Privacy Policy
Your privacy and data security are our top priorities. Learn how we protect and handle your information.
Last updated: January 20, 2025
Table of Contents
Our Privacy Commitment
At Volnt, we understand that your digital will and estate planning information is deeply personal and sensitive. We are committed to protecting your privacy and maintaining the highest standards of data security. We do not sell your personal data to third parties and only share information with essential service providers necessary to deliver our services.
1. Information We Collect
Personal Information
- Name (first and last name)
- Email address
- Phone number (optional)
- Account credentials and authentication data
Payment Information
- Stripe customer ID and payment metadata
- Payment amounts and currency
- Payment dates and transaction history
- Subscription status and trial information
Payment card details are securely processed by Stripe and never stored on our servers.
Will & Estate Data
- Digital and physical assets inventory
- Beneficiary information and contact details
- Will documents and estate planning content
- Asset assignment and distribution instructions
- Trusted contacts and verification settings
Sensitive asset data is encrypted client-side using user-specific encryption keys.
Usage Analytics
- Page views and user interactions (via PostHog)
- Feature usage patterns and performance metrics
- Error logs and debugging information
- Session duration and navigation patterns
Technical Data
- IP addresses and geographic location
- Browser type, version, and device information
- Operating system and screen resolution
- Referral sources and marketing attribution
2. How We Use Your Information
Service Provision
- Creating and managing digital wills
- Estate planning and asset management
- Beneficiary and executor coordination
- Will execution and trigger monitoring
Payment Processing
- Processing subscription payments
- Managing trial and paid accounts
- Handling refunds and billing inquiries
- Fraud prevention and security
Communication
- Welcome and onboarding emails
- Account and security notifications
- Will execution alerts and reminders
- Customer support communications
Security & Compliance
- Fraud prevention and detection
- Account security monitoring
- Audit logging and compliance
- Legal and regulatory requirements
3. Data Security & Encryption
Enterprise-Grade Security
We implement multiple layers of security to protect your sensitive estate planning information, including client-side encryption, database-level security, and comprehensive audit logging.
Client-Side Encryption
Sensitive asset data is encrypted in your browser using user-specific encryption keys before being stored.
Row Level Security (RLS)
Database policies ensure users can only access their own data, providing complete user isolation.
JWT Authentication
Secure session management with JSON Web Tokens and automatic token refresh for enhanced security.
Audit Logging
Comprehensive logging of all security events and data access for monitoring and compliance.
4. Third-Party Services & Data Sharing
Limited Data Sharing
We only share data with essential service providers necessary to deliver our services. We do not sell your personal data to third parties or share data for marketing purposes.
Supabase (Database & Authentication)
Data shared: User profiles, encrypted asset data, authentication records
Purpose: Database hosting, user authentication, and data storage
Location: EU/US data centers with SOC 2 Type II compliance
Stripe (Payment Processing)
Data shared: Customer ID, payment amounts, email addresses
Purpose: Secure payment processing and subscription management
Security: PCI DSS Level 1 compliant payment processor
Resend (Email Delivery)
Data shared: Email addresses, names, transactional email content
Purpose: Sending welcome emails, notifications, and alerts
Retention: Email logs retained for delivery confirmation only
PostHog (Privacy-Focused Analytics)
Data shared: Page views, user interactions, anonymized usage patterns
Purpose: Improving user experience and service functionality
Privacy: GDPR compliant with data anonymization and user opt-out options
Vercel (Application Hosting)
Data shared: Application logs, performance metrics, error reports
Purpose: Hosting our web application and ensuring reliable service
Security: Enterprise-grade infrastructure with automatic security updates
5. Data Retention
Active Accounts
Retention: Data retained while your account is active and for 30 days after account deletion
Purpose: Providing continuous service and allowing account recovery
Inactive Accounts
Retention: 2 years after last login activity
Notification: Email reminders sent before account deletion
Payment Records
Retention: 7 years for tax and legal compliance
Scope: Transaction history, payment amounts, and billing information
Audit Logs
Retention: 1 year for security monitoring
Content: Login attempts, data access, and security events
6. Your Rights (GDPR/CCPA Compliance)
Exercise Your Rights
You have comprehensive rights regarding your personal data. Contact us at privacy@volnt.xyz to exercise any of these rights. We will respond within 30 days.
Right to Access
Request copies of your personal data and information about how we process it.
Right to Rectification
Correct inaccurate or incomplete personal information in your account.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Portability
Export your data in a machine-readable format for transfer to another service.
Right to Restriction
Limit how we process your data while maintaining your account.
Right to Object
Object to certain types of data processing, including marketing communications.
Withdraw Consent
Revoke consent for data processing where consent is the legal basis.
Lodge a Complaint
File a complaint with your local data protection authority if you believe we've violated your rights.
8. International Data Transfers
Your data may be processed in the United States and European Union through our service providers. All international transfers comply with applicable data protection laws and regulations.
GDPR Compliance
Transfers to countries with adequacy decisions or appropriate safeguards in place
SOC 2 Compliance
Our service providers maintain SOC 2 Type II compliance for data security
9. Children's Privacy
Age Restriction
Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.
If we discover that we have collected personal information from a child under 18, we will promptly delete such information from our systems.
10. Legal Basis for Processing (GDPR)
Contract Performance
Processing necessary to provide will and estate planning services, manage your account, and fulfill our contractual obligations to you.
Legitimate Interests
Security monitoring, fraud prevention, service improvement, and business operations that don't override your privacy rights.
Consent
Analytics tracking, marketing communications, and other non-essential processing where you have provided explicit consent.
Legal Obligation
Compliance with financial regulations, tax requirements, and estate planning laws that require us to process certain data.
11. Contact Information
Privacy Inquiries
For privacy-related questions, data requests, or to exercise your rights:
Email:privacy@volnt.xyz
We will respond to all privacy inquiries within 30 days.
Security Concerns
For security issues, data breaches, or suspicious activity:
Email:security@volnt.xyz
Security issues are prioritized and addressed immediately.
12. Policy Updates
Notification of Changes
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
Material changes: We will notify you by email and display a prominent notice on our website at least 30 days before the changes take effect.
Minor changes: We will update the "Last updated" date at the top of this policy and notify you through our normal communication channels.
Questions About Your Privacy?
We're committed to transparency and protecting your privacy. If you have any questions about this policy or how we handle your data, please don't hesitate to contact us.