progress chat with Ember on the website so the conversation persists across pageviews. Not shared with third parties. | hearthdating.com | Persists until you clear browser storage or end the conversation |
localStorage (hearth_consent_v1) | Records your opt-out choice ("granted" / "declined") so we honor it on subsequent visits. | hearthdating.com | Persists until you clear browser storage |
_rdt_uuid and related Reddit cookies (first-party on hearthdating.com; Reddit may also set cookies on its own domains, which we cannot clear from here) | Reddit advertising pixel used to measure ad-driven "Download now" clicks. Set by default on first visit. First-party cookies on hearthdating.com are not set (and cleared if previously set) when you opt out via the footer or when Global Privacy Control is enabled. Cookies on reddit.com are not accessible from hearthdating.com and must be managed via your browser settings or Reddit itself. | Up to 90 days | |
_fbp and _fbc (first-party on hearthdating.com; Meta may also set cookies on its own domains, which we cannot clear from here) | Meta (Facebook) advertising pixel used to measure ad-driven "Download now" clicks; _fbc is set only when you arrive via a Meta ad click. Set by default on first visit. First-party cookies on hearthdating.com are not set (and cleared if previously set) when you opt out via the footer or when Global Privacy Control is enabled. Cookies on facebook.com are not accessible from hearthdating.com and must be managed via your browser settings or Meta itself. | Meta (Facebook) | Up to 90 days |
Your choice and Global Privacy Control. A click on "Do Not Sell or Share My Personal Information" in the footer (a one-click opt-out method provided under 11 CCR § 7026(b)), a Global Privacy Control signal sent by your browser (navigator.globalPrivacyControl) (honored as a binding opt-out preference signal under 11 CCR § 7025), or selecting "opt out" in the "Manage Cookies" panel is treated as a binding opt-out: we do not load the Reddit or Meta pixels (so no advanced-matching data is collected or shared), and we clear first-party Reddit (_rdt_uuid) and Meta (_fbp, _fbc) cookies on hearthdating.com. Cookies on reddit.com and facebook.com are not accessible from this site; clear them via your browser or your Reddit / Meta account if you previously visited those sites. You can revisit your choice at any time via the "Manage Cookies" link in the footer or by emailing privacy@hearthdating.com.
The Hearth mobile application does not use cookies. It includes one advertising-measurement component: Meta's (Facebook's) software development kit, used only to measure whether our ads on Meta's platforms are working. It is data-minimized — it collects no advertising identifier (IDFA) and never authorizes tracking as Apple defines it (linking your individual data with other companies' data for advertising) — and it can be turned off at any time with the "Do Not Sell or Share My Personal Information" toggle in the app's Settings. Install attribution uses Apple's aggregate, privacy-preserving SKAdNetwork framework, which does not identify you; because the app never tracks you, Apple's App Tracking Transparency prompt does not apply and is not shown. See Section 5.4 for the full disclosure. All other analytics in the app are delivered via the PostHog SDK as described in Section 2.3.
