Privacy Policy

Last Updated: October 20, 2025

Introduction

At Passdown, your privacy is our top priority. This Privacy Policy explains how we collect, use, and protect your personal information when you use our digital inheritance management service.

Our zero-knowledge architecture ensures that we never have access to your unencrypted documents or your master key (the encryption key for your documents, separate from your login password). This means your sensitive data remains private and secure, even from us.

Information We Collect

Account Information

  • Email address (for account creation and notifications)
  • Login password (hashed and salted - can be reset like any standard password)
  • Account preferences and settings
  • Beneficiary email addresses (for notifications only)

Encrypted Data

We store your documents and credentials in encrypted form. All encryption happens in your browser using your master key (NOT your login password), which we never receive or store. The master key cannot be reset or recovered. This means we cannot decrypt your data under any circumstances.

Technical Information

  • IP address and browser information (for security and fraud prevention)
  • Access logs and usage statistics (anonymized)
  • Cookie data (for authentication and preferences)

Zero-Knowledge Architecture

Passdown is built on a zero-knowledge architecture. This means all encryption and decryption happens locally in your browser before any data reaches our servers. You have two separate credentials: a standard login password (for accessing your account, can be reset) and a master key (for encrypting documents, cannot be reset).

We never have access to your master key, derived encryption keys, or unencrypted documents. Even if compelled by law or if our servers were compromised, we would be unable to decrypt your data.

How We Use Your Information

  • To provide and maintain the Passdown service
  • To send you important notifications (access requests, security alerts)
  • To improve our service and user experience
  • To prevent fraud and ensure security
  • To comply with legal obligations

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:

  • With your beneficiaries when they request access (only email notifications)
  • With service providers who assist in operating our platform (under strict confidentiality agreements)
  • When required by law or to protect our legal rights

Data Security

  • AES-256-GCM encryption for all documents
  • Argon2id key derivation for password protection
  • Secure HTTPS connections for all communications
  • Regular security audits and updates
  • Access delay feature to prevent unauthorized access

Your Rights

  • Access your personal information at any time
  • Export all your data (encrypted and account information)
  • Delete your account and all associated data
  • Opt-out of non-essential communications

Cookies and Tracking

We use essential cookies for authentication and session management. We use Google Analytics to understand how our service is used, but we do not track you across other websites.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through a notice on our website.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: [email protected]