Privacy policy

What we hold

• Account-level data we can read: your email address, household name, member name, the type of each inventory item (e.g., "checking account at TD Bank"), the date you last updated each section, and aggregate flags such as whether you have a will.
• Sensitive fields we cannot read: account numbers, balances, access instructions, beneficiary names, phone numbers, document locations, funeral wishes, notes. These are encrypted in your browser using a key derived from your password and recovery code before they are sent to our servers. We hold ciphertext we cannot decrypt.
• Your password and recovery code: we never receive either of these in plaintext. If you lose both, the data cannot be recovered — by us, by you, or by anyone else.

What we do with it

• We use your email to send transactional messages (account confirmation, password reset, optional Life Update reminders) and, with your consent, occasional product updates.
• We do not sell your data. We do not share your data with advertising partners or data brokers.
• We use Supabase (Postgres + auth), Vercel (hosting), Stripe (payments), and Resend (email delivery) as data subprocessors. Each holds only what is operationally necessary for their role — none receives your encrypted vault contents.

Your rights

You can export, edit, or delete your account at any time. Account deletion erases the encrypted blobs we hold; because we never had the keys, there is nothing further to delete. Final policy will specify jurisdiction-specific rights (GDPR, CCPA, etc.) once counsel has reviewed.

Contact

Questions about this policy: info@amanavault.app.