Privacy Policy

We collect information you provide directly to us, information generated by your use of the Service, and information we receive from third parties.

Account information. When you register, we collect your email address and any profile information you provide. Account authentication is managed through Clerk, which may collect additional information such as IP address, device identifiers, and login history on our behalf.

Switch configuration data. We collect all information you enter when configuring a switch: check-in intervals, grace periods, recipient email addresses and names, verification questions and answers (including duress answers), email subject lines and body content, and any trigger settings.

Uploaded files. We store files you upload to the Service. Files are encrypted at rest using AES-256-GCM encryption with per-file keys wrapped by a master key. We have access to the encryption keys necessary to deliver files when a switch triggers.

Activity and usage data. We collect logs of check-in events, trigger events, missed check-ins, email delivery status, login activity, and other operational events associated with your account. This data is used to operate the Service and is retained as part of your activity history.

Payment information. Subscription payments are processed by Stripe. We receive and store a limited set of payment information including your billing plan, subscription status, last four digits of your payment card, and billing history. We do not store full payment card numbers, CVVs, or other sensitive payment details.

Technical data. We automatically collect certain technical information when you use the Service, including IP addresses, browser type and version, device type, operating system, referring URLs, pages visited, and timestamps of interactions. This data is used for security, fraud prevention, and service improvement.

Communications. If you contact us for support or other inquiries, we retain records of that correspondence including your contact information and the content of your messages.

We use the information we collect for the following purposes:

• To create and manage your account and authenticate your identity
• To operate the Service, including monitoring check-in status and executing triggered actions
• To send transactional emails including check-in reminders, verification requests, and account notifications
• To process and manage subscription payments and billing
• To detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities
• To enforce these Terms and our policies
• To respond to your support requests and inquiries
• To monitor and analyze usage and trends to improve the Service
• To comply with legal obligations and respond to lawful requests from public authorities
• To protect the rights, property, and safety of Dead Man, our users, and the public

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

If you are located in the European Economic Area or United Kingdom, we process your personal data on the following legal bases:

• Contract performance — processing necessary to provide the Service pursuant to our agreement with you
• Legitimate interests — processing necessary for our legitimate interests, such as fraud prevention, security, and service improvement, where these are not overridden by your rights
• Legal obligation — processing necessary to comply with applicable law
• Consent — where you have given us specific consent to process your data for a specific purpose

We share your information only in the following limited circumstances:

Service providers. We share information with trusted third-party vendors and service providers that perform services on our behalf, including authentication (Clerk), payment processing (Stripe), email delivery (Resend), database hosting (Neon), and application hosting and file storage (Vercel). These providers are contractually bound to use your information only as directed by us and in accordance with this policy.

Triggered actions. When your switch triggers, we transmit your configured content — including emails, files, and links — to the recipients you have designated. You are solely responsible for the appropriateness and legality of this content and for ensuring that recipients have consented to receive it.

Legal requirements. We may disclose your information if required to do so by law, court order, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to: (a) comply with applicable law or legal process; (b) protect the rights or property of Dead Man; (c) prevent or investigate possible wrongdoing; or (d) protect the personal safety of users or the public.

Business transfers. In the event Dead Man is involved in a merger, acquisition, asset sale, bankruptcy, or other corporate transaction, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or material changes to how your information is used.

With your consent. We may share your information for any other purpose with your explicit consent.

Your data is stored and processed in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States, which may have data protection laws that differ from those of your home country. By using the Service, you consent to this transfer and processing.

We implement commercially reasonable administrative, technical, and physical security measures designed to protect your information from unauthorized access, use, alteration, or destruction. These measures include TLS encryption in transit, AES-256-GCM encryption at rest for files, role-based access controls, and audit logging.

No security system is impenetrable. We cannot guarantee the absolute security of your data. In the event of a security breach that affects your personal information, we will notify you as required by applicable law.

For transfers of personal data from the EEA or UK to the United States, we rely on Standard Contractual Clauses or other lawful transfer mechanisms as required by applicable data protection law.

We and our third-party service providers use cookies, web beacons, and similar tracking technologies to operate the Service, authenticate sessions, maintain security, and analyze usage patterns.

