Privacy Policy

This Privacy Policy describes how ExecutorEstate.com (“we,” “us,” “our”) collects, uses, shares, and protects your information when you use the Platform. By using the Platform you agree to this Privacy Policy. It is part of our Terms of Service.

Account information. When you create an account, we collect your email address, password (stored as a salted hash, never in plaintext), display name, state of residence, and your two-factor authentication enrollment.

Vault contents. Every document, photo, video, account record, or personal message you upload. We store these encrypted at rest.

File metadata. For each file: file size, MIME type, your SHA-256 fingerprint, and the Bitcoin timestamp commitment from OpenTimestamps. For phone uploads via QR code: GPS coordinates (only if you grant permission), EXIF data embedded in photos (camera make/model, aperture, ISO, datetime, etc.), and your User-Agent string.

Plan information. People you’ve named (executor, deputies, heirs — with their names, emails, phone numbers, and any notes you provided about them), quorum + cascade configuration, and per-document access assignments.

Release information. Death certificates and sworn statements uploaded by an initiator, attestations recorded by quorum members, manual contact records (e.g. “called Ken at 5pm”), and cascade promotion logs.

Operational data. Server logs, IP addresses, timestamps of significant actions (sign-in, plan changes, release lifecycle events). We use these to operate, secure, and debug the Platform.

To operate the Platform, specifically:

• Authenticate your access (email + password + MFA).
• Store and serve your documents and plan information back to you.
• Fingerprint your documents (SHA-256) and anchor those fingerprints to the Bitcoin chain via OpenTimestamps.
• Run the release workflow: notify named people, collect attestations, enforce quorum, promote cascade fallbacks, and deliver documents to authorized heirs at the schedule you set.
• Operate, secure, and debug the Platform; respond to your support requests; and detect or prevent abuse.
• Comply with legal obligations (subpoenas, court orders, regulatory requirements).

We do NOT use your content for advertising, model training, or any purpose outside the Platform’s release workflow. We do not sell your data.

With other Platform users you’ve named. Before a release is initiated, the people you’ve named on your plan see only that they were named. They do not see your documents, your other named people’s contact information, or each other.

During an active release. Once a release event is initiated against your plan, named quorum members become visible to each other (names, emails, phone numbers, and any backup contact info they voluntarily provided) so they can coordinate by voice. The initiator additionally sees the executor’s contact info from the moment of submission.

After a completed release. Heirs see the documents you specifically designated for them, on the schedule you specified.

With service providers. We use third-party infrastructure to run the Platform. Our current providers include:

• Supabase— database, file storage, and authentication. Data is stored encrypted at rest and protected by row-level security policies.
• Vercel— hosting and edge delivery. They process operational logs and serve requests.
• OpenTimestamps calendars — receive SHA-256 fingerprints (just the 32-byte hashes) and return Bitcoin timestamp proofs. They do not receive your actual files or any identifying information about you.
• Bitcoin network — the public Bitcoin blockchain receives only the merkle root that includes your file hashes (alongside thousands of others batched by the calendars). No identifying information, no file contents.

For legal compliance. We may disclose information in response to a valid subpoena, court order, or other legal process; to protect our rights or property; or to prevent imminent harm. We’ll notify you of any such request unless legally prohibited.

We take security seriously because your account holds the documents that matter most to your family. Our protections include:

• Encryption at rest for all stored files and database records.
• Two-factor authentication required on every account.
• Row-level security (RLS) policies in our database that enforce strict per-user access boundaries — an authenticated user can only read their own data or data they’ve been explicitly granted access to.
• Bitcoin-anchored tamper evidence on every uploaded document.
• Audit logging for plan changes, release lifecycle events, and authentication actions.

No system is 100% secure. If we become aware of a breach affecting your data, we’ll notify you as required by applicable law.

See our Security page for more detail.

While you’re alive. We keep your data as long as your account is active. If you delete content, we remove it from our active storage; some recent backups may retain it for up to 30 days before they cycle out.

After a completed release. Your documents and the audit trail of the release remain available to the heirs you designated for as long as the Platform offers the service, except where you specified a different schedule. You may direct in your plan that documents auto-delete after a specified time.

If your account is terminated for cause. We retain only what we need to enforce our Terms or comply with legal obligations.

Backups and audit logs. Some operational records are retained longer in our backup and audit systems — up to seven years — for security and legal-compliance purposes. We don’t actively access these unless required to.

Access and correction. You can view and edit your account information, your vault contents, and your plan at any time from your dashboard.

Deletion. You can delete individual files at any time, and you can terminate your entire account from Account settings (subject to the retention rules above).

Portability.If you want a copy of your data, contact us at the address below and we’ll provide it in a structured, machine-readable format within 30 days.

California (CCPA / CPRA) residents have additional rights to know what we’ve collected, to delete personal information, to correct inaccurate information, and to opt out of any “sale” or “sharing” (we don’t sell or share for cross-context behavioral advertising, but the right exists regardless). To exercise any of these, contact us below.

ExecutorEstate is currently offered only to United States residents. Our servers are located in the U.S. If you access the Platform from outside the U.S., you do so on your own initiative and are responsible for compliance with local laws. By using the Platform you consent to the transfer and processing of your information in the U.S.

The Platform is not directed to children under 18 and we don’t knowingly collect information from them. If we learn we’ve collected information from a person under 18, we’ll delete it.

We may update this Privacy Policy from time to time. If we make a material change, we’ll notify you by email and on the Platform before the change takes effect.

Questions about this Privacy Policy, or want to exercise any of your rights? Email us at rudycced@gmail.com.