๐ HeartMap handles sensitive relationship data. We take privacy seriously. Your behavioral data, coaching conversations, and post-date reflections are never shown to other users and never sold.
HeartMap ("we," "us," "our") operates the HeartMap platform at heartmap.polsia.app โ an attachment-style quiz and relationship coaching platform. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our Service.
By using HeartMap, you consent to the data practices described in this policy. For certain sensitive data categories (behavioral health data, biometric-adjacent data), we obtain separate explicit consent at the time of collection.
We collect the following categories of information:
As you use the platform โ particularly the messaging and coaching features โ we derive behavioral signals from your interactions. This includes:
This data is used exclusively to power AI coaching features and improve your personal experience. It is never displayed to other users or shared publicly.
| Purpose | Data Used |
|---|---|
| Provide matching and discovery | Profile data, attachment style, location, preferences |
| Power the AI coaching features | Behavioral patterns, quiz data, conversation history, message context |
| Generate match insights and compatibility scores | Attachment style, behavioral dimension scores |
| Date prep and post-date coaching | Conversation history, prep briefs, reflection responses |
| Send transactional notifications | Email, push tokens, SMS (if opted in) |
| Process payments | Email, subscription status (card details handled by Stripe, not stored by us) |
| Safety and abuse prevention | IP hashes, report records, block lists |
| Analytics and product improvement | Hashed IPs, page views, API metrics, feature usage (aggregated) |
| Compliance and legal obligations | Consent records, account deletion logs |
We do not use your data for targeted advertising. We do not build advertising profiles. We do not sell your data to data brokers or marketing companies.
๐ Your behavioral data is the most sensitive data we hold. Here is our explicit commitment about how it is handled.
"Sensitive behavioral data" includes your quiz responses, attachment style, behavioral dimension scores, behavioral signal events, coaching conversations, post-date reflections, and match insight cards.
What we do with it:
What we never do with it:
The behavioral patterns surfaced by HeartMap (e.g., "withdrawal tendency," "pursuit pattern") are analytical frameworks to support your self-understanding โ not clinical diagnoses. This data is not health information in the traditional medical sense, but we treat it with the same level of care as medical data.
We share your data only in limited circumstances:
We use the following third-party services to operate the platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Neon (PostgreSQL) | Database hosting | All user data (encrypted at rest) |
| Stripe | Payment processing | Email, payment details (card data held by Stripe, not us) |
| Postmark | Transactional email delivery | Email address, email content |
| Twilio | SMS notifications (if opted in) | Phone number, notification content |
| OpenAI (via Polsia proxy) | AI coaching responses | Conversation context (anonymized where possible) |
| Render | Application hosting | Application data (no persistent storage; compute only) |
All service providers are contractually required to protect your data and use it only to provide the specific service.
We may disclose your data if required by law, court order, or valid government request, or to protect the safety of users or the public.
If HeartMap is acquired, merged, or transfers its assets, your data may be transferred as part of that transaction. We will notify you and you will have the ability to delete your account before the transfer occurs.
We may share data in other ways with your explicit consent.
We retain your data as long as your account is active or as needed to provide the Service.
When you delete your account:
You can delete your account at any time from your account settings. You may also request deletion by emailing heartmap@polsia.app. We will confirm deletion within 30 days.
We use the following technologies to operate the Service:
We do not use third-party advertising cookies, tracking pixels, or behavioral advertising networks. We do not place cookies from social media platforms.
You can block cookies in your browser settings, but note that authentication cookies are required for the Service to function.
We take security seriously. Our practices include:
No security system is perfect. In the event of a data breach that affects your personal data, we will notify affected users by email within 72 hours of discovery, where required by applicable law.
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us at heartmap@polsia.app. We will respond within 30 days (45 days where permitted by law with notice).
Does HeartMap collect biometric data?
The Illinois Biometric Information Privacy Act (BIPA) protects "biometric identifiers" including retina/iris scans, fingerprints, voiceprints, scans of hand or face geometry, and "biometric information" derived from such identifiers.
HeartMap's attachment quiz and behavioral pattern analysis derive psychological/behavioral insights from questionnaire responses and messaging behavior. These do not constitute biometric identifiers under BIPA's statutory definitions (retina, fingerprint, voiceprint, face/hand geometry, etc.). We do not scan any physical biological characteristic.
However, if this classification changes โ for instance, if future features involve facial analysis, voice analysis, or any physical biometric โ we will:
Illinois residents acknowledge that BIPA provides a private right of action for violations, including statutory damages.
Questions? Contact: heartmap@polsia.app
Texas residents have the following rights under the TDPSA (effective July 1, 2024) and related Texas privacy laws:
Under the TDPSA, "sensitive data" includes psychological and mental health data. HeartMap's behavioral pattern data and attachment style information may qualify as sensitive personal data because it relates to psychological characteristics and tendencies.
By creating an account and completing the quiz, you provide explicit consent to our processing of this sensitive data for the purposes described in this policy. You may withdraw consent at any time by deleting your account or emailing us.
Texas law (Tex. Bus. & Com. Code ยง 503.001) governs biometric identifiers including retinal/iris scans, fingerprints, voiceprints, and hand/face geometry scans. As noted in Section 10, HeartMap does not currently collect biometric identifiers as defined under Texas law. If we do so in the future, we will provide notice and obtain consent before collection.
We conduct data protection assessments for processing activities involving sensitive personal data to evaluate and mitigate privacy risks.
Submit requests to: heartmap@polsia.app. We will respond within 45 days (extendable by 45 additional days with notice).
If we decline your request, you may appeal by emailing us with "TDPSA Appeal" in the subject line. If your appeal is denied, you may contact the Texas Attorney General.
โ ๏ธ Washington's My Health My Data Act provides strong protections for consumer health data. If you are a Washington resident, this section applies to you.
The WMHMDA defines "consumer health data" broadly to include data that identifies a consumer's past, present, or future physical or mental health status. This includes:
Consistent with the WMHMDA's consent requirements, by creating a HeartMap account, you provide separate, explicit consent to our collection and processing of behavioral health data (attachment patterns, behavioral signals, coaching conversations, and reflections) for the purpose of providing relationship coaching and matching features. This consent is recorded with a timestamp.
You may withdraw this consent at any time by deleting your account or by emailing heartmap@polsia.app. Withdrawal will prevent us from processing new behavioral health data but does not affect lawfulness of prior processing.
We do not geofence health facilities or use geofencing technology to collect health-related data from users near health care providers, pharmacies, mental health clinics, or similar facilities.
We do not sell, license, or trade consumer health data. We do not share consumer health data with data brokers.
Consumer health data is shared only with service providers necessary to operate the platform (see Section 5). These providers are contractually prohibited from using the data for any purpose beyond providing their specific service.
Email: heartmap@polsia.app with subject line "Washington Health Data Request." We will respond within 45 days.
HeartMap is not intended for users under 18 years of age. We do not knowingly collect personal data from children under 18. If we discover that a child under 18 has created an account, we will terminate the account and delete all associated data promptly.
If you believe a minor has provided us with personal data, contact us at heartmap@polsia.app.
We may update this Privacy Policy periodically. When we make material changes, we will update the "Last Updated" date and notify you by email at least 14 days before the changes take effect.
For changes to how we process sensitive or consumer health data, we will re-obtain your consent as required.
For privacy-related questions, requests, or complaints:
Include your state of residence in your message. We will respond within 30โ45 days.
ยฉ 2026 HeartMap. All rights reserved.