3. How We Use Your Information
We use your information for the following business purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Matching | Profile demographics, preference documents, embeddings, dealbreakers | Providing the service you requested |
| AI coaching (Ember) | Chat messages, profile data, semantic memories, preference documents | Providing the service you requested |
| Compatibility scoring | 768-dim embeddings across six preference categories, with optional AI reranking | Providing the service you requested |
| Match portraits | Your preference documents, profile data | Providing the service you requested |
| Voice AI conversations | Real-time voice audio streamed to Google Gemini | Providing the service you requested; consent |
| Connection coaching | Match data, both users' profiles, chat context | Providing the service you requested |
| Date planning | Search queries, location preferences | Providing the service you requested |
| ID scan | Date of birth and expiry from on-device barcode scan | Age confirmation; safety |
| Safety and moderation | Messages, reports, blocks, profile photos (screened by Google Cloud Vision) | Safety and legal obligations |
| Anonymized preference analytics | Aggregated, anonymized user preference data (no individual-level data) | Legitimate business interest in improving matching quality |
| Push notifications | FCM/APNs tokens, notification content | Providing the service you requested |
| Product analytics | Analytics events, device info, behavioral data | Legitimate business interest in improving the service |
| Account management | Account credentials, profile data | Providing the service you requested |
| Bug reports | Screenshots, device info, user-submitted descriptions | Improving the service |
We do not use the information you provide inside the Hearth mobile app — your profile, messages, voice transcripts, photos, embeddings, AI-generated content, or the details of your matches and conversations — for advertising; the only in-app activity shared for advertising measurement is the milestone events (event names only) described below. We use personal information for advertising measurement in two limited, opt-out ways only: (1) the website-side Reddit and Meta (Facebook) conversion-measurement pixels on hearthdating.com (Section 2.4 and Section 5.4), and (2) Meta's advertising-measurement SDK in the Hearth iOS app, which sends Meta a limited set of app activity milestone events — event names only, such as that you completed registration, sent a first message, expressed interest in someone, reached a mutual match, or completed the ID check — plus technical device data such as IP address, device model, and app version (but not your device's advertising identifier, which we do not collect), and never sends Meta the content of anything you do in Hearth: no profile details, messages, voice transcripts, photos, embeddings, AI-generated content, or the identity of anyone you match or communicate with (Section 5.4). It can be turned off at any time in the app's Settings. This advertising-measurement data sharing may qualify as a "sale" and/or "share" under the CCPA; see Section 14 for how to opt out.
4. AI and Automated Processing
Hearth uses artificial intelligence extensively. This section describes each type of AI processing.
4.1 Personality Extraction
When you chat with Ember (our AI coach), your conversations are analyzed to generate structured personality profiles ("preference documents"). These profiles describe who you are and what you want in a partner across six categories. This processing is performed by Anthropic's Claude API. The resulting preference documents are stored in your account and used for matching.
4.2 Embedding-Based Compatibility Scoring
Your preference documents are converted into 768-dimensional numerical vectors ("embeddings") by Google's Gemini embedding model. These embeddings are compared against other users' embeddings using cosine similarity to calculate compatibility scores. Candidates pass through radius filtering, matching gates (hard filters), two-pass scoring, and preference filters before being presented to you.
4.3 AI Reranking
After initial scoring, an optional AI reranker (Anthropic Claude) may evaluate the top candidates and adjust the final selection. This reranking considers both users' full preference profiles.
4.4 AI-Generated Match Portraits
For each match recommendation, Ember writes a text portrait describing the other person. These portraits are generated by Anthropic's Claude API using both users' profile data and preference documents. Portraits are shown to potential matches.
4.5 Voice AI
Voice conversations with Ember are streamed in real time to Google's Gemini API. Audio is not stored by Hearth. Only text transcripts of voice conversations are retained. Hearth does not create, store, or use voiceprints for identification purposes. See Section 8 for additional voice data disclosures.
4.6 Connection Coaching
When two users match, Ember can provide connection coaching within the conversation. Coaching is user-initiated. The AI has context on both users' profiles and compatibility data to inform its responses. Coaching is processed by Anthropic's Claude API.
4.7 Date Planning
Ember assists with date planning by searching for venues via Google Places API. Search queries and location preferences are sent to Google. See Section 5 for details on data shared with Google.
4.8 Automated Decision-Making Disclosure
Hearth uses automated decision-making technology ("ADMT") in the following ways:
- Match recommendations: Your daily match recommendations are generated entirely by automated processing (embedding similarity scoring, filtering, and AI reranking). No human reviews or selects your matches.
- Profiling: Ember extracts personality profiles from your conversations, which are used to determine compatibility with other users.
- Safety filtering: Automated content moderation may flag or restrict content or accounts.
Your right to opt out: You have the right to opt out of automated decision-making technology. To exercise this right, contact privacy@hearthdating.com. Note that opting out of matching ADMT will prevent Hearth from providing match recommendations, as the service relies on automated compatibility scoring.
