Privacy Policy

1. Introduction

WhenImGone ("we," "our," or "us") operates the WhenImGone mobile application and website at whenigone.com (the "Service"). This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

2. Information We Collect

Account Information: When you create an account, we collect your email address and display name. If you sign in with Apple, we receive the information you authorize Apple to share.

Page Content: You provide information for your emergency page, including contacts, account details, wishes, and messages. Sensitive sections (financial, digital, insurance, documents) are encrypted on your device using AES-256-GCM before being sent to our servers. We cannot read or access the contents of encrypted sections.

Check-In Data: We record check-in timestamps to operate the dead man's switch feature.

Trusted Contact Information: You provide the name, email, and optionally phone number of your trusted contact(s). We use this information solely to notify them as part of the escalation process.

Waitlist: If you join our waitlist, we collect your email address to notify you when we launch.

3. How We Use Your Information

We use your information to: operate and maintain the Service, send check-in reminders via push notifications and email, execute the escalation chain and notify your trusted contact(s) when triggered, process payments and manage subscriptions, send you important service updates, and improve the Service. We do not sell your personal information to third parties. We do not use your data for advertising purposes.

4. Encryption & Data Security

We take a zero-knowledge approach to your sensitive data. Sections marked as sensitive (financial accounts, digital accounts, insurance & legal, and documents) are encrypted on your device using AES-256-GCM with a key derived from your recovery passphrase via PBKDF2. The encryption key never leaves your device and is never transmitted to our servers. We cannot decrypt your sensitive data. Non-sensitive sections (emergency contacts, personal wishes, messages) are stored in readable form to enable immediate access for your trusted contact upon page unlock. All data is transmitted over HTTPS/TLS. Our database uses row-level security policies to ensure users can only access their own data.

5. Third-Party Services

We use the following third-party services to operate: Supabase (database, authentication, file storage), Apple Push Notification Service (check-in reminders), Resend (email notifications), Twilio (SMS notifications for escalation), Vercel (website hosting), and Apple In-App Purchase / Dodo Payments (payment processing). Each of these services has their own privacy policies governing how they handle data.

6. Data Retention

We retain your account data and page content for as long as your account is active. If you delete your account, we will delete all associated data, including your page content, trusted contact information, check-in history, and uploaded documents within 30 days. Waitlist emails are retained until launch, after which they are deleted unless you create an account.

7. Your Rights

You have the right to: access your personal data, correct inaccurate data, delete your account and all associated data, export your data, and withdraw consent at any time. To exercise any of these rights, contact us at support@reku.dev.

8. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, contact us at support@reku.dev.