← Back to Heirloom

Heirloom Privacy Policy

Effective June 07, 2026. Last Revised June 07, 2026.

1. Information We Collect

Heirloom is a lightweight operating system for co-ops, shared-ownership teams, collectives, founder-support programs, and human-centered organizations. We collect information needed to provide, secure, maintain, and improve Heirloom.

a. Information you provide to us: We may collect your name, email address, profile information, organization or Loom information, messages, posts, tasks, proposals, comments, decisions, documents, files, support requests, and other content you submit through Heirloom.

b. Information we collect automatically: We may collect device and browser information, IP address, log data, pages viewed, feature usage, error reports, and cookie or similar tracking information used for authentication, security, analytics, and product improvement.

c. Information from third-party integrations: If you choose to connect a third-party service, including Google, we may collect or process information from that service only after you authorize the connection.

2. Google User Data

If you choose to connect your Google account to Heirloom, we may access or process Google user data only after you authorize access through Google OAuth. Heirloom only requests Google permissions needed to provide the user-facing Google integration features you choose to use.

Depending on the Google features you enable, Heirloom may access, collect, or interact with the following types of Google user data:

  • Google account information: your name, email address, profile image, Google account identifier, and OAuth consent details.
  • Google Calendar data: calendar names, event titles, event descriptions, dates, times, attendees, locations, recurrence details, meeting links, event status, and related calendar metadata needed to display, sync, create, or update calendar-related information inside Heirloom.
  • Google Drive data, if enabled: file names, file IDs, file metadata, folder metadata, MIME types, timestamps, and the contents of files you choose to import, attach, or make available inside Heirloom.
  • Connection data: OAuth tokens, refresh tokens, granted scopes, connection status, sync status, sync logs, and error logs needed to keep the integration working securely.

Heirloom's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. How We Use Information

We use information to provide, maintain, secure, and improve Heirloom. This includes using information to:

  • Create and manage your account.
  • Authenticate users and protect account access.
  • Provide Loom workspaces and collaboration features.
  • Show tasks, proposals, documents, decisions, comments, messages, and related activity.
  • Sync, display, create, or update Google Calendar information when you connect Google Calendar.
  • Import, attach, display, or organize Google Drive files when you choose to use Google Drive features.
  • Maintain the third-party integrations you authorize.
  • Send product, security, account, and support communications.
  • Provide customer support.
  • Debug issues, monitor service performance, and improve product reliability.
  • Detect, prevent, and respond to fraud, abuse, security incidents, or technical problems.
  • Comply with legal obligations.

We do not sell Google user data. We do not use Google user data for targeted advertising, retargeting, personalized ads, data broker services, credit-worthiness decisions, lending purposes, or unrelated marketing. We do not use Google user data to train generalized AI models.

4. How We Share Information

We share information only as needed to provide Heirloom, operate the service, comply with law, or protect users.

  • With other users in your Loom: Content you submit to a Loom may be visible to other members of that Loom depending on the Loom's permissions, roles, and settings. For example, tasks, proposals, comments, documents, decisions, and workspace activity may be visible to authorized members.
  • With your direction or consent: We may share information when you direct us to do so, such as when you connect an integration, import a file, invite a member, or make content available in a Loom.
  • With service providers: We may share information with trusted providers that help us operate Heirloom, such as hosting providers, database providers, authentication providers, email providers, analytics providers, monitoring tools, and security vendors. These providers may process information only to help us provide, secure, and improve Heirloom.
  • For legal and safety reasons: We may disclose information if necessary to comply with law, legal process, or government requests; enforce our terms and policies; protect the rights, safety, and security of Heirloom, users, or the public; or investigate fraud, abuse, or security issues.
  • Business transfers: If Heirloom is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction. Where required, we will provide notice and obtain consent before transferring Google user data.

Google user data is only shown inside Heirloom when needed for the feature you enabled, such as showing a synced calendar event or an imported file in the relevant workspace.

5. How We Store and Protect Information

We use reasonable administrative, technical, and organizational safeguards to protect information from unauthorized access, disclosure, alteration, or destruction.

  • Encryption in transit.
  • Encryption or secure storage for sensitive credentials and tokens.
  • Server-side access controls.
  • Role-based permissions.
  • Limited employee or contractor access.
  • Logging and monitoring.
  • Secure credential handling.
  • Separation of Loom data by workspace permissions.
  • Ongoing review of security practices as the product evolves.

Google OAuth tokens and integration credentials are stored securely and are used only to provide the Google integration features you authorize.

No system is perfectly secure, but we work to protect information using practices appropriate for the nature of the data and the size of the service.

6. Data Retention and Deletion

We retain information for as long as needed to provide Heirloom, maintain security, comply with legal obligations, resolve disputes, and enforce agreements.

For Google user data:

  • If you disconnect your Google account, we will stop using new Google data from that connection.
  • We will delete or de-identify stored Google OAuth tokens and integration credentials after disconnection, unless retention is required for security, legal, or backup purposes.
  • Cached Google integration data will be deleted or de-identified when it is no longer needed for the feature you enabled.
  • Content you intentionally import, attach, save, or share inside a Loom may remain in that Loom until you or an authorized Loom administrator deletes it, unless deletion is required by law or policy.

You may request deletion of your account or personal information by contacting us at heirloom.connect@gmail.com. Some information may remain in backups, logs, security records, or legal records for a limited period where necessary for security, fraud prevention, compliance, or legitimate business operations.

7. Your Choices and Controls

You may control certain information and account settings through Heirloom or by contacting us.

  • Update account information where available.
  • Disconnect Google integrations.
  • Delete or request deletion of certain content.
  • Request account deletion.
  • Adjust browser cookie settings.
  • Opt out of non-essential promotional communications.

Disconnecting a Google integration may limit or disable features that depend on that integration.

8. Cookies and Analytics

We may use cookies and similar technologies to keep you signed in, secure the service, remember preferences, understand product usage, improve performance, and diagnose technical issues. You can control cookies through your browser settings, but disabling cookies may affect core functionality.

9. Children's Privacy

Heirloom is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete it. Where Heirloom requires users to be older than 13 or 18 for certain features, users must meet those requirements to use the service.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and may provide additional notice through the service or by email. If we materially change how we use Google user data, we will update this Privacy Policy and obtain any consent required before using Google user data in a new way.

11. Contact Us

If you have questions about this Privacy Policy or want to request access, correction, deletion, or disconnection of your data, contact us at:

Heirloom
heirloom.connect@gmail.com