Heartlit Privacy Policy

Heartlit is built for one private connection. We collect only the information needed to create accounts, pair two people by invite, deliver little heart signals, support subscriptions, keep the service reliable, and respond to support requests.

Information We Collect

Account information. Heartlit uses Sign in with Apple. We store your Apple account identifier and, if Apple provides it, a protected form of your email address. Apple may provide a private relay address depending on your Apple settings.
Connection and signal information. We store invite, connection, preset moment, charge level, delivery, waiting, felt, saved, replay, echo, and timestamp records so the app can work between the two connected people.
Device notification information. If you allow notifications, we store Apple Push Notification service device-token material so Heartlit can deliver quiet little-heart notifications. Release builds encrypt APNs token material at rest.
Subscription information. We receive and verify App Store signed transaction and renewal information to maintain access to the Heartlit monthly subscription.
Support information. If you email support, we receive the information you choose to include in that message.

Information We Do Not Collect

Heartlit V1 does not collect contacts, location, photos, videos, audio, Apple Health data, heart measurements, free-text messages, public profiles, discovery or matching data, advertising data, or data for third-party tracking.

How We Use Information

To authenticate accounts and keep a private connection between exactly two people.
To send, receive, queue, replay, and mark little heart signals as felt.
To enforce recharge, quiet hours, subscription entitlement, account deletion, and safety limits.
To deliver notifications you choose to allow.
To verify App Store subscriptions and respond to App Store Server Notifications.
To provide support, debug service issues, prevent abuse, and comply with legal obligations.

Sharing

We do not sell personal information and do not share information for advertising or cross-app tracking. We use service providers that help operate Heartlit, such as Apple services, hosting, database, and email providers. They process information only as needed to provide those services to Heartlit.

Retention and Deletion

You can request account deletion in the Heartlit app. Account deletion ends your Heartlit connection, removes or de-identifies account-scoped app data where feasible, and attempts Sign in with Apple token revocation when available. Some limited records may be retained when needed for security, billing reconciliation, fraud prevention, service integrity, or legal obligations. Deleting your Heartlit account does not cancel an App Store subscription or trial; subscriptions are managed through Apple.

Children

Heartlit is not directed to children under 13. If you believe a child provided information to Heartlit, contact us so we can review and delete it where appropriate.

Security

We use administrative, technical, and operational safeguards designed to protect Heartlit information. No service can guarantee absolute security, but Heartlit is intentionally limited in scope and avoids collecting sensitive categories it does not need.

Changes

We may update this policy as Heartlit changes. The updated date above shows when the policy was last revised.

Contact

Questions or deletion requests can be sent to jonathan@heartlit.app.