Privacy policy
HELAÜLOOM© respects your privacy. This policy describes how HELAÜLOOM© collects, uses, and protects your information (GDPR and CCPA aligned).
What we collect. Account details, vault content you choose to store, audit logs of access and changes, and payment metadata processed by Stripe.
Encryption. Vault content is encrypted at rest with AES-256-GCM. Data in transit uses TLS. Offline exports are encrypted bundles you control with your environment key.
How we use data. To operate the service, send notifications you request, score vault completeness, detect unusual access patterns, and comply with law.
Your rights. You may export, correct, or delete your account and associated data subject to our data retention policy.
Sub-processors. We use the following sub-processors to operate HELAÜLOOM. Each is contractually bound to protect your data and only process it for the stated purpose.
Stripe (payment processing) · AWS S3 / Cloudflare R2 (encrypted vault file storage) · Resend (transactional email delivery) · Inngest (background job processing, including unlock automation and capsule delivery) · Sentry (error monitoring; vault content is never sent) · Upstash Redis (rate limiting) · OpenAI (voice-note transcription for oral history, when you use that feature) · Calendly (scheduling for remote online notarization or concierge sessions, when you book one) · Printful (fulfillment and shipping for physical Heirloom items, when you order one) · FingerprintJS (device signals used for fraud and abuse prevention).
Contact: privacy@helauloom.com