Skip to content
HeresNext

Privacy Policy

Effective from the date first published on heresnext.com. Last updated: 2026-05-16.

HeresNext ("HeresNext," "we," "our," or "us") is an Internet service operated from Massachusetts, USA. Formation of HeresNext LLC as a Massachusetts limited liability company is pending. Upon formation, HeresNext LLC will be substituted as the entity responsible under this Privacy Policy and will assume all rights and obligations described in it. We will notify users by email when this transition takes effect. We operate the website at heresnext.com and the related web application (together, the "Service").

This Privacy Policy explains what information we collect, how we use and share it, how long we keep it, and the rights you have over it. It applies to the Service and any communications we send you in connection with it.

If you do not agree with this Policy, please do not use the Service.

1. Summary

In plain language:

  • We collect the information you give us to run an account (your email, a password hash, the purchases you choose to track, and any receipt photos you upload).
  • We use that information to operate the Service, send you the reminders you sign up for, and respond to support requests.
  • We do not sell your personal information. We do not share it with advertisers or data brokers.
  • Analytics on the marketing site are cookieless and do not collect personally identifiable information.
  • You can export your data as a CSV at any time and delete your account whenever you want.

The rest of this document is the binding version.

2. Information we collect

We collect the following categories of information:

2.1 Information you provide directly

  • Account information. When you create an account: your email address, a password (stored as a one-way hash; we never see your plain-text password), and any optional profile information you choose to add (display name, time zone, notification preferences).
  • Purchase data. Information about purchases you choose to track in the Service: retailer, product, purchase date, price, warranty terms, receipt photo (optional), and any notes you attach.
  • Card data. The credit cards you tell us you own, by issuer and product name (for example, "Chase Sapphire Reserve"). We use this to match credit-card extended warranty benefits to your purchases. We never collect or store credit card numbers, expiration dates, CVV codes, or any other payment-card data. Card numbers used to pay for paid tiers are handled exclusively by our payments processor (see § 4).
  • Communications. Messages you send us through the contact form or by email.
  • Survey responses. If you choose to answer any optional survey we run (for example, pricing surveys), those responses.

2.2 Information collected automatically

  • Service-usage data. Pages you load in the Service, features you use, and errors you encounter. We use this to operate the Service and to fix bugs.
  • Device and browser data. Your browser type and version, operating system, screen size, and language preference. Used for compatibility and security purposes.
  • IP address. Logged at request time for security, abuse prevention, and rate limiting. We do not use IP addresses for marketing.

2.3 Information from third parties

We do not buy or otherwise acquire information about you from third parties for marketing purposes. The only third-party data we receive is from our payments processor (transaction status, payment method type) and our email-delivery vendor (bounce / delivery status), each of which we use only to operate the Service.

3. How we use your information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Send the reminders you sign up for, including warranty-expiration and return-window notifications.
  • Respond to your support inquiries.
  • Send service-related communications (security alerts, billing confirmations, changes to this Policy or the Terms of Service).
  • Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service.
  • Comply with legal obligations and enforce our agreements.
  • Conduct internal research to improve the Service.

We do not use your information for behavioral advertising, profiling for marketing purposes, or sale to third parties.

4. How we share your information

We share your information only in the limited circumstances below.

4.1 Service providers

We use a small set of vendors to operate the Service. Each is bound by contract to process your information only as needed to provide their service to us, and to keep it confidential. All of our vendors store user data in the United States.

We share information with vendors in the following categories:

  • Cloud database and storage provider. Hosts the managed database and encrypted file storage that runs the Service.
  • Transactional email provider. Delivers account-related and reminder emails.
  • Analytics provider. Operates our cookieless analytics on the marketing site. This provider does not collect personally identifiable information.
  • Bot-protection provider. Verifies that form submissions are submitted by a human and not by automated software. This provider receives only the information needed to make that determination.
  • Hosting and content-delivery provider. Serves the website and the application to your browser. This provider receives standard server-log data such as IP address, request path, and timestamp; it does not access your account data.
  • Payments processor (applicable once paid tiers are available). Processes payments for Pro Monthly, Pro Annual, and Founder's Lifetime subscriptions. The payments processor receives your name, email address, and payment-card information directly. HeresNext does not see your payment-card details.

A current list of the specific vendors in each category is available on request to Loading.... We update this list when we change vendors.

4.2 Legal compliance

We may disclose information when we believe in good faith that disclosure is required to (a) comply with a subpoena, court order, or other legal process; (b) enforce our Terms of Service; (c) protect the rights, property, or safety of HeresNext, our users, or the public; or (d) detect, prevent, or address fraud, security, or technical issues.

