Privacy Policy

Hearth is a product of SURJ Media LLC, a limited liability company ("we," "us," or "our").SURJ Media LLC operates the family organizer application available at hearthfamilyplanner.com ("the Service"). This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and the choices you have.

By creating an account or using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

Summary of key commitments:

• We do not sell your personal data — ever.
• We do not show you ads or use your data for advertising.
• Google Calendar data is used solely to provide the two-way calendar sync feature you explicitly enable.
• You can export or delete all your data at any time from account settings.
• Family data (names, events, lists, meals) is stored encrypted at rest in the United States.

We collect the minimum data necessary to operate the Service.

2.1 Account & Identity Information

• Email address — used for login, account recovery, and transactional emails (invitations, reminders).
• Display name — shown to other household members.
• Encrypted password — stored as a secure hash by Supabase Auth; we never see your plaintext password.

2.2 Household & Family Data

• Household name — the name you choose for your family group (e.g., "The Smith Family").
• Member email addresses — email addresses you enter to invite family members. We send a one-time invitation email and do not contact invitees for any other purpose.
• Calendar events — titles, dates, times, descriptions, locations, color labels, and locked status for events you create in the shared calendar.
• Lists & list items — names, items (including checked/unchecked status), and categories for grocery lists, to-do lists, and other shared lists.
• Meal plans & saved meals — weekly meal plan assignments, saved meal names, descriptions, and ingredients.

2.3 Google Account Data

When you choose to connect Google Calendar, we receive a limited set of data from Google. See Section 3 for full details.

2.4 Payment Information

• Payment card data is collected and processed directly by Stripe, Inc. — we never see or store your full card number, CVV, or billing address on our servers.
• We store a Stripe Customer ID and your subscription status (active, trialing, canceled, past due) to enforce access to the Service.

2.5 Technical & Usage Data

• IP address, browser type, and device type — collected automatically by our hosting provider (Vercel) in standard server access logs, retained for up to 30 days for security and debugging.
• Session tokens — stored in secure HttpOnly cookies to keep you signed in.
• We do not deploy third-party analytics scripts (no Google Analytics, Mixpanel, or similar trackers).

Hearth optionally integrates with the Google Calendar API to provide two-way calendar synchronization. This section describes how we handle data received from Google in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

3.1 What We Access

When you connect your Google account, we request the following OAuth scopes:

• https://www.googleapis.com/auth/calendar.events — read and write calendar events on your behalf, so Hearth events appear in your Google Calendar and vice versa.
• https://www.googleapis.com/auth/userinfo.email — verify which Google account you authorized (so we can associate the connection with your Hearth account).

3.2 What We Store from Google

• OAuth access token and refresh token — stored encrypted in our database, used to call the Google Calendar API on your behalf. Tokens are never exposed to other household members or third parties.
• Google Calendar event data — event titles, dates, times, descriptions, and locations that are synced between your Google Calendar and the Hearth shared calendar.

3.3 Limited Use Commitment

Hearth's use of data received from Google APIs is subject to and consistent with the Google API Services User Data Policy. In particular:

• Google user data is used only to power the two-way calendar sync feature you explicitly enable — not for any other purpose.
• We do not sell, rent, or share Google user data with third parties.
• We do not use Google user data for advertising, profiling, or tracking.
• We do not allow humans to read your Google Calendar data except with your explicit permission (e.g., for debugging a sync issue you report to us) or as required by law.
• We do not transfer Google user data to other parties except as necessary to provide the calendar sync feature (e.g., writing events back to your own Google Calendar).

3.4 Revoking Access

You can disconnect Google Calendar at any time from Settings → Integrations. When you disconnect, we immediately delete your stored OAuth tokens. You can also revoke access directly from your Google Account permissions page. Revoking access stops all future syncing; events already synced remain in both calendars unless you manually delete them.

We use the data we collect to:

• Provide the Service — create and manage your household, sync calendar events, share lists in real time, and display meal plans.
• Authenticate you — verify your identity when you sign in and refresh your session securely.
• Send transactional emails — household invitations, password reset links, and subscription receipts. We do not send marketing emails without your explicit opt-in.
• Process payments — manage your subscription status, trial period, and billing through Stripe.
• Sync with Google Calendar — only if you explicitly connect your Google account.
• Enforce access controls — ensure only members of your household can view your family data; enforce admin-only features like locking events.
• Improve reliability and security — diagnose errors, investigate abuse, and protect the Service.
• Comply with legal obligations — respond to lawful requests from courts or regulatory authorities.

Legal bases (for GDPR purposes): We process your data on the basis of (a) contractual necessity — to deliver the Service you subscribed to; (b) legitimate interests — to operate and improve the Service and prevent fraud; and (c) your consent — for optional features such as Google Calendar integration and marketing communications.

