Privacy Policy

• We collect the minimum data required for authentication and billing.
• All vault contents, documents, journal entries, contact bundles, crypto keys, final messages, are encrypted end-to-end with keys we never see.
• We do not sell your data, do not use ad networks, and do not set tracking cookies.
• You can export, delete, or port your data at any time.

Account identifiers: email address, account creation timestamp, optional phone number for SMS 2FA.

Billing metadata: subscription plan, billing address, payment processor transaction IDs. Actual payment card details are handled by our payment processor (Stripe) and never reach Henedo’s servers.

Ciphertext: the encrypted blobs of your vault contents, journal entries, contact bundles, signing keys, and Eternal Vault seals. We cannot decrypt these.

Operational metadata: timestamps, file sizes, MIME types (required for quota and content-type headers), session events (last login, heartbeat, DMS state transitions).

Contact PII (server-side encrypted): trusted-contact names, emails, phone numbers, addresses, and relationships. Required so we can send DMS trigger notifications. Encrypted at rest with pgcrypto AES-256 using a key stored in a private `_pii` schema only a SECURITY DEFINER function can access. A database-only breach cannot decrypt this data.

• The content of your vault (documents, photos, videos, journal entries, final messages).
• File names or folder names (encrypted client-side with your Master Key).
• Crypto recovery phrases or passwords (encrypted client-side).
• Your Master Key, your Account Secret Key, your passphrase, or any decryption material.
• Behavioral tracking, cross-site cookies, or advertising identifiers.

You can at any time: access the account data we hold, export an encrypted archive of your vault, correct inaccuracies, delete your account and all associated ciphertext, and restrict processing.

Requests: privacy@henedo.com. We respond within 30 days (typically within 48 hours).

We use the following subprocessors to deliver the service:

• Supabase (auth, database, storage), data is encrypted before it reaches Supabase infrastructure.
• Stripe (payment processing), processes card data directly; Henedo never sees card numbers.
• Postmark (transactional email), sends authentication, billing, and DMS warning emails.
• Cloudflare (CDN, DDoS protection).

Active accounts: data retained until you delete your account. Deleted accounts: all ciphertext, encrypted metadata, and PII (encrypted or otherwise) permanently purged within 30 days. Billing records retained for 7 years per US tax law. Eternal Vaults are retained for their purchased duration (100–500 years), separate from the Living Vault.

Henedo Inc., privacy@henedo.com, For EU residents: EU representative address available on request.