Privacy Policy

1. Information We Collect

We collect information in the following categories:

Account Information. When you register, we collect your full name, email address, and password. If you register as an attorney, we also collect your bar number, jurisdiction, and professional credentials.

Estate Planning Information. During the intake questionnaire, we collect detailed personal and family information necessary to prepare your estate planning documents, including: names, dates of birth, addresses, marital status, information about children and dependents, beneficiary designations, asset descriptions, guardianship preferences, executor and trustee designations, healthcare directive preferences, and power of attorney designations. This may include information about third parties (such as your spouse, children, or beneficiaries) that you provide with their knowledge and consent.

Financial Information. We collect information about your assets and property for estate planning purposes (e.g., real estate, financial accounts, business interests). We do not collect or store credit card numbers or bank account details — all payment processing is handled directly by Stripe, our third-party payment processor.

Device and Usage Information. We automatically collect certain technical information when you visit the Platform, including your IP address, browser type, operating system, device identifiers, pages visited, referring URLs, and timestamps. This information is collected through cookies and similar technologies (see Section 7).

Communications. If you contact us via email or through the Platform, we retain the content of those communications along with your contact information.

2. How We Use Your Information

We use the information we collect to:

• Generate personalized estate planning documents based on your intake responses
• Facilitate attorney review, editing, and approval of your documents
• Provide AI-assisted document language customization and provision suggestions (see Section 3)
• Process payments and manage subscriptions
• Send transactional emails (payment confirmations, document readiness notifications, annual review reminders)
• Store your finalized documents in your secure document vault
• Provide trust funding guidance and checklists
• Respond to your inquiries and support requests
• Detect, prevent, and address technical issues, fraud, or security concerns
• Comply with legal obligations and enforce our Terms of Service
• Improve and maintain the Platform (in aggregate, de-identified form)

We will never sell your personal information to third parties. We do not use your personal information for targeted advertising.

3. AI and Automated Processing

HeirForge uses artificial intelligence (specifically, Anthropic’s Claude large language model) in two ways during document preparation:

Language Customization (Tier 1). After your documents are generated from legal templates, AI reviews designated sections to refine legal language for clarity and jurisdiction-specific accuracy. The AI operates only within marked zones of each document and is subject to strict validation rules that prevent alterations to names, monetary amounts, or critical legal terms.

Provision Suggestions (Tier 2). AI may suggest additional protective provisions for your estate plan based on your specific circumstances (e.g., digital asset provisions, pet care trusts, special needs considerations). These suggestions are additions only — AI never removes existing provisions. All suggestions are presented to your reviewing attorney, who decides whether to include them.

Every AI-generated modification or suggestion is reviewed by a licensed attorney before it appears in your final documents. AI does not provide legal advice — your assigned attorney exercises independent legal judgment.

We do not use your personal information or document content to train, fine-tune, or improve any AI models. Your data is transmitted to Anthropic solely for the purpose of processing your specific documents, subject to Anthropic’s data processing terms, which prohibit training on customer data.

4. How We Share Your Information

We share your information only as necessary to provide our services:

Reviewing Attorneys. Your estate planning information and generated documents are shared with your assigned licensed attorney for review, editing, and approval. This sharing is governed by your engagement agreement and protected by attorney-client privilege (see Section 5).

Service Providers. We use the following third-party service providers who process data on our behalf under contractual obligations to protect your information:

• Supabase — authentication, database hosting, and encrypted file storage
• Stripe — payment processing and subscription management (Stripe’s privacy policy governs payment data)
• Anthropic — AI-assisted document language customization (data is not used for model training)
• Resend — transactional email delivery
• Sentry — error tracking and application monitoring (receives technical data only, not document content)
• PostHog — product analytics for understanding how visitors navigate our platform (does not receive estate planning data or document content; IP addresses are anonymized; Do Not Track browser signals are respected)
• Vercel — frontend hosting and content delivery
• Cloudflare — DNS, DDoS protection, and CDN services

Legal Requirements. We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others. We will notify you of such requests where legally permitted.

Business Transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you before your information becomes subject to a different privacy policy.

We do not sell, rent, or lease your personal information to any third party.

5. Attorney-Client Privilege

HeirForge is a technology platform, not a law firm. However, our service model is designed to establish an attorney-client relationship between you and your assigned reviewing attorney.

Before Payment. Prior to signing the engagement agreement and completing payment, no attorney-client relationship exists. Information you provide during the free intake questionnaire is stored securely but is not protected by attorney-client privilege.

After Engagement. Once you sign the engagement agreement and complete payment, an attorney-client relationship is established with your assigned licensed attorney. From that point forward, your communications and documents created through the Platform are protected by attorney-client privilege to the fullest extent permitted by applicable law.

The engagement agreement, which you review and accept before payment, contains the full terms of the attorney-client relationship.

6. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

• Encryption of data at rest (AES-256) and in transit (TLS 1.2+)
• Row-level security (RLS) policies ensuring users can only access their own data
• Role-based access controls separating client, attorney, and administrator permissions
• Secure authentication with ES256 (ECDSA) JSON Web Tokens
• Rate limiting (60 requests per minute per IP) and DDoS protection
• Security headers (HSTS, CSP, X-Frame-Options)
• Documents stored in encrypted cloud storage with access logging

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will promptly notify affected users in the event of a data breach (see Section 12).

