Privacy

Privacy Policy

Digital Legacy Vault is a product operated by TheDevLab ("we," "us," or "our"). This policy explains how we handle information in accordance with global standards, including the POPI Act (South Africa), GDPR (EU), and other applicable privacy frameworks.

Effective date: April 14, 2026Last Updated: June 14, 2026Product privacy overviewOperated by TheDevLab

1. Our Commitment to Zero-Knowledge

The core of Digital Legacy Vault is privacy-by-design.

  • No Access: We do not hold the keys to your encrypted data. We cannot read, share, or recover your vault content if you lose your primary access keys.
  • End-to-End Encryption: We use Zero-Knowledge architecture for your vault content. This means your sensitive records and documents are encrypted on your device before they are sent to our servers.

2. Information We Collect

To operate the service, we collect:

  • Account Data: Name, email address, and authentication identifiers (linked to your account).
  • Operational Metadata: Trusted contact names/emails, access-request triggers, timestamps, and billing status.
  • Diagnostic Data: Anonymous crash reports and performance logs to keep the app secure and functional.

3. Legal Basis for Processing (POPIA & GDPR)

We process your information based on:

  • Contractual Necessity: To provide the vault services you signed up for.
  • Consent: For optional support chat, marketing updates, or specific sharing triggers you enable.
  • Legitimate Interest: To maintain security and prevent fraud on the platform.

4. How We Use & Share Information

We use your data strictly to:

  • Facilitate the transfer of assets to your Trusted Contacts upon your specified triggers.
  • Send security alerts and system notifications.
  • We do not sell your data. We only share information with service providers needed to operate the service or optional features you enable (e.g., Supabase for storage, Paddle for billing, or Tawk.to for public-site support chat) who are contractually bound to protect your privacy.

5. International Data Transfers

As a global service, your data may be stored or processed in various regions. We ensure that all cross-border transfers comply with POPIA and GDPR standards using Standard Contractual Clauses and ensuring our providers (like Supabase/AWS) maintain high-level security certifications.

6. Your Rights & Choices

Depending on your region, you have the right to:

  • Access & Portability: Request a copy of your operational data.
  • Correction & Deletion: Update your details or request account deletion at any time.
  • Objection: Withdraw consent for marketing emails.
  • Inquiries (South Africa): You may contact the South African Information Regulator if you feel your rights under POPIA are not being met.

7. Retention & Security

We retain your data only as long as your account is active or as required by law. We employ industry-standard technical and organizational measures (Encryption at rest, TLS in transit, and multi-factor authentication) to protect your account.

8. Contact Us

For any privacy inquiries or to exercise your data rights, please contact our Information Officer at: Email: privacy@digitallegacyvault.app, Company: TheDevLab (South Africa)