4.9 Crisis Signal Detection (California SB 243 Companion Chatbot Safety)
Ember qualifies as a "companion chatbot" under California SB 243 (effective January 1, 2026). This section describes our safety protocol.
Automatic detection. When you communicate with Ember (text or voice), we automatically scan your messages and voice transcripts for crisis signals — specifically language indicating suicidal thoughts, self-harm intent, domestic violence, or immediate danger. Detection uses two layers:
- AI tool signal: In voice sessions, the AI model itself may flag a concern by calling an internal
flag_safety_concernfunction when it recognizes crisis signals in conversation. - Keyword scan: In both text and voice surfaces, a server-side keyword scan runs on each user message and each voice transcript turn, matching against a list of high- and medium-confidence crisis phrases.
In-moment response. When a high-confidence crisis signal is detected, Ember is instructed to pause the current conversation and share the following crisis resources: 988 Suicide & Crisis Lifeline (call or text 988), Crisis Text Line (text HOME to 741741), National Domestic Violence Hotline (1-800-799-7233), and 911 for immediate danger.
What we log. Every detection creates a record in our internal safety_events collection containing: timestamp, surface (Ember chat, Relationship Mode check-in, voice), detection source (AI tool signal, keyword scan, or both), severity level, matched keywords or model reason, a short message excerpt, session identifier, and whether resources were delivered. Records are internal and are not shared with other users.
Human review. Logged events are reviewed internally on a weekly cadence (48-72 hour response target) to verify that resources were delivered and to improve the detection list. We do not proactively contact users flagged by the system — our posture is in-moment referral only. If you want to speak with someone about a crisis signal on your account, email privacy@hearthdating.com.
Retention. Safety event records are retained after account deletion, consistent with how we retain other safety records (see Section 10). This is because crisis signal logs support documented compliance with SB 243 and platform-safety obligations.
Not a substitute for professional help. Ember is not a therapist, counselor, or clinician, and this safety protocol is not a mental-health service. It is a documented referral mechanism as required by California SB 243. If you are in crisis, please contact 988 or your local emergency services directly.
5. How We Share Your Information
We share your information with the following third parties, solely for the purposes described below. We require each provider to maintain data protection standards at least equivalent to our own.
5.1 AI Providers
| Provider | Service | Data Shared | Purpose |
|---|---|---|---|
| Anthropic (Claude API) | Text AI | Chat messages, profile data, semantic memories, match data, preference documents | Ember text conversations, personality extraction, match portraits, reranking, connection coaching |
| Google (Gemini API) | Voice AI, Embeddings | Voice audio streams (real-time, not stored), profile context, preference document text | Voice conversations with Ember, 768-dim embedding generation |
| Google (Cloud Vision API) | Photo moderation | Profile photo image data | Automated content safety screening (detecting violent, adult, or otherwise unsafe content) |
5.2 Infrastructure and Services
| Provider | Service | Data Shared | Purpose |
|---|---|---|---|
| Google (Firebase Auth) | Authentication | Email, passkey/Google credentials | Account authentication |
| Google (Cloud Firestore) | Database | All user data stored in the service | Primary data storage |
| Google (Firebase Storage) | File storage | Photos, bug report screenshots | File storage |
| Google (FCM) / Apple (APNs) | Push notifications | Device tokens, notification content | Delivering push notifications |
| Google (Firebase Analytics) | Analytics | Disabled; no data collected | Firebase SDK present for push notifications only |
| Google (Cloud Run) | Backend hosting | All backend request data | Hosting Hearth's backend |
| Google (Secret Manager) | Secrets management | API keys only (no user data) | Secure storage of service credentials |
| Google (Places API) | Venue search | Search queries, user location | Date planning venue recommendations |
5.3 Authentication
| Provider | Service | Data Shared | Purpose |
|---|---|---|---|
| Google (Sign-In) | Authentication | Google account identity token | Sign-in with Google |
| Apple (Sign-In) | Authentication | Apple ID identity token | Sign-in with Apple |
5.4 Analytics and Conversion Measurement
| Provider | Service | Data Shared | Purpose |
|---|---|---|---|
