Heard — Privacy Policy
Last updated: July 2026
Plain-English summary
- Your raw words are never shown to the other person in your session. Ever. Only a translated summary.
- We do not use your conversations to train AI models.
- We do not sell your data.
- We do not run ads inside Heard.
- We use a handful of trusted services (listed below) to make the product work. None of them train on your data.
- You can delete your data at any time.
The rest of this document covers the legal details required by US and EU privacy laws.
1. What we collect
From you when you create a session:
- Your name (whatever you tell us to call you)
- Your email address
- The other person's name and email
- Your description of the relationship type
- The private context you write about the situation
From the other party when they participate:
- Their email address (confirmation)
- Their intake conversation with the AI
From both parties during intake:
- The full intake conversation, stored for the duration of the session and synthesis
Operational data:
- IP address (for security and abuse prevention)
- Browser type and device info (basic operational logs)
- Session timestamps
We do not collect:
- Browsing activity outside Heard
- Tracking pixels or third-party advertising trackers
- Phone-book or contact-list data
- Location data beyond what's implied by IP
2. How we use it
We use the data above to:
- Provide the service: create sessions, run the AI intake, generate the synthesis, deliver results
- Send transactional emails (invite, results ready, password reset)
- Process payments (via Stripe; see subprocessors below)
- Detect abuse, fraud, and misuse
- Comply with legal obligations
We do not:
- Use your conversations to train AI models
- Sell or rent your data to anyone, ever
- Share your data with advertisers
- Combine your data with third-party data brokers
3. Who sees what
The other person in your session:
- Sees the synthesized letter we generate based on your intake. They do NOT see your raw words.
- Sees the shared summary (which is neutral and does not quote either party).
- Sees the suggested next steps.
You:
- See your own intake transcript.
- See the synthesized letter from the other party.
- See the shared summary and next steps.
Us (Heard employees):
- May review session content only when investigating an abuse report, responding to a legal subpoena, or with your explicit consent for support. Routine operations do not involve human review of session content.
AI subprocessor (Anthropic):
- Processes intake messages and synthesis content to generate AI responses.
- Per Anthropic's API terms, does not train models on this content.
- Retains data in accordance with Anthropic's data retention policy (currently 30 days for abuse monitoring).
4. Subprocessors
We use the following third-party services. Each has been chosen for its privacy track record:
- Anthropic (AI model provider; processes intake and synthesis)
- Vercel (hosting and database)
- Upstash / Vercel KV (session storage)
- Resend (transactional email)
- Stripe (payment processing, when applicable)
- ElevenLabs (text-to-speech for audio playback, when enabled)
We update this list when we add or remove subprocessors. Material additions are disclosed at least 14 days in advance via email to active subscribers.
5. Data retention
- Active sessions: Retained as long as you have a Heard account, or 30 days after session completion, whichever is shorter.
- Synthesized letters: Retained for 30 days after synthesis to allow re-access. After that, only the shared summary and next steps may be retained.
- Account data: Retained while your account is active. Deleted within 30 days of account closure.
- Billing records: Retained for the duration required by tax and accounting law (typically 7 years).
- Logs: Operational logs retained for up to 90 days for security purposes.
You can request deletion of session content at any time via the settings page or by emailing privacy@feelheard.app.
6. Your rights
Depending on where you live, you may have rights under privacy laws including the GDPR (EU/UK), CCPA (California), and similar statutes elsewhere. These typically include:
- Right to access: Get a copy of the data we have about you.
- Right to deletion: Delete your data (subject to legal retention requirements).
- Right to correction: Correct inaccurate data.
- Right to portability: Export your data in a portable format.
- Right to object: Object to certain types of processing.
- Right to opt out of sale: Not applicable since we do not sell data.
To exercise any of these rights, email privacy@feelheard.app. We respond within 30 days.
7. Children's privacy
Heard is not for users under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has used Heard, please contact us and we will delete the account.
8. Security
We use industry-standard practices: encryption in transit (HTTPS), encryption at rest where applicable, scoped access controls, and regular review of subprocessors. No system is perfectly secure. We disclose material security incidents promptly to affected users and applicable regulators.
9. International data transfers
Heard is operated from the United States. If you use Heard from outside the US, your data will be transferred to and processed in the US. For EU/UK users, we rely on the Standard Contractual Clauses for any necessary data transfers.
10. Cookies and analytics
We use minimal cookies and similar technologies. Specifically:
- Essential cookies (for authentication and session continuity)
- Analytics: We currently use [Vercel Analytics / Plausible — both privacy-respecting; no cross-site tracking, no IP storage]
- No advertising cookies, no Facebook pixel, no Google Ads tracking
You can clear cookies at any time. Doing so may sign you out of Heard.
<!-- DRAFT, updated 2026-06-24, for counsel to confirm before publishing. Only commit to the level of pushback Heard will actually undertake. -->
11. Law enforcement and legal requests
We comply with valid legal process (subpoenas, court orders, and search warrants). We do not voluntarily hand over your content; a lawful order is required. When we receive such a request:
- We object to requests that are improper, overbroad, or invalid, to the extent we reasonably can, before producing anything.
- We notify the affected user before complying, unless we are legally prohibited from doing so (for example, by a gag order), so you have the chance to respond.
- We produce only what is specifically required, never more.
The strongest protection is that we keep as little of your raw content as possible. Anonymous conversations are automatically deleted after 30 days, you can delete your content sooner, and we minimize what is stored, so in most cases there is very little that could ever be produced. Heard is a private tool to help you communicate, not a legal record, and it is not designed to create evidence for court or mediation.
12. Changes to this policy
Material changes will be notified by email at least 14 days before they take effect. Minor clarifications may be made without notice.
13. Contact
privacy@feelheard.app for all privacy questions, deletion requests, or data access requests.
Mailing address: [Heard mailing address at time of launch]
---
This Privacy Policy was drafted in plain language. It is not a substitute for review by qualified legal counsel. Have an attorney review before public launch.
Questions about any of this? Reach us at hello@feelheard.app.