DigiWill

Privacy Policy

Last updated: March 24, 2026

1. Who We Are

DigiWill ("we", "us", "our") is a digital legacy and estate management platform that allows users to securely organize and transfer digital assets to designated heirs. Our service is operated by DigiWill and is accessible at app.digiwill.io.

For privacy-related inquiries, contact us at: privacy@digiwill.io

2. Data We Collect

  • Account data: First name, last name, email address, and password (hashed — never stored in plaintext).
  • Authentication data: OAuth tokens when you sign in via Google or Facebook. We store only a reference identifier — we never receive or store your social media password.
  • Digital assets: Asset data you enter (account credentials, notes, documents) is encrypted with your personal key before being stored. We cannot read the contents of your assets.
  • Heir information: Names, email addresses, and optional postal addresses of heirs you designate.
  • Identity verification data: Government-issued ID documents processed by our identity verification provider (Didit) for account verification. We receive only the verification result, not copies of your documents.
  • Payment data: Billing information is processed by Stripe. We store only your Stripe Customer ID and subscription status — no card numbers are ever stored on our servers.
  • Usage data: Server logs, IP addresses, and error reports for operational purposes.

3. How We Use Your Data

  • To provide, operate, and improve the DigiWill service
  • To authenticate your identity and protect your account
  • To process payments and manage your subscription
  • To send transactional emails (account verification, heritage bundle notifications)
  • To comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Third-Party Services

We use the following third-party processors:

  • Supabase — authentication and database hosting (EU region, Frankfurt)
  • Vercel — application hosting
  • DigitalOcean Spaces — file storage (EU region, Frankfurt)
  • Stripe — payment processing and subscription management
  • Didit — identity verification (KYC)
  • Resend — transactional email delivery

5. Data Storage & Security

All data is stored on servers located in the European Union (Frankfurt, Germany). Your digital assets are encrypted using AES-256-GCM with a key derived from your passphrase — we cannot decrypt your asset contents.

We use industry-standard security practices including HTTPS, hashed passwords (bcrypt), and encrypted data at rest.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we delete all personal data within 30 days, except where we are required to retain it by law (e.g. billing records for tax purposes, retained for 7 years).

7. Your Rights (GDPR)

If you are located in the EU/EEA, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict processing of your data
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact us at privacy@digiwill.io. We will respond within 30 days.

8. Cookies

We use only essential cookies required for authentication (session tokens). We do not use tracking or advertising cookies.

9. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes by email. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or requests: privacy@digiwill.io