Privacy Policy

Effective Date: March 25, 2026

Heirloom is operated by PRJCT LAZRUS LLC (“we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Heirloom mobile application (the “App”).

1. Information We Collect

We may collect the following types of information:

• Account Information: Name, email address, and profile data you provide during registration via Firebase Authentication.
• Wellness Data: Mood entries, journal content, cognitive load assessments, and regulation preferences you create within the App.
• Usage Data: Information about how you interact with the App, including session duration, feature usage, and device information, collected through our W33knd analytics pipeline.
• Voice Data: Audio recordings processed through AWS Transcribe for voice interaction features. Audio is processed in real time and not stored beyond the session.
• Device Information: Device type, operating system, unique device identifiers, and mobile network information.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the App and its cognitive regulation features.
• Power the KAIROS engine’s real-time cognitive load assessments and personalized recommendations.
• Generate AI-powered insights about your wellness patterns.
• Send you technical notices, updates, and support messages.
• Monitor and analyze usage trends to improve the user experience.

3. Data Storage and Security

Your data is stored using industry-standard encryption both in transit and at rest across our infrastructure (MongoDB, Supabase/PostgreSQL). Authentication tokens are stored using expo-secure-store on your device. We use commercially reasonable administrative, technical, and physical security measures to protect your personal information, aligned with HIPAA best practices.

4. Sharing of Information

We do not sell, trade, or rent your personal information to third parties. We may share information in the following situations:

• Service Providers: With third-party vendors who assist in operating the App (e.g., AWS, Firebase, OpenAI), subject to strict data protection agreements.
• Legal Requirements: When required by law, regulation, or legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

5. Your Rights and Choices

You may access, update, or delete your account information at any time through the App’s Profile settings. You may request a complete export or deletion of your data by contacting us at privacy@prjctlazrus.com.

6. Children’s Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information promptly.

7. Third-Party Services

The App integrates with third-party services including OpenAI (GPT-4), Amazon Web Services, Firebase, and Supabase. Each service operates under its own privacy policy. We encourage you to review their privacy policies.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Effective Date” above.

9. Contact Us

If you have questions about this Privacy Policy, please contact us at:

privacy@prjctlazrus.com