Privacy Policy

Testamently (“we”, “our”, “us”) is a digital vault service that allows you to securely store sensitive information and deliver it to trusted people after death or prolonged inactivity. Our web application is available at testamently.com.

We collect the minimum data necessary to operate the service:

• Account data: email address, full name, and hashed password (managed by Supabase Auth).
• Vault data: your secrets are encrypted in your browser using AES-256-GCM before being sent to our servers. We never have access to the plaintext content of your secrets.
• Trustee data: names and email addresses of people you designate to receive your vault.
• Heartbeat data: timestamps of your last check-in and your configured inactivity window.
• Payment data: billing is handled entirely by Stripe. We store only your Stripe customer ID and current plan. We never see or store your card number.
• Usage data: basic logs for security and debugging (IP address, browser type, error traces). Retained for 30 days.

Testamently encrypts everything client-side. You choose a protection level for each secret:

• All secret content is encrypted client-side (in your browser) with AES-256-GCM before leaving your device. Only ciphertext and initialization vectors are stored in our database.
• Regular secrets are encrypted with your vault key, which we store wrapped so your trustees can inherit your secrets after the trigger.
• Premium secrets add PBKDF2 (600,000 iterations, SHA-256) key derivation from a password you set — the password is never sent to our servers.
• Gold secrets use Argon2id (64 MB memory, 3 iterations) — the strongest password-derived protection available.
• Zero-Knowledge secrets are encrypted only to your chosen trustees’ keys — not even Testamently can decrypt them.

• To provide the Testamently service — storing encrypted secrets, managing trustees, and delivering vault access after trigger.
• To send transactional emails: heartbeat reminders, trustee invitations, and trigger notifications.
• To process payments via Stripe.
• To comply with legal obligations.

We do not sell, rent, or share your data with third parties for marketing purposes.

We share data only with the sub-processors needed to run the service:

• Supabase — database and authentication (EU region available).
• Vercel — web hosting and serverless functions.
• Stripe — payment processing.
• Resend — transactional email delivery.
• Twilio — SMS notifications (if enabled on your plan).

We do not share your data with any other third parties.

When you assign a trustee to a secret, they receive access to that secret only after your configured trigger fires (inactivity timeout or approved death certificate). Trustees can only see secrets explicitly assigned to them. We facilitate delivery but do not initiate or override access ourselves.

• Your account and vault data are retained for as long as your account is active.
• If you delete your account, all personal data and encrypted secrets are permanently deleted within 30 days.
• Stripe retains billing records as required by financial regulations (typically 7 years).

You have the right to:

• Access — export all your data in JSON format from Settings → Export Data.
• Deletion — permanently delete your account and all data from Settings → Delete Account.
• Rectification — update your name and email in Settings.
• Portability — your exported JSON contains all vault metadata.
• Objection — contact us at privacy@testamently.com for any data processing concerns.

Because your secrets are encrypted in your browser and we do not hold the decryption keys, we cannot provide the plaintext content of your secrets — only the encrypted ciphertext.

We use only essential session cookies required for authentication. We do not use advertising or cross-site tracking cookies. For aggregate usage statistics we use Vercel Analytics, a privacy-friendly, cookieless tool that measures page views without storing cookies or tracking you across other sites.

We follow security best practices including encrypted data at rest (AES-256), TLS in transit, Row-Level Security on all database tables, and regular dependency updates. In the event of a breach affecting your personal data, we will notify you within 72 hours as required by GDPR.

Testamently is not directed at children under 16. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it immediately.

We may update this policy as the service evolves. Material changes will be communicated by email to your registered address at least 14 days before taking effect.

For any privacy questions or requests, contact us at privacy@testamently.com.