7. Cookies and Tracking Technologies

We use the following cookies and similar technologies:

Essential Cookies. Required for authentication, session management, and security. These cannot be disabled without impairing Platform functionality.

Product Analytics. We use Sentry for error tracking and performance monitoring, and PostHog for product analytics. Sentry collects technical data (browser type, error stack traces, page load times). PostHog tracks navigation patterns (page views, button clicks, form completion rates) to help us improve the platform experience. Neither service receives your estate planning data or document content. PostHog anonymizes IP addresses and respects the Do Not Track browser signal.

Marketing Analytics. We use Google Analytics to understand how visitors find our website and to measure the effectiveness of our marketing efforts. Google Analytics may set cookies to track your browsing activity across visits to our site. This data helps us understand which marketing channels bring visitors to HeirForge. You can opt out of Google Analytics by installing Google's opt-out browser add-on.

Your Consent. When you first visit our website, we ask for your consent before activating analytics cookies. You can change your preferences at any time using the “Cookie Preferences” link in our footer. If you decline analytics cookies, no tracking data is collected beyond what is strictly necessary for the Platform to function.

Disabling essential cookies may prevent you from using certain Platform features.

8. Data Retention and Deletion

Non-Paying Users. If you begin the intake questionnaire but do not complete payment within 30 days, your intake data is automatically and permanently deleted. Account registration data (email, name) is retained until you request account deletion.

Paying Clients. Your documents and case records are retained in your secure vault indefinitely, or until you request deletion. We believe estate planning documents should remain accessible for as long as you need them.

Engagement Agreements. Accepted engagement agreement text and acceptance records are retained as long as necessary for legal compliance and professional responsibility obligations, typically for the period required by applicable attorney record retention rules.

Account Deletion. You may request deletion of your account and associated data at any time by contacting us. We will process deletion requests within 30 days, except where retention is required by law or professional obligations.

Backups. Deleted data may persist in encrypted backups for up to 30 days before being permanently removed.

9. Children’s Privacy

The Platform is intended for users who are at least 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a person under 18, we will promptly delete it.

Users may provide information about their minor children as part of the estate planning process (e.g., naming guardians for minor children, establishing trusts for children’s benefit). This information is collected solely for inclusion in estate planning documents and is subject to the same protections as all other data on the Platform.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — Request a copy of the personal information we hold about you
• Correction — Request correction of inaccurate or incomplete information
• Deletion — Request deletion of your personal information, subject to legal retention requirements
• Portability — Request your data in a structured, commonly used format
• Opt-Out — Opt out of any future communications (excluding transactional messages related to your active services)

To exercise any of these rights, contact us at privacy@heirforge.com. We will respond to verified requests within 30 days.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights:

Categories of Information Collected. We collect the following categories of personal information as described in Section 1: identifiers (name, email, IP address), personal information under Cal. Civ. Code § 1798.80 (name, address, financial information), family information, internet or electronic network activity (usage data), and professional information (for attorney users).

Your Rights. You have the right to: (a) know what personal information we collect, use, and disclose; (b) request deletion of your personal information; (c) correct inaccurate personal information; (d) opt out of the “sale” or “sharing” of personal information; and (e) not be discriminated against for exercising your rights.

No Sale or Sharing. We do not sell your personal information and do not share it for cross-context behavioral advertising as defined under the CCPA/CPRA.

Sensitive Personal Information. Estate planning information may constitute sensitive personal information under California law. We use this information only to provide the services you have requested and do not use it for purposes beyond what is necessary to deliver those services.

Authorized Agents. You may designate an authorized agent to submit a request on your behalf. We may require verification of both your identity and the agent’s authority.

To submit a CCPA request, email privacy@heirforge.com with the subject line “CCPA Request.” We will respond within 45 days.

12. Do Not Sell My Personal Information

We do not sell your personal information. We do not share your personal information with third parties for their direct marketing purposes. If our practices change in the future, we will update this Privacy Policy and provide you with an opt-out mechanism before any such sharing occurs.

13. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected individuals as required by applicable law. Under Texas law, notification will occur within 60 days of discovery. For New York residents, notification will occur as expeditiously as possible and without unreasonable delay, consistent with New York General Business Law Section 899-aa. For California residents, notification will occur within 30 days. Where required, we will also notify the applicable state attorney general’s office.

Notification will include a description of the breach, the types of information involved, steps we are taking to address the breach, and steps you can take to protect yourself.

14. Third-Party Links

The Platform may contain links to third-party websites (e.g., Stripe’s payment page). We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any external sites you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will post the updated policy on this page with a revised “Last updated” date. For material changes, we will notify you by email or through a prominent notice on the Platform at least 30 days before the changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, your personal information, or wish to exercise your privacy rights, contact us at:

Email: privacy@heirforge.com

General Inquiries: support@heirforge.com

Mailing Address:
HeirForge
Attn: Privacy
[Address]