Privacy Policy
Your privacy is fundamental to everything we build at Inheritify.
Last Updated: December 2025
Overview
At Inheritify, privacy isn't just a policy - it's built into our architecture. Our zero-knowledge encryption means we cannot access your encrypted content. This Privacy Policy explains what information we do collect and how we use it.
1. Information We Cannot Access
Due to our zero-knowledge architecture, the following information is encrypted on your device and we cannot access it:
- Your vault contents (files, messages, credentials, documents)
- Your encryption keys
- The content of messages to recipients
- Any data you choose to encrypt
We store only encrypted blobs that are mathematically impossible for us to decrypt without your keys, which we never have access to.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address (for account access and notifications)
- Name (optional)
- Payment information (processed by Stripe, we don't store card numbers)
2.2 Recipient Information
You provide recipient contact information, including email addresses and optional phone numbers for your own reference. Email addresses are used for delivery notifications.
2.3 Usage Data
We collect operational data needed to run the Service, including:
- Last check-in timestamp (required for dead man's switch)
- Account activity records for vault, recipient, billing, export, and check-in actions
- Storage usage and file-size metadata for quota enforcement
- Request metadata processed for authentication, rate limiting, and security controls
2.4 Metadata
We collect metadata necessary for service operation, such as:
- Encrypted blob sizes (for storage calculations)
- Timestamps of vault modifications
- Check-in interval settings
- Recipient delivery preferences
Note: Metadata does not include the contents of your encrypted data.
3. How We Use Information
We use collected information to:
- Provide, maintain, and improve the Service
- Process transactions and send related information
- Send check-in reminders and verification requests
- Deliver encrypted content to designated recipients when triggered
- Respond to customer service requests
- Detect, prevent, and address technical issues and security threats
4. Information Sharing
We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:
4.1 Service Providers
We use third-party services for payment processing (Stripe), email delivery, and infrastructure hosting. These providers are bound by confidentiality agreements.
4.2 Legal Requirements
We may disclose information if required by law. However, due to our zero-knowledge architecture, we cannot provide the contents of your encrypted data even if legally compelled - we simply don't have access to it.
4.3 Business Transfers
If Inheritify is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is subject to a different Privacy Policy.
5. Data Retention
- Active accounts: Data is retained as long as your account is active
- Deleted accounts: App database records and associated encrypted file objects are deleted when account deletion is processed
- Service providers: Payment, authentication, email, and infrastructure providers may retain records according to their own legal and operational requirements
- Exports: You can export encrypted account data from your dashboard while your account remains active
6. Data Security
We implement robust security measures including:
- AES-256 encryption for all stored data
- TLS 1.3 for all data in transit
- Client-side encryption for vault contents
- Authenticated access controls for account data
- Multi-factor authentication options
7. Your Rights
You have the right to:
- Access: Request a copy of your personal information
- Correction: Update or correct your account information
- Deletion: Request deletion of your account and data
- Export: Export your encrypted data at any time
- Opt-out: Opt out of marketing communications
To exercise these rights, contact us at privacy@inheritify.com.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where applicable.
9. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect information from children under 18.
10. Cookies and Tracking
We use minimal cookies necessary for:
- Authentication and session management
- Security (CSRF protection)
We do not use third-party tracking cookies or advertising networks.
11. California Privacy Rights (CCPA)
California residents have additional rights including:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt out of the sale of personal information (we do not sell data)
- Right to non-discrimination for exercising privacy rights
12. European Privacy Rights (GDPR)
European residents have additional rights including:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Continued use after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy, please contact us:
Email: privacy@inheritify.com
Data Protection Officer: dpo@inheritify.com