Privacy Policy

Last Updated: March 2026

HeyPops ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use the HeyPops mobile application ("the App").

Information We Collect

Account Information

When you create an account, we collect your email address, password (encrypted and hashed — we never store plaintext passwords), and first name. This information is used to authenticate your account, personalize your experience, and identify you when sharing memories.

Journal Entries & Media

We store the content you create, including text notes, photos, videos, and voice memos. This content is associated with your account and stored in private, encrypted cloud storage. We access this content only to provide the service to you — we do not read, analyze, mine, or use your journal content for advertising, training, or any purpose other than delivering the HeyPops service.

Location Data

You may optionally add location tags to your memories. When you enter a location (such as a city, address, or place name), we send this text to Apple Maps (on iOS) to convert it into map coordinates for display on your Memory Map. We do not track your real-time location or collect GPS data from your device. Location tagging is entirely optional and you can use HeyPops without enabling location services. If your photos contain GPS metadata (EXIF data), we may use this to suggest a location for your memory, but this data is processed on your device and only stored if you choose to save the location.

Print Order Information

When you place a print order (photo books, cards, or other physical products), we collect recipient names, shipping addresses, and order details. This information is necessary to fulfill your order and is shared with our print fulfillment partner (see Third-Party Services below). Shipping addresses are stored in your account so you can reuse them for future orders.

Payment Information

Payment for subscriptions is processed through Apple's App Store (via RevenueCat). When available, payment for print orders will be processed through Stripe. We do not directly collect, store, or have access to your credit card numbers, bank account details, or other financial account information. These payment processors handle your financial data under their own privacy policies.

App Usage Data

We collect basic, anonymized app usage data to improve our service, such as which features are used most frequently, crash reports, and performance metrics. This data does not contain your journal content, photos, or personal information.

Device Information

We may collect device type, operating system version, and app version for the purpose of troubleshooting errors and ensuring compatibility. We do not collect unique device identifiers for advertising or tracking purposes.

How We Use Your Information

• To provide, maintain, and improve the HeyPops service
• To store and sync your journal entries securely across your devices
• To fulfill print orders for photo books, cards, and other physical products
• To send you notifications you have opted into (journal reminders, memory flashbacks)
• To process your subscription through Apple's App Store
• To diagnose crashes, fix bugs, and improve app performance
• To respond to your support requests
• To send transactional emails related to your account, orders, or service changes

We do not use your personal information for advertising, behavioral profiling, or AI/ML model training.

Data Storage & Security

Your data is stored securely using Supabase, a cloud database provider. We implement the following security measures:

• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS/SSL.
• Encryption at rest: Your data is encrypted at rest on our database servers.
• Private storage: All media files (photos, videos, voice memos, print assets) are stored in private storage buckets. Access requires authenticated, time-limited signed URLs — your files are never publicly accessible.
• Row Level Security (RLS): Database-level access controls ensure that each user can only access their own data. These policies are enforced at the database layer, not just the application layer.
• Authentication: We use industry-standard authentication with encrypted token storage on your device (via secure keychain storage on iOS).
• Access control: We do not have a "view all users' data" interface. Our team accesses individual user data only when you contact support and explicitly grant permission to troubleshoot an issue.

Your journal entries are private to you. We do not read, analyze, or share your personal journal content with third parties.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email and/or in-app notification without unreasonable delay, and no later than 72 hours after becoming aware of the breach where feasible. We will also notify the relevant supervisory authorities as required by applicable law.

Data Sharing

We do not sell, trade, rent, or share your personal information with third parties for their marketing or promotional purposes.

Memory Sharing

You can choose to share specific journal entries with other HeyPops users via email. When you share a memory, the recipient will see your first name (if provided) and the shared entry content. You can hide or block shared content you've received from others. The sharer is not notified if you hide or block their shares. Note: if you share a memory and later delete your account, the shared copy may remain visible to the recipient unless they also delete it.

Print Order Fulfillment

When you place a print order, we share the following information with our print fulfillment partner to produce and ship your order: the photos and content included in your print product, recipient name, and shipping address. This data is shared solely for order fulfillment and is subject to our fulfillment partner's data processing obligations.

