Skip to content
Hearth

Legal

Privacy Policy

How Hearth collects, uses, and shares information when you use our neighborhood marketplace.

Effective June 13, 2026 · Version 2026-06-13

1. Overview

Hearthmade ("Hearth," "we," "us") respects your privacy. This Privacy Policy explains what personal information we collect when you use the Hearth platform, how we use it, and your choices. It applies to neighbors, artisans, and visitors in California and elsewhere.

We designed Hearth for neighborhood trust. We collect only what we need to run map discovery, checkout, pickup coordination, and seller compliance tools.

2. Information we collect

  • Account data: name, email, password hash (via our auth provider), profile photo, and member mode (buying or selling).
  • Location data: ZIP code, neighborhood label, map search history, and coordinates you save for distance and pickup (exact street addresses for seller pickup are kept private and are not shown to buyers on the map).
  • Transaction data: basket contents, orders, pickup windows, pickup codes, payment status, reviews, and Stripe identifiers (we do not store full card numbers).
  • Seller compliance data: permit uploads, tax registration choices, business name, studio photos, offerings, and batch schedules.
  • Communications: messages you send through Hearth coordination tools and support emails.
  • Device and usage data: IP address, browser type, app events, crash reports, and analytics events (see Section 5).
  • Cold-market waitlist: email and optional handle when you join a waitlist outside our active ZIP areas.
  • Privacy preference data: whether you opt out of analytics sharing and whether your browser sends a Global Privacy Control (GPC) signal.

3. How we collect information

  • Directly from you when you sign up, list products, check out, or contact support.
  • Automatically through cookies, local storage, and analytics when you use the Platform.
  • From third parties such as Google or Apple when you choose social login, Stripe when you pay or onboard payouts, and Supabase as our infrastructure provider.
  • From your browser or device when you enable Global Privacy Control or similar privacy signals.

4. How we use information

  • Provide map discovery, basket, checkout, handoff, and studio management features.
  • Verify permits, calculate sales tax where required, and show trust signals to neighbors.
  • Process payments and seller payouts through Stripe Connect.
  • Send transactional messages (order updates, pickup reminders, security alerts).
  • Improve safety, prevent fraud, and enforce our Terms of Service.
  • Analyze aggregated usage to improve the product (see analytics below).
  • Comply with law, respond to legal requests, and protect rights and safety.
  • Honor your privacy choices, including opt-out of analytics sharing and GPC signals.

5. When we share information

We do not sell your personal information for money. We share data only as described below:

Analytics and "sharing" under CPRA. PostHog, our product analytics provider, may receive identifiers and usage events that California law can treat as "sharing" for cross-context behavioral advertising when configured for advertising measurement or audience building. We use PostHog primarily for product analytics, funnels, and reliability. Sentry receives error and performance data for diagnostics. Google Maps Platform receives location queries when you use map features. These providers process data under their own terms.

You can opt out of analytics sharing at /privacy-choices or in Settings under Privacy. We honor Global Privacy Control (GPC) browser signals as an opt-out of sale/share for analytics where required by law.

  • With artisans and neighbors as needed to complete a transaction (for example, a buyer's first name and order summary to the artisan; pickup area, not exact home address, on the map).
  • Supabase (database, authentication, file storage, edge functions): hosts and processes data on our behalf under their terms.
  • Stripe, Inc.: payment processing, Connect onboarding, fraud tools, and tax calculation where enabled.
  • PostHog: product analytics and funnel measurement when configured (events such as signup, search, and checkout).
  • Sentry: error monitoring and performance diagnostics when configured.
  • Google Maps Platform: map display and geocoding when you use location features.
  • Vercel: application hosting.
  • Authorities or other parties when required by law, to prevent harm, or to enforce our agreements.

6. California privacy rights (CCPA / CPRA)

If you are a California resident, you have the right to know what categories of personal information we collect, the purposes of use, and the categories of third parties with whom we share it.

You may request access, correction, or deletion of personal information, and you may opt out of "sale" or "sharing" for cross-context behavioral advertising.

Do Not Sell or Share My Personal Information: open Settings, tap Legal & Privacy, and use the privacy controls on the Privacy tab. You may also visit /privacy-choices. You may enable Global Privacy Control in a supported browser; we treat an enabled GPC signal as a request to opt out of sharing for analytics where applicable.

To exercise other California privacy rights, email hello@hearthmade.app with the subject line "California Privacy Request." We will verify your request and respond as required by law. You may designate an authorized agent with written permission.

We will not discriminate against you for exercising privacy rights.

7. Retention

We keep information as long as your account is active and as needed to provide the Platform, comply with tax and financial record rules, resolve disputes, and enforce agreements. Permit documents and order records may be retained longer where law requires.

8. Security

We use industry-standard safeguards including encryption in transit, row-level database access controls, and server-side price validation. No method of transmission or storage is 100% secure.

9. Children

Hearth is not directed to children under 13, and we do not knowingly collect their information. Contact us if you believe a child has provided data and we will delete it.

10. International users

Hearth is operated from the United States. If you access the Platform from outside the U.S., you consent to processing in the U.S. and other countries where our providers operate.

11. Changes

We may update this Policy with a new effective date. Material changes may require renewed acceptance at signup.

12. Contact

Privacy questions and requests: hello@hearthmade.app