Privacy Policy

1. Introduction

This Privacy Policy explains how Heim ("Heim," "we," "us," or "our") collects, uses, shares, and protects information when you use our website and comment analytics service (the "Service"). It should be read together with our Terms of Service.

2. Who we are

Heim is a creator-focused tool that analyzes public comments from YouTube and Instagram accounts you connect. For privacy-related requests, contact us at privacy@useheim.com.

3. Information we collect

Account information

• Email address and authentication session data when you sign in.
• Profile settings such as approval status and account preferences.

Connected channel data

• Channel identifiers, display names, and URLs you provide (for example, a YouTube channel URL).
• For Instagram, OAuth tokens and related metadata needed to sync comments on your behalf, stored securely and used only to operate the Service.
• Public comments, video or post metadata, timestamps, and derived metrics (such as sentiment scores and theme summaries).

Usage and technical data

• Log data such as IP address, browser type, pages visited, and approximate location.
• Product analytics and performance metrics (for example, via Vercel Analytics and Speed Insights) to understand how the Service is used and to improve reliability. These load only if you choose Accept analytics in our cookie banner; you can change your choice anytime via Cookie settings in the site footer.

Cookies

Essential cookies are required for sign-in and security. Analytics cookies are optional and used only with your consent. We store your preference in your browser (local storage and a first-party cookie named heim_cookie_consent).

4. How we use information

We use the information above to:

• Provide, maintain, and secure the Service.
• Sync and analyze comments from platforms you connect.
• Generate dashboards, charts, and AI-assisted summaries.
• Communicate with you about your account, support requests, or important updates.
• Detect abuse, enforce our terms, and comply with legal obligations.
• Improve features and fix bugs.

5. Legal bases (EEA/UK users)

Where applicable law requires a legal basis, we rely on:

• Contract — to deliver the Service you request.
• Legitimate interests — to secure, improve, and market the Service in a way that respects your rights.
• Consent — where required, such as for certain optional communications or integrations.
• Legal obligation — when we must retain or disclose information by law.

6. How we share information

We do not sell your personal information. We may share information with:

• Service providers who help us run the Service, including hosting and database (Supabase), analytics (Vercel), and AI processing (OpenAI), under contracts that limit their use of your data.
• Platform APIs when you connect YouTube or Instagram — governed by those platforms' policies as well as ours.
• Authorities if required by law or to protect rights, safety, and security.
• Successors in connection with a merger, acquisition, or asset sale, with notice where required.

7. AI processing

Comment text and related context may be sent to third-party AI providers to classify sentiment, relevance, and themes. We instruct providers to process data only to deliver Service features. Do not connect channels or content you are not permitted to share for this purpose.

8. Data retention

We retain information for as long as your account is active or as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. When you disconnect a channel or delete your account, we delete or anonymize associated data within a reasonable period, except where backup copies or legal retention requirements apply.

9. Security

We use technical and organizational measures appropriate to the nature of the data we process, including encryption in transit, access controls, and secure credential storage for integration tokens. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10. Your rights and choices

Depending on where you live, you may have the right to:

• Access, correct, or delete personal information we hold about you.
• Object to or restrict certain processing, or request portability.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise these rights, email privacy@useheim.com. For step-by-step deletion instructions, see Deleting your data below. We may need to verify your identity before responding.

11. Deleting your data

Remove a connected channel

You can disconnect YouTube or Instagram for your account without closing your Heim account.

1. Sign in and open the dashboard.
2. Go to Account settings (menu → Account settings, or /dashboard/settings).
3. Open the channel you want to remove and choose settings for that integration.
4. Select Remove integration and confirm.

This removes your subscription to that channel from your account.

Revoke Instagram access (optional)

If you connected Instagram, you can revoke Heim's access in your Meta account settings in addition to removing the integration in Heim. After revocation, we can no longer sync new comments until you connect again.

• In the Instagram app or on instagram.com/accounts/manage_access, remove Heim from connected apps and websites.
• Or manage permissions at Facebook Settings → Apps and websites if your professional account is linked through Meta.

Delete your entire Heim account

You can delete your account in the app: sign in, open Account settings, scroll to Danger zone, and choose Delete account. You will be asked to confirm by typing your sign-in email.

Alternatively, email us from the address tied to your account at privacy@useheim.com with subject line Account deletion request and confirmation that you want your account permanently deleted.

We will verify the request and complete deletion within 30 days, unless a longer period is required by law or for dispute resolution. We may retain minimal records where we have a legal obligation (for example, fraud prevention or tax records).

What we delete

Depending on the option you choose, deletion may include:

• Your profile and account email
• Channel subscriptions and integration tokens (including Instagram OAuth tokens)
• Synced comments, video metadata, and AI-generated insights tied to your account
• Authentication and session data

Backups and logs may persist for a short period before they are overwritten or purged according to our retention schedule.

Data held by third parties

Comments and posts on YouTube or Instagram remain on those platforms; deleting data in Heim does not delete content on third-party services. You must manage or delete that content directly with the platform.

12. International transfers

We and our providers may process data in countries other than where you live. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

13. Children

The Service is not directed to children under 18, and we do not knowingly collect personal information from them. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated by email or in-product notice where appropriate.

15. Contact

Privacy questions or requests: privacy@useheim.com.