Skip to content

Privacy Policy

Last updated: April 4, 2026

1. Introduction

Heriot (“we,” “our,” or “us”) operates the website heriot.ai (the “Site”). This Privacy Policy explains how we collect, use, and protect your information when you visit our Site or use our services.

2. Information We Collect

Information You Provide

  • Account information: When you create an account, we collect your email address and display name.
  • Newsletter subscription: If you subscribe to our newsletter, we collect your email address.
  • Preferences: Your account settings such as preferred reading style.

Information Collected Automatically

  • Usage data: We use Google Analytics to collect anonymized data about how you interact with the Site, including pages visited, time spent, and referring sources.
  • Device information: Browser type, operating system, and device type.
  • Cookies: We use essential cookies for authentication and preferences (e.g., dark/light mode). Google Analytics uses cookies to distinguish users.

3. How We Use Your Information

  • To provide and maintain the Site and your account.
  • To send newsletters if you have opted in.
  • To remember your reading preferences and settings.
  • To analyze Site usage and improve our content and features.
  • To detect and prevent abuse or unauthorized access.

4. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information with:

  • Service providers: We use the following data processors on your behalf:
    • Supabase — authentication and database storage
    • Vercel — hosting and CDN
    • Stripe — payment processing (for premium subscriptions)
    • Google Analytics — usage analytics (only loaded with your consent)
    Each provider processes data under their respective privacy policies.
  • Legal requirements: We may disclose information if required by law or to protect our rights.

5. Data Retention

We retain your account data for as long as your account is active. Newsletter subscriber emails are retained until you unsubscribe. Analytics data is retained per Google Analytics’ standard retention policies.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Unsubscribe from newsletters at any time.
  • Opt out of analytics tracking using browser extensions or settings.

7. Data Security

We use industry-standard security measures to protect your data, including encrypted connections (HTTPS), secure authentication via Supabase, and restricted access to personal data. However, no method of transmission over the internet is 100% secure.

8. Children’s Privacy

The Site is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information promptly.

9. Third-Party Links

Our articles may contain links to external news sources. We are not responsible for the privacy practices of these third-party websites. We encourage you to review their privacy policies.

10. AI-Generated Content Disclosure

Articles on Heriot are generated by artificial intelligence systems. While we strive for accuracy and neutrality, all factual claims are sourced and cited. The AI systems do not collect or process user personal data for content generation.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the Site after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: privacy@heriot.ai

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA).

  • We do not sell personal information. Heriot does not sell, rent, or trade your personal data to third parties for monetary or other valuable consideration.
  • Right to know: You may request a disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to deletion: California residents can request deletion of their personal data by contacting us at privacy@heriot.ai.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a data deletion or access request, contact: privacy@heriot.ai