Privacy policy

Who is responsible for your data

HeartBeatNo1 B.V., established in the Netherlands, is the data controller for the personal data processed through the HeartBeatNo1 app and website. You can reach us with any privacy question using the contact details at the bottom of this page.

What data we collect

We only collect what we need to run the service:

• Account data: name, email address, password (stored encrypted), handle, profile photo, biography, language and persona.
• Content you create: wishes, goals, journey entries, messages, follows and the people in your circle.
• Payment data: when you contribute or buy a subscription, the payment itself is processed by our payment provider Mollie. We receive the status and a transaction reference, not your full card or bank details.
• Usage and device data: basic technical logs needed for security, stability and abuse prevention.
• AI assistant data: messages you send to our in-app assistant Maxime, so it can answer you.

Why we use your data and on what legal basis

We process your data on the following legal bases under article 6 GDPR:

• To provide the service and your account (performance of a contract).
• To process payments and contributions (performance of a contract).
• To keep the platform safe and prevent abuse, fraud and spam (legitimate interest).
• To send product or marketing updates only if you opt in (consent, which you can withdraw at any time).
• To comply with legal and tax obligations (legal obligation).

Payments through Mollie

Payments and contributions are handled by Mollie B.V., a licensed Dutch payment provider. Mollie processes the payment data needed to complete the transaction as an independent controller for that step. HeartBeatNo1 never owns the money flowing between users and never stores your full card or bank account number.

Affiliate links and tracking

Some product links in the app are affiliate links to partners such as Amazon, bol.com and Farfetch (via the Awin network). When you tap such a link, the partner may set a cookie to attribute a possible purchase to us so we can earn a small commission at no extra cost to you. We do not receive your purchase details beyond an anonymous confirmation that a qualifying purchase happened. See our affiliate disclosure for more.

AI assistant (Maxime)

Our in-app assistant uses a third-party AI provider to generate responses. The messages you send to the assistant are processed to produce an answer. Do not share sensitive personal data with the assistant. We do not use your private messages to train external models.

Children and the family circle

HeartBeatNo1 is intended for adults. The app can be used to celebrate wishes within a family circle, but accounts are held by adults. We do not knowingly collect data from children under the age required in your country without verifiable parental consent. If you believe a child has given us data, contact us and we will remove it.

Who we share data with

We share data only with processors that help us run the service, under a data processing agreement:

• Mollie for payments.
• Hosting and infrastructure providers.
• Our AI provider for assistant responses.
• Affiliate networks when you choose to follow an affiliate link.
• Authorities, only when we are legally required to.

International transfers

We aim to keep data within the European Economic Area. Where a processor transfers data outside the EEA, we rely on appropriate safeguards such as the European Commission Standard Contractual Clauses.

How long we keep your data

We keep your data for as long as your account is active. When you delete your account, we remove your personal data within 30 days, except where we must keep certain records longer to meet legal or tax obligations.

Your rights

Under the GDPR you have the right to access, rectification, erasure, restriction, data portability, and to object to processing. Where we rely on consent, you can withdraw it at any time. You can request your data or delete your account directly in the app, or contact us using the details below. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Security

We use technical and organisational measures to protect your data, including encryption in transit, hashed passwords and access controls. No service can be perfectly secure, but we work to keep risks low.

Changes to this policy

We may update this policy as the product evolves. We will post the new version here and update the date above. Significant changes will be communicated in the app.