Where legally permitted, we will give the affected user reasonable notice before disclosing, unless doing so would put a person at risk or compromise an ongoing investigation.

4.3 Business transfers

If we enter into a merger, acquisition, reorganization, sale of assets, or bankruptcy proceeding, your information may be transferred to the successor entity. Any successor will be bound by this Privacy Policy or a successor policy with materially equivalent terms. We will notify you by email or by a prominent notice on the Service before any such transfer becomes effective.

4.4 With your consent

We may share information for any other purpose disclosed to you and with your consent.

4.5 No sale of personal information

We do not sell your personal information. We do not share it with advertising networks or data brokers.

5. Cookies and similar technologies

The HeresNext website uses a small number of cookies and local-storage values to keep the site working correctly. We do not use advertising cookies. Analytics are cookieless.

For details, see our Cookie Policy.

6. How long we keep your information

  • Active accounts. While your account is active, we keep your information for as long as needed to provide the Service.
  • Deleted accounts. When you request account deletion, we enter a 30-day grace period during which you can cancel the request. After the grace period, we permanently delete your information from our active systems and from all backups within 90 days of the grace-period end. Aggregated, anonymized data that cannot reasonably be re-associated with you may be retained.
  • Legal holds. We may retain limited records longer than the above when required by law, when needed to enforce our agreements, or when needed to resolve disputes.

You can export all of your data as a CSV file at any time before deletion. See § 7.

7. Your privacy rights

Regardless of where you live, you have the following rights with respect to your HeresNext account:

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Ask us to correct inaccurate information.
  • Deletion. Delete your account and have your personal information permanently deleted on the schedule in § 6.
  • Portability. Export your data in a structured, machine-readable format (CSV).
  • Object or restrict. Object to or restrict certain uses of your information.
  • Withdraw consent. Where we rely on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Most of these you can do directly from the in-app settings (export, delete) or by emailing Loading.... We respond to verifiable requests within 30 days, or 45 days in unusual circumstances with notice to you.

7.1 California residents (CCPA / CPRA)

If you are a California resident, you have the additional rights:

  • Right to know what categories of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it. The categories are listed in § 2 of this Policy; the business purposes are in § 3; the third parties are in § 4.
  • Right to delete personal information, subject to the exceptions in the CCPA.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing. We do not sell or share personal information for cross-context behavioral advertising; this right is not implicated.
  • Right to limit use of sensitive personal information. We do not use sensitive personal information for purposes that would require this right.
  • Right to non-discrimination for exercising any of these rights.

To exercise any of these rights, email Loading.... You may also designate an authorized agent.

7.2 European Economic Area, United Kingdom, and Switzerland

We do not actively target the EEA, UK, or Switzerland and the Service is US-focused. If you nevertheless choose to use the Service from one of those jurisdictions, you have the following rights under applicable law: access, rectification, erasure, restriction of processing, data portability, objection to processing, and (where processing is based on consent) withdrawal of consent.

You have the right to lodge a complaint with your local supervisory authority. Our lawful bases for processing are: (a) performance of a contract (the Terms of Service) for account-related processing; (b) legitimate interests for security, fraud prevention, and Service improvement; and (c) legal obligation for tax and regulatory record-keeping.

We do not currently have an EU representative because we do not actively target the EEA. If that changes, we will appoint one and update this Policy.

8. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with information, please contact Loading....

If you are between 13 and 18, you may use the Service only with the consent of a parent or guardian, and only to the extent permitted by applicable law.

9. International users

The Service is hosted in the United States and your information will be stored and processed in the United States. If you access the Service from outside the United States, you understand and consent to the transfer of your information to the United States. Data-protection laws in the United States may differ from those of your home country.

10. Security

We use technical and organizational measures appropriate to the sensitivity of the information we hold. These include encryption in transit (TLS 1.3) and at rest (AES-256), strict access controls, secure software-development practices, and regular review of our service providers.

No system is perfectly secure. We cannot guarantee absolute security, but we work to minimize risk and to respond promptly to any incident. In the event of a security incident that affects your personal information, we will notify you as required by applicable law.

11. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. For material changes, we will provide additional notice (for example, a banner on the Service or an email to the address on file) at least 30 days before the change takes effect, unless a shorter period is required by law.

Your continued use of the Service after a change becomes effective constitutes acceptance of the updated Policy.

12. Contact us

For privacy questions or to exercise any of the rights described above:

HeresNext (LLC formation pending) Attn: Privacy Massachusetts, USA Email: Loading...

For general support questions, use the contact form or write to Loading....