Heartbox Privacy Policy

Last updated: 13 July 2026

Heartbox ("Heartbox", "we", "us") makes personalized, illustrated bedtime storybooks in which your child is the hero. This policy explains what information the app handles, how it is used, and the choices you have. Heartbox is a parent-facing app: an adult sets it up and uses it on the child's behalf.

The short version. Heartbox does not use photos of your child. Your books are stored only on your device. We do not use advertising, we do not track you across other apps or websites, and we include no third-party analytics. The only information that leaves your device is the child's first name and chosen appearance (to create the story and pictures) and, if you buy something, your purchase through the app store.

1. Information we handle

We do not collect photos or video, precise or approximate location, contacts, health data, browsing history, or advertising identifiers. Heartbox has no user accounts, and in this version we do not ask for an email address.

2. How the information is used

We do not use any of this information for advertising, profiling, or tracking.

3. Where the information goes (service providers)

We do not sell your information, and we do not share it with advertisers.

4. Storage and retention

Your finished books, hero, and any exported PDFs are stored only on your device. We keep no copy on our servers. Deleting a book, or deleting the app, permanently removes that content from your device, and there is no server copy for us to retain. The information sent for generation is processed transiently and is not stored as a lasting record on our side.

5. Children's privacy

Heartbox is designed for a parent or guardian to use for a child. Because the app uses an illustrated avatar rather than a photo, and stores content on your device, it is built to minimize data about children. The first name and appearance choices you provide are used only to create the story and are not used to build a profile, to track, or to advertise. Access to purchases and to any link that leaves the app is placed behind a parental gate. If you believe a child has provided information you did not intend, delete the relevant book or the app, or contact us and we will help.

6. Your choices and rights

7. Security

Information in transit is protected with HTTPS. The anonymous identifier is held in your device's secure storage (Keychain/Keystore). Because your books stay on your device, they are protected by your device's own security.

8. Changes to this policy

We may update this policy as the app evolves. Material changes will be reflected here with a new "last updated" date.

9. Contact

Questions about this policy or your information: privacy@heartbox.app.

Draft for review. This document reflects how the current app version handles information. Confirm the operating legal entity, the contact address, and any region-specific disclosures (e.g. US state privacy laws, UK/EU GDPR, COPPA) with qualified counsel before publishing.