Privacy Policy
Your Trust is Our Foundation
Last Updated: January 20, 2025
Our Privacy Promise
A Final Message operates on privacy-first principles with strong encryption. Your final messages are protected by industry-standard 256-bit AES encryption. We maintain complete privacy: no data sharing, no tracking cookies, no selling your information, and no exceptions.
1. Data Protection & Encryption
256-Bit AES Encryption
All messages are encrypted using Advanced Encryption Standard (AES) with 256-bit keysโthe same encryption banks use to protect financial data. Your messages remain private and secure.
Strong Encryption
Messages are encrypted before storage and remain encrypted until delivery to recipients.
Privacy by Design
We build privacy into every feature. Your data is never used for advertising or sold to third parties.
Secure Transmission
All data transmission uses TLS 1.3 encryption, ensuring your information is protected in transit.
Security Implementation
- Encryption: AES-256 for data at rest
- Password Security: Bcrypt hashing with salt
- Secure Connections: TLS 1.3 for all communications
- Infrastructure: Hosted on Vercel's secure platform
- Access Controls: Secure authentication and session management
2. Information We Collect
What We Collect (Minimal Data Principle)
We only collect information necessary to provide our service:
- Account Information: Email address and password (encrypted)
- Contact Details: Phone number for check-ins (optional)
- Message Content: Your encrypted final messages
- Recipient Information: Names and emails for message delivery
- Service Data: Check-in responses and delivery status
How We Use Your Information
- Service Delivery: To store and deliver your final messages
- Check-ins: To verify your wellbeing status
- Communication: Service updates and support
- Security: To protect against fraud and abuse
What We Never Collect
We do not collect or store:
- Browsing history or tracking cookies
- Location data or IP addresses for tracking
- Social media profiles
- Biometric data
- Third-party advertising data
3. How We Protect Your Data
Technical Safeguards
We implement industry-standard security measures:
- Encrypted database storage
- Secure HTTPS connections
- Regular security updates
- DDoS protection through Vercel
Organizational Safeguards
Our team follows strict privacy practices:
- Limited access to user data
- Confidentiality agreements
- Privacy training for all staff
- Regular privacy reviews
4. Your Privacy Rights
You Have Complete Control
Following GDPR principles, you have the right to:
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your account and data
- Portability: Export your data in a readable format
- Objection: Opt out of certain data uses
How to Exercise Your Rights
To exercise any of these rights, email us at care@afinalmessage.com with your request. We'll respond within 30 days.
5. Information Sharing
We Never Sell Your Data
We never sell, rent, or trade your personal information. Period. Your privacy is not for sale.
Limited Sharing Circumstances
We may share information only when:
- You Direct Us: When delivering messages to your recipients
- Legal Requirements: Valid legal requests (we'll notify you when possible)
- Safety: To prevent harm or fraud
- Service Providers: Essential services like email delivery (under strict agreements)
Third-Party Services
We work with select service providers who:
- Are bound by confidentiality agreements
- Only process data as we instruct
- Cannot use your data for their own purposes
- Must delete data when no longer needed
7. Data Retention
How Long We Keep Data
- Active Messages: Until delivered or you delete them
- Delivered Messages: Deleted 30 days after delivery
- Account Data: Until you close your account
- Deleted Data: Removed from backups within 90 days
Secure Deletion
When you delete data or close your account:
- Data is immediately removed from active systems
- Backups are purged within 90 days
- No recoverable traces remain
- We confirm deletion completion
8. Children's Privacy
A Final Message is not intended for children under 18. We do not knowingly collect information from minors. If we learn we've collected data from a child, we will delete it immediately.
Parents who believe we may have information about their child should contact us at care@afinalmessage.com.
9. International Users
We welcome users from around the world but require a US phone number to sign up for text verification purposes. By using our service, you consent to your information being processed in the United States, where our servers are located.
We ensure your data is protected regardless of location through:
- Strong encryption for all data
- Compliance with GDPR principles
- Respect for all privacy laws
- Same high standards globally
10. Policy Updates
We may update this policy to reflect changes in our practices or legal requirements. We will:
- Notify you of significant changes via email
- Post updates on our website
- Give you time to review changes
- Allow you to close your account if you disagree
Transparency Commitment
We believe in being open about our practices. If you have questions about how we handle data, just ask. We're happy to explain.
Privacy Questions?
We're here to help with any privacy concerns:
Email: care@afinalmessage.com
Response Time: Within 24-48 hours
Subject Line: Privacy Question
Our Promise to You
Your privacy is sacred to us. We built A Final Message because we believe everyone deserves a secure, private way to leave final messages for their loved ones. We will never compromise on privacy or security for profit.
This promise includes:
- Never selling or monetizing your data
- Maintaining strong encryption always
- Being transparent about our practices
- Putting your privacy first in every decision