Privacy Policy
We built Digital Heritage because we believe your most private information deserves the highest protection. This policy explains exactly what we do — and what we will never do — with your data.
Our Zero-Knowledge Pledge
We never see your data. Not ever. Every piece of sensitive information you store in your Digital Heritage vault — passwords, account numbers, personal letters, healthcare directives, financial records — is encrypted in your browser using AES-256 encryption before it ever leaves your device. By the time your data reaches our servers, it is an unreadable cipher. We hold the encrypted file. Only you hold the key.
This is not a legal technicality. It is a deliberate architectural decision. We designed the system this way specifically so that even if someone demanded access to your data — whether a hacker, a government agency, or anyone else — we would have nothing meaningful to hand over.
We will never sell, rent, share, trade, or monetize your personal data. Full stop. This is a founding principle of this company, not a policy that can be quietly updated.
1Who We Are
Digital Heritage is a secure personal legacy vault operated by The Rosart Family, based in San Francisco, California. We provide tools to help individuals and families organize, protect, and pass on their most important information. You can reach us at [email protected].
2What Information We Collect
We collect only what is necessary to provide the service. This falls into two categories:
Account Information
Your name, email address, and authentication credentials are collected when you create an account. This information is used solely to identify you and secure your account. It is never sold or shared with third parties for marketing purposes.
Vault Content (Zero-Knowledge)
All content you store in your vault — documents, notes, account details, messages, and files — is encrypted client-side before transmission. We store only the encrypted ciphertext. We cannot read, access, or recover the contents of your vault under any circumstances. We do not have a backdoor. If you lose your encryption key, the content cannot be recovered by us.
Usage Data
We collect basic, anonymized usage analytics (pages visited, features used, session duration) to understand how the product is being used and to improve it. This data contains no personally identifiable information and is never linked to your account or vault content.
3How We Use Your Information
We use your account information for the following purposes only: to authenticate your identity and secure your account, to send you transactional emails (account confirmations, heartbeat check-in reminders, and vault release notifications), to process your subscription payment through Stripe, and to provide customer support when you contact us.
We do not use your information for advertising, profiling, behavioral tracking, or any form of data monetization. We do not build advertising profiles. We do not participate in data broker networks.
4Data Sharing — What We Will Never Do
We will never sell your personal data to any third party. We will never share your data with advertisers, data brokers, analytics companies, or any organization whose business model involves monetizing personal information. We will never use your data to train machine learning models without your explicit, informed consent.
The only circumstances under which we share any data are: with Stripe, our payment processor, for the sole purpose of processing your subscription (they receive only what is necessary to complete the transaction); and with law enforcement, only when compelled by a valid legal order, and only to the extent legally required. In such cases, because of our zero-knowledge architecture, the most we could provide is your account information — we have no access to your vault contents.
If we are ever acquired, merged, or dissolved, your data will either be transferred to a successor entity under the same privacy commitments, or deleted entirely. We will notify you in advance and give you the opportunity to export and delete your data before any transfer occurs.
5Data Retention and Deletion
Your account and vault data are retained for as long as your account is active. If you cancel your subscription, your data is retained for 90 days to allow for reactivation, after which it is permanently deleted from our systems. You may request immediate deletion of your account and all associated data at any time by contacting us at [email protected].
Vault release data — the information shared with your designated beneficiaries after a vault trigger — is handled according to your explicit instructions. We act only as a delivery mechanism; you determine what is shared, with whom, and when.
6Security
All vault content is encrypted using AES-256 encryption in your browser before transmission. Data in transit is protected by TLS 1.3. Our servers are hosted on enterprise-grade infrastructure with industry-standard access controls, monitoring, and intrusion detection.
Despite these measures, no system is perfectly secure. We encourage you to use a strong, unique password and to enable two-factor authentication. In the event of a security breach affecting your account information, we will notify you promptly and take all reasonable steps to mitigate harm.
7Your Rights
Depending on your location, you may have rights under applicable privacy laws including the right to access, correct, or delete your personal data; the right to data portability; the right to object to certain processing; and the right to lodge a complaint with a supervisory authority.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We do not charge a fee for these requests and will not discriminate against you for exercising your privacy rights.
8Cookies
We use only essential session cookies required for authentication and security. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You cannot opt out of essential session cookies without losing access to the service, but you can clear them at any time through your browser settings.
9Children's Privacy
Digital Heritage is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us immediately and we will delete the account and all associated data.
10Changes to This Policy
We will notify you by email and with a prominent notice on the site before making any material changes to this Privacy Policy. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
11Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at [email protected]. We take every privacy inquiry seriously and will respond promptly.
This platform was built by a family that has experienced loss firsthand. We know what it means to trust someone with your most private matters. We will never betray that trust. Your legacy is yours. We are only the vault.
— Joseph & Jenny Rosart, Founders, Digital Heritage