Privacy Policy

Last updated: August 21, 2025

Data Controller: AfterlifeWill.com | Based in Czech Republic

1. Introduction

AfterlifeWill.com ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our digital will service.

This policy complies with the General Data Protection Regulation (GDPR) and Czech data protection laws. We operate on a zero-knowledge encryption principle, meaning we cannot access the content of your encrypted wills.

2. Data Controller Information

Company: AfterlifeWill.com
Location: Czech Republic
Contact: privacy@afterlifewill.com
Data Protection Contact: dpo@afterlifewill.com

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address, name, password (hashed)
  • Will Information: Encrypted will content, emergency contact email, activity check interval
  • Communication Data: Messages you send through our contact form
  • Payment Information: If applicable, processed securely through third-party providers

3.2 Information Automatically Collected

  • Technical Data: IP address (anonymized), browser type, device information, operating system
  • Usage Data: Login times, activity verification timestamps, page views, session duration
  • Cookies: Session cookies for authentication, analytics cookies (with consent)
  • Analytics Data: Website traffic patterns, user interactions, referral sources (with consent)
  • Log Data: Server logs for security and troubleshooting

3.3 What We DON'T Access

Due to our zero-knowledge encryption:

  • We CANNOT read your will content
  • We CANNOT decrypt your messages
  • We CANNOT access your files or attachments
  • We CANNOT recover your access password

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract Performance: To provide our digital will service (Article 6(1)(b) GDPR)
  • Legal Obligations: To comply with applicable laws (Article 6(1)(c) GDPR)
  • Legitimate Interests: For security, fraud prevention, and service improvement (Article 6(1)(f) GDPR)
  • Consent: For marketing communications, where applicable (Article 6(1)(a) GDPR)

5. How We Use Your Information

5.1 Primary Purposes

  • Create and manage your account
  • Store your encrypted will securely
  • Send activity verification emails
  • Deliver your will to emergency contacts when triggered
  • Provide customer support
  • Ensure service security and prevent fraud

5.2 Secondary Purposes

  • Improve our service and user experience
  • Send service-related communications
  • Comply with legal obligations
  • Analyze usage patterns (anonymized)

6. Data Sharing and Disclosure

6.1 We DO NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties.

6.2 Limited Sharing Scenarios

We may share your data only in these specific circumstances:

  • Emergency Contacts: Your email address, will content, attached files, and creation date when your will is activated due to inactivity
  • Service Providers: Trusted partners who help operate our service (under strict confidentiality)
  • Legal Requirements: If required by law, court order, or government request
  • Business Transfers: In case of merger, acquisition, or sale (with continued protection)
  • Protection of Rights: To protect our rights, safety, or property

7. Data Storage and Security

7.1 Where We Store Data

  • Primary servers located in the European Union
  • Encrypted backups in secure, geographically distributed locations
  • All data transfers use encrypted connections (TLS/SSL)

7.2 Security Measures

  • Encryption: AES-256-GCM for will content, TLS for data transmission
  • Access Controls: Strict authentication and authorization systems
  • Infrastructure: Firewalls, intrusion detection, regular security audits
  • Zero-Knowledge: Technical inability to access your encrypted content
  • Regular Updates: Continuous security patches and improvements

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

8.1 Right to Access (Article 15)

Request a copy of your personal data we hold

8.2 Right to Rectification (Article 16)

Request correction of inaccurate personal data

8.3 Right to Erasure (Article 17)

Request deletion of your personal data ("right to be forgotten")

8.4 Right to Restrict Processing (Article 18)

Request limitation of processing in certain circumstances

8.5 Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format

8.6 Right to Object (Article 21)

Object to processing based on legitimate interests

8.7 Rights Related to Automated Decision-Making (Article 22)

Not be subject to solely automated decision-making

To exercise any of these rights, contact us at: privacy@afterlifewill.com

9. Data Retention

We retain your data for different periods based on the type and purpose:

  • Account Data: As long as your account is active
  • Encrypted Wills: Until you delete them or close your account
  • Activity Logs: 90 days for security purposes
  • Deleted Account Data: Up to 90 days after account closure for recovery purposes
  • Legal Records: As required by applicable laws (typically 5-10 years)

Note: Due to zero-knowledge encryption, deleted encrypted content cannot be recovered.

10. Cookies and Tracking

10.1 Essential Cookies

We use essential cookies required for the service to function:

  • Session Cookies: To maintain your login session
  • Security Cookies: To prevent CSRF attacks

10.2 Analytics Cookies (With Your Consent)

With your explicit consent, we use Google Analytics to understand how users interact with our website:

  • Google Analytics 4: To analyze website traffic, user behavior, and improve our service
  • Cookie Consent: Analytics cookies are only loaded after you accept our cookie banner
  • Data Collection: Page views, session duration, traffic sources, device information
  • Data Retention: Analytics data is retained for 26 months as per Google's policy
  • IP Anonymization: Your IP address is anonymized to protect your privacy

10.3 Your Cookie Choices

  • Accept: You can accept analytics cookies to help us improve our service
  • Decline: You can decline analytics cookies - our service will work fully without them
  • Change Mind: Clear your browser's localStorage to reset your cookie preferences
  • Browser Settings: You can also disable cookies in your browser settings

10.4 What We DON'T Use

We do not use:

  • Advertising cookies or remarketing
  • Social media tracking pixels
  • Cross-site tracking
  • Cookies to identify you across other websites

10.5 Google Analytics Information

Google Analytics is provided by Google LLC. To learn more about Google's privacy practices:

11. International Data Transfers

Your data is primarily stored within the European Union. If we need to transfer data outside the EU, we ensure:

  • Adequate protection through EU Standard Contractual Clauses
  • Transfer only to countries with adequate data protection laws
  • Additional security measures for sensitive data
  • Transparency about any international transfers

12. Children's Privacy

Our service is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If we discover that a child has provided us with personal information, we will delete it immediately.

13. Third-Party Services

We use limited third-party services to operate AfterlifeWill.com:

  • Email Service: For sending notifications (cannot read encrypted content)
  • Hosting Provider: For server infrastructure (with data processing agreement)
  • Payment Processor: If applicable, for handling payments securely
  • Google Analytics: For website analytics (with your consent only, IP anonymized)

All third parties are carefully selected and bound by strict data protection agreements. Google Analytics operates under Google's privacy policy and standard terms.

14. Data Breach Notification

In the unlikely event of a data breach:

  • We will notify affected users within 72 hours of discovery
  • We will inform relevant supervisory authorities as required by GDPR
  • We will provide information about the breach and steps to protect yourself
  • Your encrypted will content remains secure even in a breach due to zero-knowledge encryption

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we do:

  • We will update the "Last updated" date
  • We will notify you via email for significant changes
  • We will request new consent where required by law
  • The updated policy will be available on our website

16. Contact Information

For privacy-related questions or to exercise your rights:

  • Email: privacy@afterlifewill.com
  • Data Protection Officer: dpo@afterlifewill.com
  • General Support: support@afterlifewill.com
  • Website: afterlifewill.com/contact

Supervisory Authority

You have the right to lodge a complaint with the Czech data protection authority:

Úřad pro ochranu osobních údajů (ÚOOÚ)
Pplk. Sochora 27
170 00 Praha 7
Czech Republic
Website: www.uoou.cz

This Privacy Policy is part of our commitment to protecting your privacy and complying with GDPR and Czech data protection laws.

For questions about this policy or your personal data, please contact us.