| PostHog | Product analytics (mobile app) | Analytics events (~80+ event types), user ID, behavioral data | Product analytics and service improvement |
| PostHog | Web analytics (hearthdating.com) | Pageviews, referrer, device/browser info, approximate location from IP, Ember chat widget events, pseudonymous visitor ID | Measuring website traffic and Ember chat widget engagement |
| Web advertising pixel (hearthdating.com only; opt-out) | Page URLs you visit on hearthdating.com, IP address, user-agent string, a Reddit-managed pixel identifier in cookies, a hashed (one-way encrypted) email address or phone number if you enter one on the site (Reddit's advanced matching), and a conversion event when you click the "Download now" CTA | Measure ad-driven "Download now" clicks from people who arrived via a Reddit ad | |
| Meta (Facebook) | Web advertising pixel (hearthdating.com only; opt-out; Limited Data Use enabled) | Page URLs you visit on hearthdating.com, IP address, user-agent string, a Meta-managed pixel identifier in cookies (_fbp/_fbc), a hashed (one-way encrypted) version of your email address if you enter one on the site (Meta's email-only Advanced Matching), and a conversion event when you click the "Download now" CTA. We do not send Meta your name, gender, date of birth, or location. | Measure ad-driven "Download now" clicks from people who arrived via a Meta ad |
| Meta (Facebook) — Hearth iOS app | Advertising-measurement SDK (Facebook SDK; SKAdNetwork-only configuration — no advertising identifier, no tracking authorization; opt-out in app Settings; Limited Data Use enabled) | A limited set of app activity milestone events (event names only — for example, that you completed registration, sent a first message, expressed interest in someone, reached a mutual match, or completed the ID check); IP address; device and app information (device model, OS version, app version). We do not collect your device's advertising identifier (IDFA). We never send Meta the content of anything you do in Hearth — no name, email, gender, date of birth, location, profile details, messages, photos, voice transcripts, ID-scan data, or the identity of anyone you match or communicate with. | Measure whether our ads on Facebook and Instagram lead to installs and meaningful use of Hearth, so we can tell which ads work. Install attribution additionally uses Apple's aggregate SKAdNetwork framework, which does not identify you. |
PostHog does not receive message content, profile text, photos, voice audio, or AI-generated data. Web pageview events are tagged with platform: "web" and are separate from in-app events.
Advertising-measurement scope. The Reddit and Meta (Facebook) web pixels fire only on hearthdating.com pages and are not embedded in the Hearth mobile app. The Hearth iOS app contains one advertising-measurement component — Meta's SDK described in the row above — which is limited to app activity milestone events: event names plus technical device data, never content. None of these advertising-measurement tools — web or app — has access to your Hearth account, profile, messages, photos, voice transcripts, ID-scan data, embeddings, AI-generated content, or the identity of anyone you match or communicate with.
Advanced Matching: enabled for both pixels. Reddit's advanced matching is turned on: when the pixel is active (i.e., you have not opted out), it collects email addresses or phone numbers you enter into on-page forms (such as the email signup form), hashes them with a one-way function in your browser, and sends the hash to Reddit so Reddit can match your activity to an ad you saw. Meta's Automatic Advanced Matching is also enabled, but configured to use your email address only — it reads the email you enter into on-page forms, hashes it (SHA-256) in your browser, and sends only the hash to Meta. We do not send Meta your name, gender, date of birth, or location. We do not send Reddit or Meta the raw (unhashed) value, and no advanced-matching data is collected or sent if you have opted out or have Global Privacy Control enabled — in that case the pixels do not load at all. For the Meta pixel we additionally enable Limited Data Use, which supports the privacy laws of US states where Meta determines you may be located.
Opt-out. The Reddit and Meta pixels load by default on hearthdating.com. You can opt out at any time via the "Do Not Sell or Share My Personal Information" link in the footer (a one-click opt-out method per 11 CCR § 7026(b)), the "Manage Cookies" toggle in the footer, by enabling Global Privacy Control in your browser, or by emailing privacy@hearthdating.com. If your browser sends a Global Privacy Control signal, we honor it automatically: we do not load the pixels (so no advanced-matching data is collected or shared), and we clear first-party Reddit and Meta cookies on hearthdating.com.
