Privacy policy

How We Care for Your Information

Welcome, Dear Heart. This Privacy Policy explains how Heart to Hands Movement, LLC ("we," "us," "our") collects, uses, and protects your information when you visit our websites, buy our products, or use our services. We've kept it as plain as we can.

Who We Are

Heart to Hands Movement, LLC is an Illinois limited liability company. You can reach us anytime at connect@hearttohandsmovement.com.

What We Collect

When you interact with us, we may collect:

  • Things you give us directly: name, email address, phone number, billing/shipping address, payment information (processed by Shopify and Stripe — we don't see or store your full card number), voice recordings (only if you use the recording flow), photos and videos (only if you submit them), and any messages you send us.
  • Things we collect automatically: your IP address, browser type, device information, pages you visit on our sites, how long you spend on each page, and similar usage data through cookies and analytics.
  • Things others give us: if you reach us through a partner, social platform, or affiliate, we may receive basic information from that source (typically your name and email).

Why We Collect It

We use your information for these reasons — and only these reasons:

  1. To deliver what you bought. Send you the audio file, ship the physical product, process your recording, fulfill the gift, etc.
  2. To support you. Answer your emails, help with technical issues, replace broken downloads.
  3. To stay in touch (with your permission). Send you the Whispers Sunday email, new-product launches, and occasional notes. You can unsubscribe anytime with one click.
  4. To improve. Understand which products resonate, fix what's not working, build the things you actually want.
  5. To protect the movement. Detect fraud, abuse, and platform misuse — keeping the community safe.
  6. To meet legal obligations. Tax records, anti-fraud, copyright protection, court orders.

We do not:

  • Sell your information to anyone, ever
  • Share it with advertisers or data brokers
  • Use your voice recordings or submitted content to train AI models (ours or anyone else's)
  • Share it with third parties beyond what's needed to run our business (see "Who We Share With" below)

Who We Share With

We share information only with the partners we need to deliver our services. Each of these has signed agreements committing them to protect your data:

  • Shopify — for processing orders, hosting the store, delivering digital downloads
  • Stripe / Shop Pay — for payment processing
  • Klaviyo — for email list management and marketing emails (with your consent)
  • Cloudflare R2 — for secure storage of voice recordings (auto-deleted after 90 days)
  • Google Analytics — for understanding site usage (anonymized, not tied to your identity)

If we ever change service providers, this policy is updated and you'll be notified for material changes.

Voice Recordings — Special Protection

Voice recordings made through our recording flow have additional privacy protections beyond what's described here. See our separate Recording Flow Consent for the full details: what we do with recordings, how long we keep them (90 days, then auto-delete), how to request earlier deletion, and your rights regarding your voice. Your voice is yours. Always.

Cookies and Tracking

We use cookies for three things only:

  1. Essential cookies — to remember your shopping cart and login (required for the site to work)
  2. Analytics cookies — to understand how the site is used (anonymized, opt-out available)
  3. Marketing cookies — only with your consent — for email tracking and remarketing

Your Rights, Plain and Simple

Wherever you live, you have these rights regarding your information:

  • Access — ask us what we have about you, and we'll send you a copy
  • Correct — fix anything that's wrong
  • Delete — ask us to delete your information (we'll honor it within 30 days, except for things we're legally required to keep, like tax records)
  • Object — tell us to stop using your information for a specific purpose (like marketing emails)
  • Portability — get your information in a format you can take elsewhere
  • Withdraw consent — for anything you previously consented to

To exercise any of these rights, email connect@hearttohandsmovement.com with the word "Privacy" in the subject line. We respond within 7 days and complete the request within 30.

For EU/UK customers: these rights are guaranteed under GDPR/UK Data Protection Act. We honor them globally — you don't have to be in the EU to use them.

For California customers: you have additional rights under CCPA/CPRA, including the right to know what we sell (we don't sell anything) and to opt out of sale (no opt-out needed because we don't sell).

Children's Privacy

Our services are not directed at children under 13. We do not knowingly collect information from children under 13 without verifiable parental consent. If a parent records their child reading the prayer, parental consent is required in advance.

If we learn we've collected a child's information without parental consent, we'll delete it promptly.

How Long We Keep Your Information

  • Email and account information: as long as you're an active customer + 7 years for tax/legal records
  • Order history: 7 years for tax records
  • Voice recordings: 90 days unless you opt to keep longer
  • Marketing-only contacts: until you unsubscribe + 1 year, then deleted
  • Analytics data: anonymized after 14 months

How We Protect Your Information

  • All data is encrypted in transit (HTTPS everywhere)
  • Stored data is encrypted at rest (Shopify, Cloudflare, Klaviyo, Stripe all do this by default)
  • We use strong, unique passwords and two-factor authentication on all admin accounts
  • We limit access to your information to people who need it
  • If we ever have a data breach, we will notify affected customers within 72 hours, as required by GDPR and Illinois law.

International Transfers

Heart to Hands Movement is based in Illinois, USA. If you visit us from outside the US, your information may be transferred to and processed in the US. We use Standard Contractual Clauses (SCCs) and other appropriate safeguards for EU-to-US transfers as required by GDPR.

Changes to This Policy

When we update this policy, the "Last revised" date changes. For material changes, we'll email subscribers and post a notice on the site. Continued use after changes means you accept the new policy.

Contact Us

Email: connect@hearttohandsmovement.com (subject line "Privacy")
Response time: within 7 days for acknowledgment; 30 days for full resolution

© 2026 Heart to Hands Movement, LLC. All rights reserved. This policy is provided for transparency. Not legal advice. Last revised: May 27, 2026.

x