We do not sell, rent, or trade your personal data. We share data only in these limited circumstances:

• With household members you invite — display names, calendar events, lists, and meal plans are shared with members of your household by design. You control who is invited.
• With service providers — we use a small set of sub-processors (listed in Section 6) who process data only on our behalf and under strict confidentiality obligations.
• For legal compliance — if required by law, court order, or to protect the safety of our users or the public. We will notify you if legally permitted to do so.
• Business transfers — if Hearth is acquired or merges with another entity, your data may be transferred. We will notify you by email at least 30 days before any such transfer and give you the option to delete your account.

The following sub-processors may handle your personal data on our behalf:

Each sub-processor is bound by data processing agreements and their own privacy policies. We encourage you to review their privacy practices.

• Active accounts — we retain all personal data for as long as your account is active or as needed to provide the Service.
• Canceled subscriptions — after you cancel, your account data is retained for 30 days to allow reactivation, then permanently deleted.
• Account deletion — if you delete your account from Settings, all your personal data and household data is permanently deleted within 30 days. Deletion of the household admin account deletes the entire household and all member data.
• Google OAuth tokens — deleted immediately when you disconnect Google Calendar or delete your account.
• Stripe data — Stripe retains payment records for their own legal and regulatory obligations; we delete our reference to your Stripe Customer ID upon account deletion.
• Server logs — Vercel access logs are retained for up to 30 days.
• Exported data — you can download a copy of your calendar (.ics) and lists (.csv) at any time from Settings → Export Data.

The Service is intended for adults (18 years of age and older). We do not knowingly collect personal data from children under 13 years of age. If you are under 13, please do not use the Service or provide any personal information.

We understand that parents use Hearth to manage family schedules that may include children's names, events, and activities. This information is entered by adult household members to organize family life — Hearth does not directly collect data from or market to children. We do not build behavioral profiles of children, and children's information is subject to the same security and deletion protections as all other household data.

If you believe we have inadvertently received personal data from a child under 13 without verifiable parental consent, please contact us at privacy@hearthfamilyplanner.com and we will promptly delete it.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — update inaccurate or incomplete data (you can update most profile information directly in Settings).
• Deletion / Right to be forgotten — request deletion of your personal data. You can delete your account from Settings, which triggers immediate data deletion.
• Data portability — export your calendar (.ics) and lists (.csv) from Settings → Export Data at any time.
• Restriction of processing — request that we limit how we process your data in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — for consent-based processing (e.g., Google Calendar integration), withdraw consent at any time by disconnecting the integration.

California residents (CCPA / CPRA)

California residents have additional rights including the right to know categories of personal information collected, the right to opt-out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising privacy rights. To submit a verifiable consumer request, contact us at privacy@hearthfamilyplanner.com.

EEA / UK residents (GDPR / UK GDPR)

If you are located in the European Economic Area or United Kingdom, you have rights under GDPR including the rights listed above. You also have the right to lodge a complaint with your local supervisory authority if you believe we have processed your data unlawfully. To submit a request, contact us at privacy@hearthfamilyplanner.com. We will respond within 30 days.

We implement industry-standard security measures to protect your personal data:

• Encryption in transit — all data is transmitted over HTTPS/TLS.
• Encryption at rest — all data is stored encrypted at rest in Supabase's PostgreSQL database (AES-256).
• Row-level security — database-level policies ensure household members can only access their own household's data, enforced at the database layer, not just the application layer.
• OAuth token security — Google OAuth tokens are stored encrypted and never returned to the browser.
• Password hashing — passwords are hashed using bcrypt and never stored in plaintext.
• Session management — sessions use secure, HttpOnly cookies with short expiration windows and automatic refresh.

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to security@hearthfamilyplanner.com.

Hearth uses only essential cookies necessary to operate the Service:

• Session cookies — to keep you signed in across page loads. These are secure, HttpOnly cookies that expire when your session ends or after 7 days of inactivity.
• CSRF protection tokens — to prevent cross-site request forgery attacks.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not use fingerprinting or any other tracking technology to follow you across websites.

Hearth is operated from the United States. Our servers are located in the United States. If you access the Service from outside the United States, your personal data will be transferred to and processed in the United States, which may have different data protection laws than your country.

For users in the EEA and UK, we rely on Standard Contractual Clauses (SCCs) as the mechanism for lawful transfer of personal data to the United States. Our sub-processors (including Supabase, Vercel, and Resend) maintain appropriate transfer mechanisms for international data transfers.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

• Sending an email to the address associated with your account at least 14 days before the changes take effect.
• Displaying a notice in the app at login.

Continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. The "Last updated" date at the top of this page always reflects the most recent revision.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to privacy requests within 30 days. For urgent account deletion requests, you can also delete your account directly from Settings → Account → Delete Account, which takes effect immediately.