Privacy Policy

1. Information We Collect

Information You Provide

• Account Information: Name, email address, and password
• Messages: Your written legacy messages (stored with encryption)
• Recipients: Names and email addresses of your designated recipients
• Payment Information: Processed securely via Stripe; we never see or store your credit card details

Information Collected Automatically

• Check-in Activity: To determine if you are active
• Technical Data: Browser/device type and IP address (for security and troubleshooting)
• Usage Data: Which features you use, to help us improve the app

Information We Do NOT Collect

• Location data (unless you explicitly enable it for passive monitoring on mobile)
• Biometric data (fingerprints are processed locally on your device only)
• Third-party social media data

2. How We Use Your Information

Service Delivery

• Monitor your activity and deliver messages to your recipients when triggered
• Send you check-in reminders and notifications
• Process your subscription payments

Communications

• Send important service announcements
• Respond to your support requests
• Notify you about subscription status

Recipients: Recipient data is used strictly for message delivery and will never be used for marketing purposes.

We Will NEVER

• Sell your personal information to anyone
• Share your messages with third parties
• Use your data for advertising purposes

3. Security and Encryption

Zero-Knowledge Philosophy

• Messages are encrypted at rest
• Our staff cannot read the content of your messages
• Only you and your designated recipients will see your messages

Transit Security

• All data is sent via HTTPS/TLS encryption
• Encryption of sensitive data at rest
• Regular security audits
• Limited employee access to data

Your Role in Security

• Use a strong, unique password
• Enable biometric lock on mobile devices
• Keep your account credentials private
• Sign out when using shared devices

4. Data Retention and Deletion

Why We Keep Data After You Leave: To allow you to reactivate your account, comply with legal obligations, and resolve disputes.

Requesting Immediate Deletion: You may request immediate deletion of all data at any time. Contact us at akaidencomms@gmail.com. Once deleted, messages cannot be recovered. Note that some data may be retained as required by law.

5. Third-Party Services

We use trusted third-party services to operate:

Supabase: Database & authentication

Resend: Email delivery

Stripe: Payment processing

Google Play: App distribution & payments (Android)

Apple App Store: App distribution & payments (iOS)

These services have their own privacy policies. We only share the minimum information necessary for them to provide their services.

Third-Party Disclaimer: We are not responsible for the privacy practices, data handling, or actions of any third-party services. Any claims or disputes regarding third-party services should be directed to those services.

6. Your Rights (Singapore PDPA & GDPR)

Under the Singapore Personal Data Protection Act (PDPA) and international laws like GDPR, you have the right to:

• Access & Correct: View or update your personal data
• Withdraw Consent: Stop us from processing your data (this will deactivate the service)
• Erasure: Request that we "forget" your data entirely
• Data Portability: Request a copy of your data in a machine-readable format

How to Exercise Your Rights: Email us at akaidencomms@gmail.com with your request. We will respond within 30 days.

Additional Rights for EU/UK Users: If you are in the European Union or United Kingdom, you have additional rights under GDPR, including the right to lodge a complaint with a supervisory authority.

7. Children's Privacy

We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will promptly delete it.

If you are under 18, we recommend parental guidance. Parents can contact us to manage their child's account.

8. Cookies and Tracking

What We Use

• Essential cookies for authentication (keeping you logged in)
• Basic analytics to understand how our service is used

What We Don't Use

• Advertising cookies
• Cross-site tracking

Your Choices: You can disable cookies in your browser settings. Note that this may affect service functionality.

9. International Data Transfers

Our servers are located in the United States. If you are accessing our service from another country, your data will be transferred to and processed in the United States.

We ensure appropriate safeguards are in place for any international data transfers, and our partners provide comparable levels of data protection.

10. Data Breach Notification

In the unlikely event of a data breach that poses a risk to you, we will notify you and the relevant authorities (e.g., PDPC Singapore) within the timeframes required by law (typically 72 hours).

11. Changes to This Policy

We may update this policy from time to time. When we make significant changes:

• We will notify you by email
• We will post the updated policy on our website and app
• We will update the "Last Updated" date

Continued use of our service after changes means you accept the updated policy.

12. Contact Our Data Protection Officer

For any privacy requests or questions, please contact our designated Data Protection Officer (DPO):

13. Summary

In Plain Language:

• We collect only what we need to provide our service
• Your messages are encrypted and private (zero-knowledge)
• We never sell your data or share it for advertising
• You can request your data or ask us to delete it
• We use trusted third parties for email, payments, and storage
• Your data is processed in the United States with appropriate safeguards
• We will notify you promptly if there is ever a data breach