Privacy Policy

What we collect

From you, the account holder: your name, date of birth, email address, and phone number. The documents you upload, and any titles or notes you attach to them. The names and contact details of the heirs and verifiers you designate. The configuration of your verification process and hold period.

Automatically, when you use the service: IP address, browser and device user-agent, and timestamps of meaningful actions. These are recorded in an append-only audit log so that you, and only you, can review the history of your account at any time.

What we do with it

We use this data to operate the vault: to authenticate you, to store and retrieve your encrypted documents, to send the transactional emails the service depends on (welcome and email confirmation, heir and verifier invitations, scheduled check-ins, claim filings, verifier vote requests, hold-period notices, and release notifications), to verify claims when they are filed, and to release documents to the people you designated when a verified event occurs. We do not sell your data. We do not use it for advertising.

Who helps us

A small number of established providers operate parts of the infrastructure on our behalf, bound by data processing agreements appropriate for personal and sensitive data:

Supabase hosts our database and encrypted document storage. Vercel hosts the application that you use in your browser. Resend delivers our transactional email. Twilio delivers any SMS notifications you opt into.

Where your data lives

Our primary database and storage regions are configured at deploy time; at present, vault data is held in US East. We will update this page if that changes, and we will notify account holders of any material change in residency.

How long we keep it

We retain your vault and the audit log of your account until you delete the account yourself, or for seven years after a documented release event, whichever is later. Retention figures are placeholder and will be finalized following counsel review; in any case, we intend to keep release records long enough to answer questions from your heirs and your executor.

Your rights

You may access the personal data we hold about you, export your documents and audit history, and delete your account at any time. If a claim is active against your account, deletion is paused for the duration of the verification process — this is a legal-hold measure to protect your heirs and to preserve the integrity of the audit trail. Once the claim is resolved, your deletion request resumes.

Security

The technical details — encryption, access boundaries, audit, and our roadmap — live on our security page. We describe the boundary of our protection in plain English there, including the honest limits of server-side encryption.

Children

Legatus Vault is intended for adults. The service is not directed to children, and you must be at least 18 years old to create an account. If we learn that we have inadvertently collected data from a minor, we will delete it.

Changes to this policy

We may update this policy as the service evolves. We will email account holders before any material change takes effect, and the effective date below will always reflect the most recent revision.