Legal

Privacy policy.

Last updated: 12 May 2026.

Hearth exists so families can quietly look out for each other. That only works if you trust us with a small amount of personal information. This page explains what we collect, why, and what you can do about it. Plain English, no small print, no surprises.

A note while we get organised The company details, ICO registration number, and registered office address below are placeholders. They'll be replaced before Hearth opens to the public.

Who we are

Hearth is operated by {Hearth Ltd}, a company registered in England and Wales (company number {00000000}), with a registered office at {address}. We're registered with the Information Commissioner's Office under reference {ICO number}.

Under UK data-protection law we are the "controller" of personal information you share with us. You can reach us by email at [email protected].

What we collect

Hearth has two kinds of user: trusted people (the ones looking out) and the members they look out for. We collect different things from each.

From trusted people

Your email address, used to sign in via a magic link.
A name you choose to display to the circle.
Records of when you sign in and the browser or device you used.
Anything you submit through the app: the circle name, invite codes you create, the home address you set as a reference point, and your acknowledgements of help requests.

From members

A name and an optional relationship label (such as Mum, Friend or Resident) entered when you're invited.
Your device's approximate location while the app is open, used to detect arriving home or leaving home. Location is processed against the home set for your circle, not stored as a continuous trail.
The "I'm OK" check-ins you tap and any help requests you raise.

From everyone

Basic technical data when you use the site or app: IP address, user-agent string, and the pages you visited. Used to keep the service running and spot abuse, not to profile you.
Anything you tell us directly when you email support.

Why we collect it (and the lawful basis)

Each piece of information has a job to do. We don't keep things "just in case".

To provide the service. Email, names, family membership, check-ins, and home location all exist to make Hearth work. Lawful basis: contract (UK GDPR Article 6(1)(b)).
To process location. Members give explicit permission inside the app before we read their device's location. Lawful basis: consent (Article 6(1)(a)). You can withdraw it any time by turning off location permission on your device.
To keep the service safe. Sign-in logs, IP addresses, and similar technical data are used to spot fraud, abuse, or attacks. Lawful basis: legitimate interests (Article 6(1)(f)) in keeping families safe from misuse.
To meet our legal obligations. We may have to keep records for tax, accounting, or in response to lawful requests from authorities. Lawful basis: legal obligation (Article 6(1)(c)).

We never use your information to sell advertising and we don't share it with advertisers or data brokers. We never use it to train AI models.

How long we keep it

Account details (email, name, family membership) stay for as long as your account is open, plus 30 days after you delete it, in case you change your mind.
Location pings are kept for 30 days, then deleted. We only need recent data to detect arriving and leaving home.
Check-ins and help requests are kept for 12 months so your family can see recent history.
Sign-in and security logs are kept for 90 days.
Support emails are kept for 2 years, then deleted.

Who we share it with

We use a small set of trusted services to run Hearth. They process your information only on our instructions, under written contracts that meet UK GDPR requirements.

Resend sends our transactional emails (sign-in links, notifications). Resend's servers are in the United States. We rely on the UK extension to the EU-US Data Privacy Framework for that transfer.
Cloudflare routes traffic between you and our server. Cloudflare may briefly process IP addresses and request metadata to deliver and secure traffic.
OpenFreeMap and OpenStreetMap provide the map tiles and the lookup that turns coordinates into a place name like "Walmer, Kent". They receive the coordinates of homes you set, nothing more.
Our own server, currently hosted in the United Kingdom, stores everything else.

We will only share your information with anyone else if you ask us to, or if we're legally required to.

Cookies and similar storage

Hearth uses two small cookies and nothing else:

hearth_session — keeps a trusted person signed in. Expires after 30 days of inactivity.
hearth_member — keeps a member signed in on their device. Expires after a year.

Both are strictly necessary for the service to work, so we don't show a cookie banner asking you to agree to them. We don't use analytics cookies, tracking pixels, or third-party advertising tags.

Your rights

UK data-protection law gives you eight rights over the information we hold about you. You can:

Ask for a copy of what we hold (right of access)
Ask us to correct anything that's wrong (rectification)
Ask us to delete your information (erasure)
Ask us to stop processing it for a while (restriction)
Ask for your information in a portable file (data portability)
Object to processing where we rely on legitimate interests
Withdraw consent at any time, where consent is the basis
Not be subject to automated decisions; we don't make any

To exercise any of these, email [email protected]. We'll reply within 30 days. Account deletion is also available inside the app once you're signed in.

If you think we've got something wrong and we haven't put it right, you can complain to the Information Commissioner's Office at ico.org.uk/make-a-complaint or on 0303 123 1113.

Children and vulnerable adults

Hearth is for adults. You must be 18 or over to create an account that looks out for someone else. Members may be older adults or other people whose family, friends or carers are looking out for them. A trusted person invites a member, and the member chooses to install the app and tap "I'm OK" themselves. Hearth doesn't track anyone without their device's location permission.

If you have any concern that a member's account is being used to monitor someone without their knowledge or consent, email us at [email protected] and we'll act on it.

How we keep it safe

All connections to Hearth use TLS encryption. Passwords don't exist; we sign you in with a single-use link sent to your email. Cookies are HttpOnly so other websites and scripts can't read them. The database is encrypted at rest. Access to production systems is limited to a small number of people and is logged.

Changes to this policy

If we change anything material, we'll email you at the address on your account at least 30 days before the change takes effect. Small wording fixes will go live with a new "last updated" date at the top of this page.

Questions

Email [email protected]. A real person will reply.