Meta (Facebook) advertising measurement in the Hearth app. The Hearth iOS app includes Meta's Facebook SDK to measure the effectiveness of our advertising on Meta's platforms — to learn whether people who install and use Hearth arrived from a Facebook or Instagram ad. The SDK is configured so that tracking, as Apple defines it (linking your individual data with other companies' data for advertising), is never authorized: we do not collect your device's advertising identifier (IDFA), we do not show Apple's App Tracking Transparency prompt because there is no tracking to authorize, and iOS itself blocks the SDK's tracking endpoints in this configuration. What Meta receives is a limited set of app activity milestone events — event names only, such as that you completed registration, sent a first message, expressed interest in someone, reached a mutual match, or completed the ID check — together with your IP address and device and app information. Install attribution additionally uses Apple's aggregate, privacy-preserving SKAdNetwork framework, which does not identify you. We do not send Meta your name, email, gender, date of birth, location, profile, messages, photos, voice transcripts, ID-scan data, or the identity of anyone you match or communicate with — never the content of anything you do in Hearth. For the app SDK we enable Meta's Limited Data Use, which supports the privacy laws of US states where Meta determines you may be located. This may qualify as a "sale" and/or "share" of personal information under the CCPA and as "targeted advertising" under other US state privacy laws; see Section 14.
Opt out. You can opt out at any time by turning on "Do Not Sell or Share My Personal Information" in the app's Settings; the setting lives on your device and takes effect immediately. Opting out stops all Meta SDK event sharing from the app; Apple's aggregate SKAdNetwork install measurement, which does not identify you, may still occur. You can also email privacy@hearthdating.com and we will guide you to this setting.
5.5 ID Scan
The ID scan happens entirely on your device. No third-party sub-processor is involved in the barcode path, and no images are captured. The barcode scan on your device decodes the date of birth and expiry from your US driver's license; Hearth receives only those decoded fields plus a one-way hash of the document number used to detect when the same ID has been used to register a different account. We do not receive or store your name, ID photo, or any image of your ID.
5.6 What Other Users See
Other users may see: your profile information (name, age, photos, demographics you chose to share), and AI-generated match portraits about you.
Other users do not see: your raw conversation transcripts with Ember, your preference documents, your embeddings, your ID scan data, or your analytics data.
5.7 What We Do Not Do
- We do not sell your personal information for money. We have not sold personal information in the preceding 12 months.
- We do not share your Hearth account, profile, messages, photos, voice transcripts, embeddings, or AI-generated content with any advertising network.
- The Hearth mobile app contains one advertising-measurement component and nothing more. The only advertising component in the app is Meta's advertising-measurement SDK (Section 5.4), which is limited to app activity milestone events (event names plus technical device data), collects no advertising identifier, and never receives your profile, messages, photos, or any content from inside the app. It can be turned off at any time in the app's Settings. The Reddit and Meta web pixels run only on hearthdating.com.
- The Reddit and Meta (Facebook) pixels are the only third-party advertising tags on hearthdating.com. They load by default on an opt-out basis. They do not load if you have opted out (via the footer "Do Not Sell or Share" link, the "Manage Cookies" toggle, or Global Privacy Control).
6. Sensitive Information
Hearth collects the following categories of sensitive personal information as defined under applicable state privacy laws:
- Gender identity and pronouns -- collected during onboarding; used for matching and profile display
- Sexual orientation -- implicit in partner gender preferences; used for matching
- Religious beliefs -- collected during onboarding if provided; used for matching preferences
- Lifestyle habits -- smoking, drinking, and similar preferences; used for matching filters
- Precise geolocation -- used for distance-based matching and date venue search
- Government-issued ID data -- date of birth, document type, and expiry date extracted from the barcode of a US driver's license. No images are captured or stored.