Essential cookies are necessary for the Service to function and cannot be disabled. They include session authentication tokens and security tokens managed by Clerk.

Analytics cookies help us understand how users interact with the Service so we can improve it. You may opt out of analytics tracking by adjusting your browser settings to refuse cookies, though this may affect the functionality of the Service.

We do not use cookies for advertising or behavioral tracking purposes.

By creating an account, you consent to receive transactional emails that are essential to the operation of the Service, including: check-in reminder notifications, check-in verification requests, account security alerts, subscription and billing notifications, and service announcements. These emails cannot be individually opted out of while your account is active, as they are necessary for the Service to function as intended.

Trigger emails transmitted to your configured recipients are sent on your behalf using your configured content. Dead Man acts as a processor of this data. You are the controller responsible for ensuring that the content of those emails complies with applicable law, including anti-spam regulations (such as CAN-SPAM and GDPR), and that recipients have provided any required consent.

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data — retained until account deletion, then purged within 30 days
• Switch configuration and activity logs — retained until account deletion, then purged within 30 days
• Uploaded files — retained until deleted by you or upon account deletion, then purged within 30 days
• Payment and billing records — retained for up to 7 years as required by applicable tax and accounting law, even after account deletion
• Security and audit logs — retained for up to 12 months for fraud prevention and security purposes
• Legal hold data — retained indefinitely if subject to a legal hold, litigation hold, or regulatory investigation

We may retain anonymized or aggregated data that cannot reasonably identify you indefinitely for analytical and operational purposes.

Depending on your location, you may have the following rights with respect to your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data, subject to our retention obligations
• Portability — request a machine-readable export of your data
• Restriction — request that we restrict processing of your data in certain circumstances
• Objection — object to processing based on legitimate interests
• Withdrawal of consent — where processing is based on consent, withdraw that consent at any time

To exercise these rights, delete your account from within the app settings or submit a request to privacy@deadman.app. We will respond to verified requests within 30 days. We may require identity verification before fulfilling any request. We reserve the right to deny requests that are manifestly unfounded, excessive, or repetitive.

Note that exercising certain rights — particularly data deletion — will result in termination of your account and cessation of the Service. We cannot operate your switch without storing your configuration data.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• The right to know what personal information we collect, use, disclose, and sell
• The right to delete personal information we have collected about you, subject to exceptions
• The right to correct inaccurate personal information
• The right to opt out of the sale or sharing of personal information (we do not sell or share personal information)
• The right to limit the use and disclosure of sensitive personal information
• The right to non-discrimination for exercising your privacy rights

To submit a California privacy rights request, contact us at privacy@deadman.app. We will verify your identity before processing your request.

The Service is not directed to, and we do not knowingly collect personal information from, children under the age of 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a minor, please contact us at privacy@deadman.app.

We use the following third-party service providers, each subject to their own privacy policies:

• Clerk (clerk.com) — user authentication, session management, and identity verification
• Stripe (stripe.com) — payment processing and subscription management
• Resend (resend.com) — transactional email delivery
• Neon (neon.tech) — PostgreSQL database hosting
• Vercel (vercel.com) — application hosting, serverless compute, and file storage
• Upstash (upstash.com) — rate limiting and caching infrastructure

We share only the minimum information necessary with each provider. We are not responsible for the privacy practices of these third parties and encourage you to review their privacy policies.

While we implement security measures to protect your data, you acknowledge that no method of electronic transmission or storage is 100% secure. Dead Man shall not be liable for any unauthorized access to, disclosure of, or loss of your data that results from circumstances beyond our reasonable control, including but not limited to third-party service provider breaches, cyberattacks, or infrastructure failures.

You are responsible for the content of your switch configuration, including any personal data about third parties (such as recipient email addresses). You represent that you have obtained all necessary consents from third parties whose personal data you provide to us.

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will update the “Last updated” date at the top of this page and, where reasonably practicable, notify registered users via email. Your continued use of the Service after the effective date of any changes constitutes acceptance of the revised Privacy Policy.

We encourage you to review this Privacy Policy periodically. If you disagree with the revised policy, you must stop using the Service and delete your account.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

privacy@deadman.app

We will respond to all inquiries within a reasonable time frame and no later than 30 days.