Privacy Policy

Hesed.love takes the privacy of our users — and especially of children who use our Service — seriously enough to build it into the architecture, not just promise it in a policy. This Privacy Policy explains what we collect, what we don't, and how we use, store, and protect your information.

This policy applies to the Hesed.love coaching application and related services operated by Ayodeji Samuels and Lizzy Samuels (sole proprietors), doing business as Hesed.love, based in Calgary, Alberta, Canada.

1. The short version

• We do not store the content of your coaching conversations. Our server logs only metadata (timestamps, hashed user IDs, model name, token counts). The text of what you ask the Coach and what it replies stays in your browser or on your device.
• We do not use your content to train AI models. Ever.
• We do not sell your data, share it for advertising, or run analytics that profile you.
• Children's data gets extra protection. A child's journal entries and Coach conversations are private by default — even from their parent. The parent receives wellbeing flags, not message text.
• You can export everything and delete everything. Both are one click from Settings.

2. Information we collect

Account information

When you sign up, we collect your email address. That's it for required information. You can optionally add your name and a profile photo.

Family profile information

When you set up child sub-accounts on a Family plan, we store the information you enter during onboarding: child's name (or chosen name), age, school name and location, current grade, curriculum board, the tracks you've enabled, and the goals you've set together. This information is necessary to make the Coach school- and child-specific.

Coaching message metadata (not content)

Each time you or a member of your family uses the Coach, our proxy server records: timestamp, a hashed user identifier (the SHA-256 of your email, truncated), the model name (e.g. claude-sonnet-4-6), the HTTP status of the call, the elapsed latency, and the token counts returned by Anthropic. We do not log the text of your message, the text of the Coach's reply, or any system prompt content.

Usage analytics

Aggregate, privacy-respecting analytics — what pages get visited, what features get used, how many sessions per week — are collected via Plausible Analytics (cookieless, GDPR-friendly, no individual user tracking). No personally identifiable information leaves your browser through analytics.

Payment information

If you subscribe to a paid plan, payment is handled by Stripe. We do not see, store, or process your card number. Stripe stores card data on PCI-compliant infrastructure. We receive only your billing email, subscription status, and the last four digits of your card for reference.

Voice recordings (for voice clones)

If you choose to create a voice clone of yourself, we collect the audio sample you record. That recording is uploaded to ElevenLabs to train a private voice model that only your account can use. We do not share your voice clone with anyone else. You can delete your voice clone at any time from Settings.

Uploaded documents (report cards, school letters)

When you upload a report card for the Coach to read, the image or PDF is processed for grade extraction. The structured grades are stored in your child's Tracker. The original image is stored in your account's Document Library only if you ask to keep it; otherwise it is discarded after processing.

3. What we do not collect

• We do not log or store the text of your coaching prompts or the Coach's responses.
• We do not collect your home address (we collect your billing address only if Stripe requires it for sales tax).
• We do not access your contacts, your calendar, or any data outside the Service.
• We do not track you across the web. We do not embed third-party trackers or advertising pixels.
• We do not request unnecessary permissions on your device.

4. How we use the information we do collect

We use your information solely to provide and improve the Service:

• To deliver Coach responses (by forwarding your prompt to Anthropic's API and streaming the reply back to your browser);
• To meter your daily message usage against your free-tier cap or paid plan;
• To send you transactional emails — sign-in codes, receipts, and important account notices;
• To detect safety concerns in children's accounts (wellbeing flags — see Minors Safety);
• To bill you for paid plans, via Stripe;
• To respond to your support requests when you email us;
• To debug, monitor, and improve the Service in aggregate, never by reading individual conversations.

5. Who we share your information with

We use a small number of trusted sub-processors to run the Service. Each is bound by its own privacy and security commitments:

• Anthropic (San Francisco, USA): receives your coaching prompts via our proxy, returns the Coach's reply. Anthropic does not retain your prompts to train models (per their API terms). We have committed to Anthropic's Guidelines for Organizations Serving Minors.
• ElevenLabs (USA): hosts your voice clone if you create one; receives audio-generation requests.
• Resend (USA): delivers transactional email (sign-in codes, receipts).
• Stripe (USA/Canada): processes payments and stores card data on PCI-compliant infrastructure.
• Cloudflare (USA, with EU regions available): hosts the proxy, the website, and our DNS; routes inbound email; provides SSL certificates.

We do not sell, rent, or otherwise share your personal information for marketing or advertising.

We may disclose information if compelled by a valid legal process (subpoena, court order). Where the law permits, we will give you advance notice so you can challenge the request.

6. International transfers

Our sub-processors are primarily based in the United States. By using the Service, you understand that your account information and metadata may be transferred to and processed in the United States and other countries. For EU and UK users, we rely on Standard Contractual Clauses where applicable to provide an adequate level of protection.

7. Children's privacy

Hesed.love is directed at minors with verifiable parental consent. Children under 13 in the US are protected by COPPA; we follow COPPA's requirements. UK children are protected by the ICO's Children's Code (Age Appropriate Design Code); we follow its requirements. EU children are protected by GDPR-K; we follow its requirements. Our full posture is described on the Minors Safety page.

Children's journal entries and Coach conversations are private by default — they are not visible to the parent. Parents see goal progress and wellbeing flags (see Minors Safety), not the raw text of their child's conversations.

8. Cookies

Hesed.love does not set tracking cookies. We use only essential cookies required for the Service to function (sign-in session, preference storage). Stripe checkout, when active, may set cookies subject to Stripe's own policy.

9. Data retention

Account information and family profiles are retained while your account is active. If you cancel a paid subscription, your account is paused for 90 days (so you can resubscribe without losing your history), then permanently deleted unless you request immediate deletion.

Coaching message metadata (timestamps, hashed user ID, token counts) is retained for 90 days for billing reconciliation, then deleted.

Voice clones are retained until you delete them or until 30 days after account deletion, whichever comes first.

10. Your rights

You have the right to:

• Access the personal information we hold about you;
• Correct any inaccurate information;
• Export your data in a portable format (JSON) from Settings;
• Delete your account and your data;
• Restrict or object to certain processing;
• Withdraw consent (especially relevant for voice clones and child accounts);
• Lodge a complaint with your local data protection authority — in Canada, the Office of the Privacy Commissioner; in the UK, the Information Commissioner's Office; in the EU, your national authority.

To exercise any of these rights, use the relevant control in Settings or email [email protected]. We respond within 30 days.

11. Security

We use industry-standard technical and organisational measures to protect your information — TLS in transit, encrypted storage at rest, hashed user identifiers, secrets stored in Cloudflare's encrypted secret store, restricted access to operational systems. No system is perfectly secure; if a security incident affects your data, we will notify you and the relevant data protection authority promptly, in line with our legal obligations.

12. Changes to this Policy

If we make material changes, we will give you at least 30 days' notice by email and post the updated Policy here with a new "Last updated" date.

13. Contact & data protection

For any privacy question, request, or complaint: [email protected].

Hesed.love · Calgary, Alberta, Canada.