We collect sensitive personal information only with your consent and only for the purposes of providing the Hearth service (matching, AI coaching, and age confirmation via ID scan). We do not use sensitive personal information for purposes beyond those disclosed here.
To limit our use of your sensitive personal information, see Section 15.
7. Consumer Health Data (Washington My Health My Data Act)
This section applies to consumers covered by the Washington My Health My Data Act.
7.1 Consumer Health Data We Collect
Under the Washington My Health My Data Act, the following data Hearth collects may qualify as "consumer health data":
- Gender identity
- Sexual orientation (implicit in partner preferences)
- Precise geolocation
7.2 Purposes
We collect this data for the following purposes:
- Gender identity and sexual orientation: to match you with compatible partners based on your stated preferences
- Precise geolocation: to calculate distances between users for location-based matching, and to search for date venues
7.3 Third Parties Receiving Consumer Health Data
- Google (Cloud Firestore): stores profile data including gender identity and location
- Google (Gemini API): receives profile context including gender identity for embedding generation
- Anthropic (Claude API): receives profile data including gender identity for personality extraction and matching
- Google (Places API): receives location data for venue search
- PostHog: receives location-related analytics events (not precise coordinates)
The Reddit and Meta web pixels described in Section 5.4 receive website navigation and click events on hearthdating.com (and, where advanced matching applies, a hashed email — or, for Reddit, a phone number — you enter on the site). Meta's advertising-measurement SDK in the Hearth iOS app receives app activity milestone events (event names only) and technical device data; we do not collect your device's advertising identifier. None of these tools — web or app — receives gender identity, sexual orientation, precise geolocation, the content of your messages, the identity of anyone you match or communicate with, or any other category that may qualify as consumer health data under the Washington My Health My Data Act.
7.4 Your Rights
- Right to withdraw consent: You may withdraw consent for the collection of consumer health data at any time by contacting privacy@hearthdating.com. Withdrawing consent for gender identity or location data will prevent Hearth from providing matching services.
- Right to delete: You may request deletion of your consumer health data by contacting privacy@hearthdating.com or deleting your account.
- Right to opt out of advertising measurement: If you are a Washington consumer, you may opt out of the Reddit and Meta web pixels on hearthdating.com by clicking "Do Not Sell or Share My Personal Information" or "Manage Cookies" in the footer, or by enabling Global Privacy Control in your browser. You may opt out of Meta's advertising-measurement SDK in the Hearth iOS app by turning on "Do Not Sell or Share My Personal Information" in the app's Settings. Opting out does not affect your ability to use the Hearth mobile app.
7.5 No Sale of Consumer Health Data
We do not sell consumer health data. We will not sell consumer health data without your signed authorization.
7.6 Geofencing
Hearth does not geofence around healthcare facilities and will not use location data to identify consumers seeking healthcare services.
8. Voice Data
8.1 How Voice Data Is Processed
When you use voice mode to speak with Ember, your audio is streamed in real time to Google's Gemini API for processing. The audio stream is used solely to generate a conversational AI response.
8.2 Storage
Hearth does not store your voice audio. Audio is streamed to Google Gemini in real time and is not recorded or retained by Hearth.
Only text transcripts of voice conversations are retained by Hearth. These transcripts are stored in your account and are subject to the same retention and deletion policies as other chat messages (see Section 10).
8.3 No Voiceprints
Hearth does not create, store, or use voiceprints, voice templates, or any biometric identifiers derived from your voice for identification or authentication purposes.
8.4 Granting and Withdrawing Consent
Before your first voice session, you must accept the AI consent screen, which discloses that voice audio is streamed to Google for AI processing. You may choose text-only mode at any time.
You may withdraw your AI data-processing consent at any time in the app via Settings, by emailing privacy@hearthdating.com, or by deleting your account. Hearth's AI features, including Ember text and voice conversations, personality extraction, compatibility scoring, and photo moderation, rely on the third-party AI providers listed in Section 5.1, so withdrawing this consent disables those AI features until you grant consent again.
