Data Deletion Policy

Last updated: January 30, 2026
Operator: Heartbox LLC
Application: Heartbox (iOS and Android)
Contact: acfrank@heartbox.life

This Data Deletion Policy (“Policy”) describes how users of the Heartbox application (“App”) may request deletion of their account and associated personal data, what data we delete, and within what timeframe. Heartbox LLC (“we,” “us,” or “our”) operates the Heartbox App and treats data deletion requests seriously, in line with applicable data protection laws and store requirements for journaling and wellness applications.

1. Scope and Application

This Policy applies to all users of the Heartbox App who have created an account and whose data we store or process. It supplements our Privacy Policy and is referenced therein. By using the App, you acknowledge that you have read and understood this Policy. We may update this Policy from time to time; the “Last updated” date at the top reflects the most recent version. Material changes will be communicated where required by law or by app-store guidelines.

2. Your Right to Request Deletion

You have the right to request deletion of your Heartbox account and the personal data associated with it. We will process valid requests in accordance with this Policy and applicable law (including, where applicable, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other regional requirements). We do not charge a fee for processing standard deletion requests.

3. How to Submit a Deletion Request

3.1 In-App Method (when available)

If your version of the Heartbox App includes an account deletion feature:

  • Open the Heartbox App and sign in to your account.

  • Navigate to Settings (or Profile → Settings, as applicable).

  • Locate the option labeled “Delete account,” “Account & data,” or similar.

  • Follow the on-screen instructions and confirm your request when prompted.

Once confirmed, your request will be queued for processing as described in Section 5 below.

3.2 Email Method (always available)

You may submit a deletion request by email at any time, including when no in-app option is available:

  • Recipient: acfrank@heartbox.life

  • Subject line (recommended): “Data deletion request – Heartbox”

  • Required information: The email address associated with your Heartbox account, so we can locate and verify your data. You may also include your display name or other identifiers if helpful.

We will acknowledge receipt of your request within a reasonable period (typically within five (5) business days) and will process it in accordance with this Policy. We may contact you at the email address you provide if we need additional information to verify your identity or to complete the deletion.

4. Verification of Identity

To protect your data from unauthorized deletion, we may need to verify that the person submitting the request is the account holder. We may do so by:

  • Confirming that the request is sent from the email address associated with the account, or

  • Asking you to respond to a verification message sent to that email address, or

  • Using other reasonable means appropriate to the sensitivity of the data and the risk of fraud.

We will not use verification as a means to unreasonably delay or deny valid requests. If we are unable to verify your identity after good-faith efforts, we will inform you and may retain the data as necessary to protect the account until verification can be completed.

5. What We Delete

Upon successful verification and processing of your deletion request, we will delete or irreversibly anonymize the following data to the extent we control it and to the extent technically and legally feasible:

5.1 Account and profile data

  • Email address and authentication identifiers (e.g., Firebase Authentication UID)

  • Display name, profile emoji, and any other profile or account fields stored in our systems (including in Firebase Firestore and any other databases we operate)

5.2 User-generated content

  • All check-in records (mood, scale answers, and other responses)

  • Goals and goal progress you have created or recorded

  • Journal-style entries, notes, reflections, and any other text or content you have entered in the App

  • Survey and quiz responses (health area surveys, personality or wellness quizzes, etc.)

  • Workout and activity logs and related data

  • Any other content you have created, uploaded, or stored within the App that we hold in our systems

5.3 Metadata and backups

We will remove or anonymize your data from our primary production databases and from any backup or archival systems we maintain, to the extent technically feasible and consistent with our retention and disaster-recovery procedures. Some backup data may be retained for a limited period before it is overwritten or purged; during that period, your data will not be used for any purpose other than system recovery if legally required.

5.4 Subscriptions and in-app purchases

We will cease using your app user ID for subscription or entitlement checks. Historical purchase and subscription records may be retained by Apple Inc., Google LLC, and/or our subscription provider (e.g., RevenueCat) in accordance with their respective policies and legal obligations. We will not use such records for the operation of the Heartbox App after your account is deleted. Refunds for past purchases must be requested through Apple or Google as set out in our Subscription & Billing Terms.

5.5 What we do not do with deleted data

We do not sell, rent, or use your deleted data for marketing, advertising, or profiling after deletion has been completed. Once deletion is complete, we do not retain copies of your personal data for any purpose other than as permitted under Section 6.

6. Exceptions and Required Retention

We may retain certain data where necessary:

  • To comply with law: Where we are required to retain data by applicable law, regulation, legal process, or governmental or regulatory request (e.g., tax, legal hold, dispute resolution).

  • For legitimate operational purposes: For a limited period, where necessary for security, fraud prevention, enforcement of our Terms of Service, or protection of the rights and safety of us or others (e.g., logs or records needed to investigate or defend a claim).

In such cases, we retain only the minimum data necessary and for no longer than required. Once the legal or operational need ends, we will delete or anonymize that data in accordance with our standard procedures.

7. Timeframe for Completion

We will complete the deletion of your account and the data described in Section 5 within thirty (30) days of the date we verify your identity and confirm the validity of your request, unless a longer period is required by applicable law or we have notified you of a specific, justified extension.

If we need additional time due to technical complexity, legal obligation, or other good-faith reasons, we will inform you and will complete the deletion as soon as reasonably practicable. We may send a brief confirmation to the email address you provided once deletion has been completed.

8. Effect of Deletion

Once your account and data have been deleted:

  • You will no longer be able to sign in to the App with that account.

  • Your user-generated content will no longer be accessible to you or to us for display or use.

  • Any subscription or paid access tied to that account will end in accordance with our Subscription & Billing Terms and the applicable platform (Apple/Google) rules.

Deletion is generally irreversible. If you wish to use Heartbox again after deletion, you would need to create a new account.

9. Questions, Complaints, and Appeals

If you have questions about this Policy or believe we have not handled your deletion request correctly, you may contact us at acfrank@heartbox.life. We will investigate and respond in a reasonable time. If you are in a jurisdiction that provides a right to lodge a complaint with a supervisory authority (e.g., under the GDPR), you may do so in accordance with applicable law.

10. References to Other Documents

This Policy is part of our privacy and terms framework. For more information:

11. Contact

For all deletion requests and questions regarding this Data Deletion Policy:

Email: acfrank@heartbox.life
Subject line (suggested): Data deletion request – Heartbox

Please include the email address associated with your Heartbox account in your message.