Aggregated Data

We may share aggregated, anonymized data (such as total number of users or feature usage statistics) for analytics purposes. This data cannot identify individual users.

Legal Requirements

We may disclose your information if required to do so by law, legal process, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Third-Party Services

We use the following third-party services to operate HeyPops. Each processes data only as needed to provide their specific service:

We do not use advertising SDKs, behavioral tracking, cross-app identifiers, or third-party analytics that build user profiles. We do not share your data with data brokers.

Each third-party service operates under its own privacy policy. We encourage you to review them:

• Supabase: https://supabase.com/privacy
• RevenueCat: https://www.revenuecat.com/privacy
• Sentry: https://sentry.io/privacy/
• Prodigi: https://www.prodigi.com/privacy-policy/
• Stripe: https://stripe.com/privacy

We will update this policy when additional third-party services are integrated.

Your Rights

Access

You can access all your journal entries, shared memories, and order history within the app at any time.

Correction

You can edit or update your journal entries, profile information, and saved addresses at any time within the app.

Deletion

You can delete individual entries within the app. You can also delete your entire account through Settings. Upon account deletion, all associated data — including journal entries, media files, profile information, and order history — is permanently removed from our servers within 30 days. Automated backup systems may retain encrypted copies for a limited period before automatic purging. Note: shared entries that other users have received may remain visible to those recipients unless they also delete them.

Data Portability

You can export your data through the app's Settings, including your journal entries and associated media.

Opt-Out

You can opt out of push notifications at any time through your device settings or within the app. You can opt out of email communications by using the unsubscribe link in any email or by contacting us.

Do Not Sell or Share

We do not sell or share your personal information for cross-context behavioral advertising. Because we do not engage in these practices, there is no need to opt out — but you may contact us at [email protected] if you have questions.

How to Exercise Your Rights

To exercise any of these rights, you can use the in-app features described above or contact us at [email protected]. You may also designate an authorized agent to submit a request on your behalf; the agent must provide written proof of authorization, and we may still require you to verify your identity directly. We will respond to verifiable requests within 45 days. If we cannot fulfill a request, we will explain the reason and inform you of your right to appeal the decision.

Data Retention

Upon account deletion, all personally identifiable data is permanently removed within 30 days. We do not retain your data for longer than necessary to provide the service.

Children's Privacy

HeyPops is primarily intended for use by parents and guardians to journal about their families, but is available to anyone aged 13 and older. Users under 18 must have parental or guardian permission. The app is not directed at or intended for use by children under 13 (or under the applicable age threshold in EEA member states, which varies between 13 and 16 by country).

We recognize that journal entries may contain information about children, including photos, names, and milestones. We treat this data with the highest sensitivity:

• We do not knowingly collect personal information directly from children under 13 without parental consent.
• All data about children is controlled by the account holder.
• We do not use children's data (photos, names, or any other information) for advertising, profiling, AI training, or any purpose other than storing and displaying it for the account holder.
• Photos and information about children are stored in private, encrypted storage and are never publicly accessible.
• The account holder can delete any content containing children's information at any time.

If we learn that a child under 13 has created an account without parental consent, we will delete the account and associated information promptly. If you believe a child under 13 has created an account, please contact us at [email protected].

California Privacy Rights (CCPA/CPRA)

California residents have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to Know: You may request the categories and specific pieces of personal information we have collected about you in the past 12 months, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions (such as completing a transaction or complying with legal obligations).
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: We use sensitive personal information only to provide the service you requested.
• Non-Discrimination: We will not discriminate against you for exercising any of these rights.
• Authorized Agent: You may designate an authorized agent to make a request on your behalf. The agent must provide written authorization, and we may require you to verify your identity directly.

To exercise these rights, contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days. If we deny a request, you may appeal by contacting us with the subject line "Privacy Rights Appeal."