8.5 Retention and Destruction
Voice transcripts are deleted when you delete your account. You may also request deletion of voice transcripts at any time by contacting privacy@hearthdating.com.
9. ID Scan
Hearth uses an on-device ID scan to confirm user age.
- Document capture: The ID scan happens entirely on your device using your phone's camera. You scan the barcode on the back of your US driver's license. No image of your ID is captured, transmitted, or stored. Only the decoded barcode payload is sent to Hearth's servers.
- What Hearth receives and stores: After a successful scan, Hearth stores your date of birth, the document expiry date, the document type (US driver's license), and a one-way hash of the document number used to detect ID reuse across accounts. Hearth does NOT receive or store your name, address, photograph, or any other field from the barcode.
- Purpose: The ID scan is used to confirm that users are at least 18 years old. The ID scan is not an identity check, is not a background check (see Terms of Service), and does not authoritatively verify who the user is.
- Retention: Hearth retains the extracted fields for as long as your account is active and for the period stated in the retention table below.
10. Data Retention
| Data Category | Retention Period |
|---|---|
| Profile data (demographics, photos, preferences) | Deleted upon account deletion |
| Chat messages (Ember, P2P, coaching) | Deleted upon account deletion |
| Voice transcripts | Deleted upon account deletion |
| AI preference documents and embeddings | Deleted upon account deletion |
| Semantic memories | Deleted upon account deletion |
| ID scan data (DOB, doc type, expiry, document hash) | Deleted upon account deletion |
| Analytics data (PostHog — app and website) | Per PostHog project retention settings |
| Analytics data (Firebase Analytics) | Disabled; no data collected |
| Consent records (AI consent, terms acceptance) | 5 years from date of consent |
| Safety records (user reports, blocks) | Retained after account deletion for platform safety purposes |
| Crisis safety events (SB 243 detection logs) | Retained after account deletion for documented regulatory compliance (see Section 4.9) |
| Bug reports and screenshots | 2 years from submission |
| Inactive accounts | Accounts with no activity for 2 years may be closed and data deleted |
When you delete your account, we initiate deletion of your data from our active systems. Some data may persist in backups for a limited period consistent with our backup retention schedule. Safety records (reports and blocks) are intentionally retained after account deletion to protect other users.
Account deletion covers all user data collections including: profile data, chat messages (Ember, P2P, connection coaching), voice transcripts, AI preference documents, semantic memories, date planning data, analytics events, consent records, feedback, and photos.
11. Your Rights
Depending on your state of residence, you may have the following rights regarding your personal information:
| Right | Description |
|---|---|
| Right to know | You can request the categories and specific pieces of personal information we have collected about you. |
| Right to access | You can request a copy of your personal information in a portable format. |
| Right to correct | You can request correction of inaccurate personal information. |
| Right to delete | You can request deletion of your personal information. You can also delete your account directly in the app (Settings > Delete Account). |
| Right to opt-out of sale/sharing | We do not sell your personal information for money. For the website's Reddit and Meta ad-measurement pixels (Section 5.4), use the "Do Not Sell or Share My Personal Information" link in the footer for a one-click opt-out, the "Manage Cookies" toggle in the footer, or enable Global Privacy Control. For Meta's advertising-measurement SDK in the Hearth iOS app, turn on "Do Not Sell or Share My Personal Information" in the app's Settings. See Section 14. |
| Right to limit use of sensitive personal information | You can request that we limit the use of your sensitive personal information. See Section 15. |
| Right to opt-out of automated decision-making | You can opt out of automated decision-making technology used for profiling and matching. See Section 4.8. |
| Right to opt-out of profiling | You can opt out of profiling that produces legal or similarly significant effects. Contact us to exercise this right. |
| Right to data portability | You can request your data in a structured, commonly used format. |
| Right to withdraw AI consent | You can withdraw consent for AI data processing at any time in the app (Settings), by emailing privacy@hearthdating.com, or by deleting your account. Because Hearth's AI features depend on the third-party AI providers in Section 5.1, withdrawing this consent disables those features until you grant it again. See Section 8.4. |
| Non-discrimination | We will not discriminate against you for exercising any of these rights. We will not deny you service, charge different prices, or provide a different quality of service because you exercised a privacy right. |
How to Exercise Your Rights
Contact us at privacy@hearthdating.com to exercise any of these rights. We will verify your identity before processing your request. We will respond within the timeframe required by applicable law (generally 45 days, extendable by an additional 45 days with notice).
