Hearth
Sign in
← Back to home

Privacy Policy

Last updated: May 11, 2026. Hearth is operated by Robby Barris.

Overview

Hearth (“we,” “us,” “our”) is a coordination platform connecting dispatchers posting in-home pet end-of-life care appointments with licensed veterinarians. This policy describes what data we collect through our website (hearth.pet) and iOS mobile application, how we use it, who we share it with, and your rights.

Information we collect

Account information

When you create a Hearth account, we collect your name, email address, password (stored as a bcrypt hash—we never store your plaintext password), and phone number (optional, for SMS notifications).

Veterinarian profile

Vets provide a service address that we geocode to latitude and longitude coordinates. These coordinates are used to calculate distance to job requests and determine your service area.

Request and appointment data

Dispatchers enter customer (pet owner) name, phone number, service address, and pet details (name, species, weight, gender, age, color, markings) when creating requests. Customers do not create Hearth accounts directly; dispatchers attest they have the customer’s permission to enter this information.

Device and push notification data

When you use the Hearth iOS app and grant notification permissions, we collect your Expo push notification token (a device-specific identifier used to deliver push notifications). This token is stored on our servers and associated with your account. We also store the device platform (iOS/Android) for notification delivery.

Authentication tokens

The mobile app uses JSON Web Tokens (JWTs) for authentication. Access tokens are short-lived (15 minutes) and stored in your device’s secure keychain. Refresh tokens are long-lived (30 days) and stored as a cryptographic hash on our servers for session management and revocation.

Usage and activity data

We log sign-in events (timestamp and user ID) for security and analytics. We maintain an audit trail of appointment lifecycle transitions (e.g., confirmed, en route, completed) including timestamps and the acting user.

How we use your information

  • Match job requests to nearby licensed veterinarians within a 25-mile service radius.
  • Send push notifications and SMS messages for new job offers, appointment updates, schedule changes, reminders, and notes.
  • Coordinate the appointment lifecycle (open → confirmed → en route → completed → paid) and maintain an audit trail.
  • Protect customer privacy by redacting contact information from vets until they accept a job.
  • Authenticate your identity and secure your account.

Who receives your data

We do not sell, rent, or trade your personal information. We share data only with the following service providers, strictly to operate the platform:

  • Supabase — hosted PostgreSQL database (data storage and management).
  • Vercel — application hosting, serverless functions, and request logs.
  • Google Maps Platform — geocoding of service and customer addresses; map display in the app.
  • Twilio — SMS delivery, including the recipient phone number and message text.
  • Expo / Apple Push Notification service (APNs)— delivery of push notifications to your iOS device using your device push token.

Data protection and security

  • Passwords are hashed with bcrypt before storage.
  • All traffic is served exclusively over HTTPS.
  • Authentication tokens are stored in your device’s secure keychain (iOS Keychain), not in plaintext storage.
  • Refresh tokens are stored as SHA-256 hashes on our servers.
  • The app enforces per-user authorization on every API request.
  • Customer contact information is redacted from vets who have not accepted the job.
  • Server secrets are stored in environment variables, never in client-side code.

Your rights and choices

You can exercise the following rights from your Account settings in the app or on the web:

  • Access and export — view all data Hearth stores about you, including your profile, requests, and audit events.
  • Delete your account — initiate account deletion from the Account screen. On deletion, your account is deactivated, and customer names and phone numbers on requests you created are anonymized.
  • Opt out of SMS — disable SMS notifications in Account settings, or reply STOP to any Hearth text message.
  • Opt out of push notifications — disable push notifications in Account settings or through your iOS Settings > Hearth > Notifications.
  • Revoke all sessions — sign out of all devices from the Account screen.

Data retention

We retain account data for as long as your account is active. Deleted accounts are soft-deleted (deactivated) with customer PII anonymized. Push notification tokens are deactivated on logout and deleted with the account. Refresh tokens expire after 30 days and are automatically cleaned up.

Children’s privacy

Hearth is intended for licensed veterinary professionals and authorized dispatchers. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to this policy

We may update this privacy policy from time to time. We will notify you of material changes by updating the “Last updated” date above. Continued use of Hearth after changes constitutes acceptance of the revised policy.

Contact us

Questions about this privacy policy, requests for data access or deletion, or any privacy concerns? Contact us at robby@hearth.pet.