Privacy Policy

Last updated: March 17, 2026

1. Overview

EverAfter Vault ("we", "our", "the app") is a secure digital legacy vault that helps you store sensitive information and release it to trusted contacts under conditions you define. Your privacy is fundamental to our product.

2. Data We Collect

We collect and process the following data:

Account information: Name and email address (via Apple Sign-In or email registration)
Vault content: Passwords, secure notes, financial information, personal messages, final wishes, and documents you choose to store. This content is encrypted on your device before being synced.
Trusted contacts: Names, email addresses, phone numbers, and relationship details of people you designate as recipients.
Release policy settings: Your configured check-in intervals, grace periods, and release preferences.
Alive check records: Timestamps and methods of your check-in confirmations.
Device information: Push notification tokens for sending check-in reminders.
Biometric data: Face ID is processed entirely on your device by iOS. We never receive, store, or transmit biometric data.

3. How We Use Your Data

To provide the core vault storage and release functionality
To send alive check reminders via push notifications
To send invitation and release notification emails to your trusted contacts
To verify your identity through biometric authentication (processed on-device only)
To maintain audit logs of security-relevant actions

4. Encryption & Security

Your vault content is encrypted on your device using AES-256-GCM before being synced to our servers. We use a hybrid encryption model:

User Vault Key (UVK): Stored in your device's iOS Keychain. Only your device can decrypt your vault for viewing.
Release Encryption Key (REK): A separate key used to encrypt data for the release process. This key is sealed on the server and can only be unsealed when release conditions are met.

We cannot read your vault content under normal operation. Vault data is only decrypted server-side during a verified release event.

5. Third-Party Services

We use the following third-party services to operate the app:

Supabase (backend infrastructure): Stores encrypted vault data, user accounts, and manages authentication. Supabase processes data in accordance with their privacy policy.
Resend (email delivery): Sends invitation emails to trusted contacts and release notification emails. Resend receives only email addresses and message content necessary for delivery.
Expo (push notifications): Delivers push notifications for alive check reminders. Expo receives push notification tokens.
Apple (Sign-In with Apple): Handles authentication. Apple's privacy policy governs their processing of your sign-in data.

We do not sell, rent, or trade your personal data to any third party. We do not use your data for advertising or tracking purposes.

6. Data Storage & Retention

Your vault data is stored locally on your device (primary) and as encrypted backups on Supabase servers.
We retain your data for as long as your account is active.
When you delete your account, all vault items, contacts, release policies, and associated data are permanently deleted from both local storage and our servers.
Released items that have already been accessed by recipients cannot be recalled after account deletion.

7. Your Rights

You have the right to:

Access all data stored in your vault at any time
Export your vault data as an encrypted backup
Delete your account and all associated data permanently
Modify your trusted contacts and release settings at any time
Pause alive checks during travel or hospitalization

8. Children's Privacy

EverAfter Vault is not intended for use by children under the age of 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or via email. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, contact us at: support@everaftervault.com