Categories of personal information collected in the past 12 months:

• Identifiers (name, email address)
• Photos, videos, and audio files you upload
• Location data you provide
• Commercial information (print order history, subscription status)
• Internet or network activity (crash reports, app usage analytics — anonymized)

European Privacy Rights (GDPR)

For users in the European Economic Area, you have the following rights under the General Data Protection Regulation:

• Access: Request a copy of your personal data.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Restriction: Request restriction of processing in certain circumstances.
• Data Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: You may withdraw your consent to data processing at any time for features where consent is the legal basis (such as location tagging and notifications). You may also delete your account at any time through the app settings.

Legal basis for processing:

• Performance of a contract: Providing the HeyPops service you signed up for (account management, journal storage, print order fulfillment).
• Consent: For optional features such as location tagging and push notifications. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Legitimate interests: For security, fraud prevention, and service improvement. You may object to processing on this basis.

International data transfers: Your data is stored on servers in the United States. We rely on our service providers' data processing agreements and standard contractual clauses to ensure appropriate safeguards are in place for international data transfers in compliance with GDPR requirements.

To exercise your rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection supervisory authority.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or via email at least 30 days before the changes take effect. We will update the "Last Updated" date at the top of this policy. Continued use of the app after changes take effect constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us at:

Email: [email protected]

Terms of Service

Last Updated: March 2026

Welcome to HeyPops! By using our app, you agree to these Terms of Service. Please read them carefully.

1. Acceptance of Terms

By downloading, installing, or using HeyPops, you agree to be bound by these Terms of Service and our Privacy Policy. If you do not agree to these terms, please do not use the app.

2. Description of Service

HeyPops is a personal memory app designed to help you capture, organize, and preserve everyday moments. The app allows you to create journal entries with text, photos, videos, and voice recordings, revisit memories through flashbacks and recaps, and order physical print products (photo books, cards, and other keepsakes) through our print fulfillment partners.

3. Account Responsibilities

• You must be at least 13 years old to create a HeyPops account. By creating an account, you represent that you are at least 13 years of age. If you are under 18, you represent that you have your parent's or guardian's permission to use the app.
• You are responsible for maintaining the security of your account and password.
• You must provide accurate information when creating an account.
• You are responsible for all activity under your account.
• You must notify us immediately of any unauthorized use at [email protected].

4. Your Content

Ownership: You retain full ownership of all content you create in HeyPops, including text, photos, videos, and voice recordings. We claim no intellectual property rights over your content.

License: By using HeyPops, you grant us a limited, non-exclusive, revocable license to store, process, and transmit your content solely to provide the service to you. When you place a print order, you grant us a limited license to share the relevant content with our print fulfillment partner solely to produce and deliver your order. These licenses terminate when you delete the relevant content or your account.

Responsibility: You are solely responsible for the content you create and must ensure you have the right to use any photos, recordings, or other media you upload. You represent that your content does not violate any third party's rights.

5. Acceptable Use

You agree not to use HeyPops to:

• Violate any laws or regulations
• Infringe on others' intellectual property or privacy rights
• Upload malicious content, malware, or attempt to harm our systems
• Share your account credentials with others
• Use automated systems (bots, scrapers) to access the service
• Attempt to access other users' data or circumvent security measures
• Use the service for commercial purposes without written permission

6. Subscription & Payments

• Free Trial: New users receive a 1-month free trial with full access to all features.
• Pricing: $1.99/month or $14.99/year after the trial period.
• Billing: Subscription payment is charged to your Apple ID account through the App Store.
• Auto-Renewal: Subscriptions automatically renew unless canceled at least 24 hours before the end of the current billing period.
• Price Changes: We may change subscription pricing with at least 30 days' notice. Existing subscribers will be notified before any price change takes effect.

