EternalSelf

Your voice, your legacy. Forever.

Privacy Policy

Effective Date: July 26, 2025
Last Updated: July 26, 2025

Introduction

EternalSelf ("we," "our," or "us") operates a digital legacy platform that allows you to create, store, and deliver encrypted messages to your loved ones. This Privacy Policy explains how we collect, use, protect, and handle your personal information in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Our Commitment: Your privacy and the security of your legacy content are our highest priorities. We use military-grade encryption and industry-standard security measures to protect your data.

Information We Collect

Personal Information You Provide

  • Account Information: Name, email address, password (encrypted)
  • Profile Data: Optional profile information you choose to share
  • Recipients: Names, email addresses, and relationships of people you designate
  • Legacy Content: Letters, messages, and documents you create (encrypted client-side)
  • Security Information: Security questions and encrypted passphrases for recipients

Information Automatically Collected

  • Technical Data: IP address, browser type, device information
  • Usage Data: How you interact with our platform (pages visited, features used)
  • Security Logs: Authentication attempts and security-related events
  • Performance Data: Application performance and error information

Sensitive Data Categories (GDPR Article 9)

We may process special categories of personal data including:

  • Health Information: If included in your legacy messages
  • Family/Relationship Data: Information about your relationships with recipients
  • Personal Beliefs: If shared in your legacy content

How We Use Your Information

Primary Purposes

  1. Service Delivery: Providing our digital legacy platform services
  2. Content Security: Implementing end-to-end encryption for your data
  3. Account Management: Managing your account and authentication
  4. Legacy Delivery: Delivering your messages to recipients when triggered
  5. Platform Security: Protecting against fraud, abuse, and security threats
  6. Service Improvement: Enhancing platform features and user experience

Legal Basis for Processing (GDPR Article 6)

  • Consent: For processing your legacy content and delivering to recipients
  • Contract Performance: For providing our platform services
  • Legitimate Interest: For security monitoring and platform improvement
  • Legal Obligation: For compliance with applicable laws

Data Encryption and Security

How We Protect Your Privacy:

  • Your legacy content is encrypted using military-grade AES-256 encryption
  • We implement end-to-end encryption for sensitive communications
  • All data transmissions are secured with TLS 1.3 or higher
  • Your content is encrypted both in transit and at rest
  • Access to your content is strictly controlled and monitored

Technical Security Measures:

  • Multi-factor authentication available for enhanced account security
  • Regular security audits and penetration testing
  • Secure data centers with 24/7 monitoring
  • Automatic backup systems with encrypted storage
  • Strict access controls with minimal necessary access

Data Sharing and Recipients

We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

Limited Data Sharing

We may share your information only in these specific circumstances:

Service Providers: Trusted third parties who help us operate our platform (hosting, email delivery, security monitoring) under strict confidentiality agreements.

Legal Requirements: When required by law, court order, or to protect our legal rights and the safety of our users.

Business Transfer: In the event of a merger, acquisition, or sale of assets (your data rights remain protected).

Recipient Delivery: Your designated recipients receive only the specific content you assign to them, delivered through our secure portal.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you. Use the "Download My Data" feature in your account settings.

Right to Rectification (Article 16)

You can update or correct your personal information through your account settings.

Right to Erasure (Article 17)

You can request deletion of your account and associated data using the "Delete Account" feature. Note: This permanently destroys your legacy content.

Right to Data Portability (Article 20)

You can download your data in a structured, machine-readable format.

Right to Restrict Processing (Article 18)

You can request that we limit how we process your data in certain circumstances.

Right to Object (Article 21)

You can object to processing based on legitimate interests.

Rights Related to Automated Decision Making (Article 22)

We do not use automated decision-making that significantly affects you.

Data Retention

Account Data

  • During Regular Use: Your data is retained while you continue to access and use the platform
  • After Legacy Activation: When your configured inactivity period triggers legacy delivery (meaning you have stopped accessing your account for the specified time), your content is delivered to recipients and account data is retained for legal compliance (7 years)
  • Account Deletion: You may delete your account at any time while you still have access, which permanently removes all data

Legacy Content

  • Encrypted Messages: Retained indefinitely to fulfill our service promise
  • Delivery Records: Maintained for audit purposes (7 years)
  • Recipient Access Logs: Retained for security purposes (2 years)

Technical Data

  • Security Logs: 2 years
  • Performance Data: 1 year
  • Backup Data: Automatically deleted according to backup retention schedules

International Data Transfers

If you are located outside the country where our servers are hosted, your information may be transferred internationally. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Additional safeguards as required by law

Cookies and Tracking

Essential Cookies

We use cookies necessary for platform functionality:

  • Authentication: Keeping you logged in securely
  • Security: Preventing CSRF attacks and maintaining session security
  • Preferences: Remembering your platform settings

Analytics (Optional)

With your consent, we may use privacy-focused analytics to improve our platform.

Cookie Management: You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

Security Measures

Technical Safeguards

  • End-to-end encryption for sensitive content
  • Transport Layer Security (TLS 1.3+) for all data in transit
  • AES-256 encryption at rest for database storage
  • Regular security audits and penetration testing
  • Strict access controls and authentication requirements
  • Secure backup systems with encrypted redundancy
  • Intrusion detection and prevention systems

Organizational Measures

  • Privacy by design principles in all development
  • Incident response procedures for potential breaches
  • Data minimization practices
  • Regular security reviews and updates

Data Breach Notification

In the unlikely event of a data breach:

  • We will notify relevant supervisory authorities within 72 hours
  • Affected users will be notified without undue delay if the breach poses high risk
  • We will provide clear information about the breach and our response actions

Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

Changes to This Policy

We may update this Privacy Policy periodically. We will:

  • Notify you of material changes via email or platform notice
  • Provide the effective date of changes
  • Maintain previous versions for your reference
  • Request new consent for significant changes that affect your rights

Contact Information

Data Protection Officer

For privacy-related questions or to exercise your rights:

Email: privacy@eternalself.com
Response Time: Within 30 days as required by GDPR

Supervisory Authority

If you have concerns about our data handling practices, you can contact your local data protection authority.

Your Consent

By using EternalSelf, you consent to:

  • The collection and processing of your personal information as described
  • Secure encryption of your legacy content
  • Delivery of your messages to designated recipients
  • International data transfers with appropriate safeguards
  • Our year-to-year delivery guarantee for scheduled content

You can withdraw your consent at any time by deleting your account, though this will prevent us from fulfilling our service commitments.

Our Service Promise

Year-to-Year Delivery Guarantee: We provide a rolling annual guarantee for content delivery. Content scheduled within the current year is guaranteed for delivery, and for multi-year scheduling, we commit to each year as it arrives, ensuring transparency about long-term service sustainability.

Emotional Focus: We specialize in preserving emotional assets - the stories, advice, love letters, and personal messages that truly matter to families.

Important: Please store your login credentials securely. While we maintain robust security measures and backup systems, safeguarding your account access ensures you can continue to manage your legacy content.