Legal
Last updated: March 2026
We collect: account information (email address, password hash), identity verification status (Persona verifies your ID — Heidi stores only the result, never your document), session data (dates, times, locations, check-in status), boundary agreement preferences, emergency contact information (stored securely, accessed only in safety incidents), and messages sent through the platform.
We use your information to: match you with vetted providers, maintain session safety records, send service-related communications, respond to safety incidents, comply with legal obligations, and improve the platform. We do not sell your personal data to third parties. We do not use your data for advertising.
Location information is used only during active sessions or when the 'I need help' button is activated. Session check-in data, messages, and boundary agreements are retained for 7 years for safety audit and legal compliance purposes. Emergency contact information is stored encrypted and never shared with providers.
All in-app messages are monitored for safety. Messages containing flagged content (phone numbers, external platform names, or prohibited terms) are held for operator review. Message logs are retained per our data retention policy.
We share data with: Persona (identity verification), Checkr (provider background checks), Stripe (payment processing), Stream (in-app messaging), and Expo (push notifications). We may disclose data to law enforcement when required by law or when we believe disclosure is necessary to prevent harm.
You may request access to, correction of, or deletion of your personal data at any time by contacting privacy@pleaseheidi.com. Account deletion requests are processed within 30 days. Note: data required for legal compliance or active safety investigations may be retained regardless of deletion requests.
Active account data is retained while your account is open. Following account deletion, most data is removed within 30 days. Safety-related records (incident reports, flagged messages, boundary agreements) are retained indefinitely per our safety obligations.
All data is encrypted at rest and in transit. Location addresses and emergency contacts are encrypted with additional key management. We use Row Level Security on all database tables to ensure data isolation between users.
For privacy questions or data requests, contact privacy@pleaseheidi.com.