Privacy Policy

We are Thrive Haven Ltd, a company registered in England and Wales (company number 16319387), trading as If You Die. We run a verified-death message delivery service. We collect what we need to deliver that service, store the contents of your letters encrypted at rest, never sell your data, never read your letters, and never train AI on what you write. This page explains in detail what we collect, why, how long we keep it, who we share it with, and what rights you have under UK data protection law.

The data controller is Thrive Haven Ltd, registered office 22 Waltham Road, Newton Abbot, Devon TQ12 1LH, United Kingdom. Companies House number 16319387. For any data protection question, contact us at hello@ifyoudie.org. We do not currently operate a separate Data Protection Officer; the founders are the responsible parties.

We try to collect only what the service genuinely needs. The categories are:

2.1 Account information

• Your email address (used for sign-in, check-ins, account recovery).
• Your display name, if you set one.
• An encrypted password hash, managed by our authentication provider.
• Account state: when you joined, your current subscription tier, your status (active, grace, awaiting witnesses, delivered, paused).
• Your check-in cadence preference (weekly, monthly, or quarterly).

2.2 Content you create

• The text of letters you write. The body of each letter is encrypted at rest with AES-256-GCM before it is stored. The encryption key is held by Thrive Haven Ltd on our servers. This means we have the technical ability to decrypt, but we never read content in the ordinary course of business, and our staff have no operational reason to do so. We are honest about this: this is encryption-at-rest, not zero-knowledge.
• Titles of letters (used as labels for you; not encrypted).
• The names, email addresses, optional phone numbers, and relationships of the people you nominate as recipients.
• The names, email addresses, and optional phone numbers of the people you nominate as trusted contacts (witnesses).
• Delivery rules you set (immediate, scheduled, anniversary).

2.3 Check-in records

• Timestamps of check-in emails we send you and your responses.
• For accountability: the channel of your response (email, web), and, for fraud-detection purposes, the IP address, country, region, city, and user agent of the device that responded to a check-in.

2.4 Witness attestation records

• Records of what each witness attested ("heard recently", "not worried", "confirmed died"), and the date.

2.5 Household membership

• If you join a Family or Founder household, we record your linkage to the household, the role (organiser or member), and the timestamps of joining and leaving.

2.6 Billing data

• Your Stripe customer identifier, your subscription identifier, your subscription status, period end dates.
• We do not store payment card numbers. Card details are handled exclusively by Stripe.

2.7 Marketing list (waitlist)

• If you signed up to the waitlist before we opened, we hold the name and email you submitted, plus your free-text answer to "how did you find us".

2.8 Technical logs

• Standard server logs from our hosting provider (Vercel) and our database (Firebase). These include IP addresses, request paths, and timestamps. We use these for security monitoring and uptime, not for marketing.

Under UK GDPR, we must have a lawful basis for processing each category of data. Ours are:

• Performance of a contract for: your account, your letters, your recipients, your witnesses, check-ins, attestations, household membership, deliveries, and billing data. You sign up for a service and we cannot deliver it without this data.
• Legitimate interests for: security logs, fraud-detection metadata on check-in responses (IP, user agent), and aggregate non-identifying analytics on how the website is used. We consider these necessary and proportionate, and they do not override your fundamental rights.
• Consent for: optional waitlist subscription, optional marketing emails (we do not currently send any), and any future feature that asks for explicit opt-in.
• Legal obligation for: accounting records (HMRC requires us to keep invoices and tax records).

The fact that your account, your letters, and the records of your nominated recipients and witnesses can relate to your death makes some of this special-category data under UK GDPR Article 9 (data concerning health, in some interpretations). Our additional condition for this is the performance of a contract you have explicitly entered into and the protection of your vital interests and those of the people you have named.

• Your account and letter content: for as long as your account is active.
• If you delete your account: we wipe content within 30 days, and back-up copies are purged within 90 days.
• If your dead-man switch is fired and your letters are delivered: the delivered records remain accessible to the recipients via their personal links for up to 12 months, after which they are wiped. Your underlying account is closed.
• If you cancel a paid subscription: your data is retained on a Free tier (with reduced limits) unless you also choose to delete your account.
• Billing and tax records: retained for 7 years to satisfy HMRC requirements.
• Security logs: retained for 90 days.

We use a small number of carefully chosen third parties to operate the service. We do not sell your data to anyone, ever.

• Google (Firebase) — authentication, database, storage. EU-region data residency where supported.
• Stripe — payment processing. PCI-DSS certified.
• Twilio SendGrid — transactional email (check-ins, witness invites, delivery notifications).
• Vercel — hosting of the application.
• Witness recipients you nominate — at the relevant moment, we contact them at the email or phone you provided.
• Message recipients you nominate — at the relevant moment, they receive a secure link to read what you addressed to them.

Each of these processors is bound by a data-processing agreement. We do not enable third-party advertising trackers on the website.

Some of our processors operate servers outside the United Kingdom. Where this happens, we rely on either UK Adequacy Regulations (for transfers to the European Economic Area) or on Standard Contractual Clauses approved by the UK Information Commissioner's Office. Stripe, SendGrid, and Vercel are headquartered in the United States; Firebase data may be processed in the EU and the US. By using the service you accept this transfer.

• Letter bodies are encrypted at rest with AES-256-GCM. The master key is stored as a Vercel sensitive environment variable.
• All data in transit is over HTTPS.
• Database access is locked down by Firestore security rules so that one user cannot read another's content.
• Server-side writes to letter content are exclusively the responsibility of our API, never the browser.
• We are pursuing Cyber Essentials Plus certification before paid launch grows beyond a small first cohort.
• If we discover a personal data breach we will notify the UK Information Commissioner's Office within 72 hours and, where the breach risks your rights and freedoms, we will notify you directly.

You have the right to:

• Ask for a copy of your data (subject access request).
• Have inaccurate data corrected.
• Have your data erased (right to be forgotten), subject to our legal retention obligations for billing.
• Restrict or object to certain processing.
• Receive your data in a portable, machine-readable format.
• Withdraw consent at any time where consent was the basis for processing.
• Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email hello@ifyoudie.org. We respond within 30 days.

The service is not for under-16s. We do not knowingly collect data from people under 16. If you believe a minor has an account, please email us and we will remove it.

We will revise this document as the service evolves. Significant changes will be notified by email to the address on your account at least 30 days before they take effect.

Thrive Haven Ltd, 22 Waltham Road, Newton Abbot, Devon TQ12 1LH, United Kingdom.
Companies House number 16319387.
Email hello@ifyoudie.org.