7. Print Products & Orders

• Product Availability: Print products (photo books, cards, and other keepsakes) are fulfilled through our third-party print partner, Prodigi. Product availability, pricing, and shipping options may vary by region and are subject to change.
• Order Accuracy: You are responsible for reviewing your print order (content, recipient name, shipping address) before placing it. Orders cannot be modified once submitted for production.
• Fulfillment: Print orders are produced and shipped by our fulfillment partner. Estimated delivery times are provided at checkout but are not guaranteed. We are not responsible for delays caused by shipping carriers or circumstances beyond our control.
• International Shipping: For orders shipped internationally, the recipient is responsible for any customs duties, import taxes, or fees imposed by the destination country. These charges are not included in the order total.
• Quality Issues: If you receive a print product that is damaged, defective, or materially different from what you ordered, contact us at [email protected] within 14 days of delivery. We will work with our fulfillment partner to provide a replacement or refund.
• Refund Policy: Refunds for print orders are handled on a case-by-case basis. Because print products are custom-made with your personal content, we cannot accept returns for buyer's remorse or errors in content you provided (wrong photos, typos, incorrect address).
• Content Responsibility: You are responsible for ensuring that the photos and text included in your print orders are appropriate and that you have the right to reproduce them in physical form.

8. How to Cancel Your Subscription

You can cancel your subscription at any time. To cancel:

1. Open the Settings app on your iPhone or iPad
2. Tap your name at the top
3. Tap Subscriptions
4. Tap HeyPops
5. Tap Cancel Subscription

Alternatively, you can manage your subscription at: https://apps.apple.com/account/subscriptions

Cancellation takes effect at the end of your current billing period. You will continue to have access to HeyPops until that date. Deleting the app does not cancel your subscription.

9. Account Deletion

You may delete your account at any time through the app's Settings. Upon deletion:

• All your journal entries, media, profile information, and saved addresses will be permanently removed from our servers within 30 days.
• Print order records will be deleted along with your account. If you need order information for a recent print order, please save it before deleting your account.
• Deleting your account does not cancel any active subscription. You must cancel your subscription separately through your App Store account settings before deleting your account to avoid future charges.
• Shared entries that other users have received may remain visible to those recipients unless they also delete them.

10. Intellectual Property

The HeyPops name, logo, design, and app code are owned by HeyPops and protected by intellectual property laws. You may not copy, modify, distribute, or create derivative works based on our app or brand without written permission.

11. Disclaimers

HeyPops is provided "as is" and "as available" without warranties of any kind, express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement. While we strive to maintain service availability and data integrity, we cannot guarantee uninterrupted or error-free access.

We strongly recommend keeping backups of important memories outside the app using the export feature in Settings.

We do not guarantee the color accuracy, print quality, or exact appearance of print products, as physical reproduction may vary from on-screen previews due to differences in screens, printers, and paper.

12. Force Majeure

We shall not be liable for any failure or delay in performance due to circumstances beyond our reasonable control, including but not limited to natural disasters, acts of war or terrorism, pandemics, internet outages, power failures, acts of government, labor disputes, or failures of third-party service providers (including cloud hosting, print fulfillment, and shipping carriers).

13. Limitation of Liability

To the maximum extent permitted by law, HeyPops and its officers, directors, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the app, including but not limited to loss of data, loss of content, or issues with print orders. Our total liability for any claims arising from your use of the service shall not exceed the amount you paid us in the 12 months preceding the claim.

14. Indemnification

You agree to indemnify and hold harmless HeyPops from any claims, damages, or expenses (including reasonable attorneys' fees) arising from your use of the service, your content, or your violation of these terms.

15. Dispute Resolution

Any disputes arising from these Terms will first be attempted to be resolved through informal negotiation by contacting [email protected]. If informal resolution is not successful within 60 days, either party may pursue resolution through binding arbitration in accordance with the rules of the American Arbitration Association, conducted in Santa Cruz County, California. Notwithstanding the above, either party may bring an individual action in small claims court in Santa Cruz County, California if the claim qualifies.

Class Action Waiver: You agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated, or representative action.

16. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of California, without regard to conflict of law principles.

17. Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force and effect.

18. Entire Agreement

These Terms of Service, together with our Privacy Policy, constitute the entire agreement between you and HeyPops regarding your use of the service, and supersede any prior agreements.

19. Changes to Terms

We may update these Terms of Service from time to time. We will notify you of material changes through the app or via email at least 30 days before the changes take effect. Continued use of the app after changes constitutes acceptance of the new terms.

20. Contact

If you have questions about these Terms of Service, please contact us at [email protected].