Hearthstone

Privacy Policy

Last updated June 29, 2026

Who we are

Hearthstone is operated by Hearthstone Software ("Hearthstone", "we", "us"). We provide a hosted platform that nonprofits, schools, shuls, and similar organizations use to manage donors, students, families, communications, and bookkeeping. This policy explains what we collect, why, and how we protect it.

What we collect

  • Account info: name, email, phone, role.
  • Organization data: donors, families, students, donations, communications, bookkeeping records you enter or import.
  • Connected accounts: when you connect Gmail, Stripe, Plaid, or a phone provider we store the tokens needed to perform the actions you authorize.
  • Usage data: standard logs (IP, browser, timestamps) used for security and reliability.

Gmail and Google user data

When you connect a Gmail account, Hearthstone requests thegmail.send,gmail.readonly, andgmail.modifyscopes so the platform can send messages on your behalf, log replies against the right donor or family record, and mark threads as read. Hearthstone's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Gmail data to serve ads, do not sell it, do not share it with third parties for unrelated purposes, and do not let humans read it except (a) with your explicit consent, (b) for security, or (c) to comply with law.

How we use data

  • To operate the features you use (sending emails, processing donations, generating reports).
  • To secure accounts and detect abuse.
  • To provide customer support when you contact us.
  • To improve the product in aggregate; we do not train AI models on the contents of your donor records or messages.

Sharing

We share data only with sub-processors that power the platform (hosting, email, SMS, voice, payments) and only as needed to deliver the service. We do not sell your data.

Retention

Organization data is retained while your account is active. You can export or delete records at any time. When you cancel, we delete production data within 30 days; encrypted backups roll off within 90 days.

Security

Data is encrypted in transit and at rest. Access is limited to the small team needed to operate the service, and is logged. Sensitive tokens (Gmail refresh tokens, Stripe keys, etc.) are stored encrypted and never exposed to the browser.

Your rights

You can access, correct, export, or delete the data tied to your account at any time from inside the app, or by emailing us at support@ahearthstone.com.

Children

Hearthstone is built for organizational staff. We do not knowingly collect personal information directly from children. Schools using Hearthstone enter student records under their own privacy practices as the data controller.

Changes

We'll post any material changes here and update the date above. Continued use after changes constitutes acceptance.

Contact

Questions about privacy? Email support@ahearthstone.com.