You may also designate an authorized agent to make a request on your behalf. We may require the agent to provide proof of authorization.
12. Data Security
We implement technical and organizational measures to protect your personal information:
- Encryption in transit: All data transmitted between the app and our servers is encrypted using TLS.
- Encryption at rest: Data stored in Google Cloud (Firestore, Firebase Storage, Cloud Run) is encrypted at rest using Google's default encryption.
- Infrastructure: Our backend runs on Google Cloud infrastructure, which maintains SOC 2, ISO 27001, and other security certifications.
- Authentication: We use Firebase Authentication with passkeys, Google Sign-In, and Apple Sign-In.
- Access controls: Backend API keys and credentials are stored in Google Secret Manager.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
13. Children
Hearth is intended solely for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. Age is captured during onboarding and confirmed via an on-device ID scan.
If we learn that we have collected personal information from a person under 18, we will delete that information and terminate the associated account.
14. Do Not Sell or Share My Personal Information
Hearth does not sell your personal information for money. Hearth has not sold personal information in the preceding 12 months.
Hearth uses advertising-measurement tools that share limited data for cross-context advertising: (1) the Reddit and Meta (Facebook) pixels on hearthdating.com, and (2) Meta's advertising-measurement SDK in the Hearth iOS app (see Section 5.4). The web pixels share your online activity with Reddit and Meta, and, with advanced matching enabled, may also share a hashed email (and, for Reddit, a phone number) you enter on the site. The app SDK shares app activity milestone events (event names only, plus technical device data, but not your device advertising identifier, which we do not collect) with Meta. This qualifies as "sharing" (and may qualify as a "sale") under the CCPA. The web pixels load by default; the app SDK is on by default and can be turned off at any time. Both can be opted out as described below.
You can opt out at any time by:
- Clicking the "Do Not Sell or Share My Personal Information" link in the footer — a one-click opt-out method per 11 CCR § 7026(b) that immediately persists your choice, clears first-party Reddit and Meta cookies on hearthdating.com, and prevents the pixels from loading on future visits, or
- Clicking the "Manage Cookies" link in the footer and selecting "opt out," or
- Enabling Global Privacy Control in your browser — we honor
navigator.globalPrivacyControlautomatically and clear any Reddit and Meta cookies that were previously set, or - In the Hearth iOS app: turning on "Do Not Sell or Share My Personal Information" in Settings — this stops the Meta SDK from sharing your data, or
- Emailing privacy@hearthdating.com with subject "Do Not Sell or Share." For the app SDK, the opt-out takes effect on your device, so we will respond by guiding you to the in-app setting above.
We share data with the third-party service providers listed in Section 5 solely for the purpose of operating the Hearth service. Those providers are contractually restricted from using your data for any purpose other than providing their services to Hearth.
15. Limit the Use of My Sensitive Personal Information
Hearth uses sensitive personal information (gender identity, sexual orientation, religion, precise geolocation, and government ID data) only for the purposes of providing the Hearth service as described in this policy. We do not use sensitive personal information for purposes beyond what is necessary to provide the service.
If you wish to limit our use of your sensitive personal information, contact privacy@hearthdating.com. Note that limiting the use of certain sensitive data (such as gender identity or location) may prevent us from providing matching services.
16. Changes to This Policy
We may update this privacy policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top of this policy.
- For material changes, we will notify you via email (at the address associated with your account) or via an in-app notification before the changes take effect.
- We review this policy at minimum annually.
Your continued use of Hearth after the effective date of a revised policy constitutes acceptance of the revised terms.
17. Contact Us
If you have questions about this privacy policy or wish to exercise your privacy rights:
- Email: privacy@hearthdating.com