Privacy Policy

Effective date: 2026-02-28

This Privacy Policy explains how Heron (operated by w32r) collects, uses, and protects information when you use our service. By using Heron, you agree to the practices described here.

1. Information We Collect

We collect the following categories of information:

• Account data: Email address and authentication identifiers used to create and manage your account.
• Profile and preference data: Settings, language preferences, and persona configurations you provide within the product.
• Usage data: Records of runs, actions, feature interactions, and reply history generated while using the service.
• Payment data: Transaction records processed through our payment provider (Stripe). We do not store raw card numbers; payment details are handled directly by Stripe.
• Technical data: IP addresses, browser type, device identifiers, and error logs collected automatically to maintain service reliability and security.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Heron service.
• Personalize the product experience based on your preferences and usage patterns.
• Process payments and manage access entitlements.
• Communicate with you about your account, updates, and support requests.
• Detect, investigate, and prevent abuse, fraud, and security incidents.
• Analyze aggregate usage trends to improve product quality and reliability.

We do not sell your personal information to third parties. We do not use your content to train AI models for purposes outside of delivering and improving the Heron service.

3. Data Sharing

We share data only as necessary to operate Heron, and only with:

• Infrastructure providers: Cloud and database services (such as Cloudflare) used to store and process data.
• Payment processor: Stripe, for payment processing and fraud prevention.
• AI model providers: Third-party LLM APIs used to generate content suggestions. Data shared is limited to what is necessary to complete a specific request.
• Email providers: Used to send transactional emails (account confirmations, notifications).

All third-party providers are bound by appropriate data processing agreements and are required to protect your information.

4. Cookies and Local Storage

Heron uses browser local storage and session storage to maintain authentication state, store user preferences (such as language settings), and improve the product experience. We do not use third-party advertising cookies or cross-site tracking.

5. Data Retention

We retain your data for as long as your account is active and as needed to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. When you request account deletion, we will delete or anonymize your personal data within a reasonable timeframe, except where retention is required by law.

6. Data Security

We apply industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS), access controls, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.

If we become aware of a data breach that affects your personal information, we will notify you as required by applicable law.

7. International Data Transfers

Heron operates using infrastructure that may process data in multiple regions, including the United States and Europe. By using the service, you consent to the transfer of your information to these regions, which may have different data protection laws than your country of residence.

8. Your Rights

Depending on your location, you may have the right to:

• Access a copy of the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your personal data.
• Object to or restrict certain types of processing.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at team@heronai.one. We will respond within a reasonable timeframe and in accordance with applicable law.

9. Children's Privacy

Heron is not directed at children under the age of 13, and we do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 13, we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the effective date at the top of this page and, where appropriate, by sending an email notification. Continued use of the service after changes constitutes your acceptance of the updated policy.

11. Contact

For privacy-related questions or requests, please contact us at team@heronai.one.