Eternity WaveBack to Home

Privacy Policy

Effective Date: January 1, 2025 Last Updated: January 1, 2025

1. Introduction

This Privacy Policy describes how Eternity Wave ("we", "our", or "us") collects, uses, processes, and protects your personal information when you use our digital legacy preservation service (the "Service").

Eternity Wave is committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable privacy laws.

2. Data Controller

Data Controller: Eternity Wave Email: privacy@eternitywave.com

For data protection inquiries, please contact us at the email address above.

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Name, email address, password (encrypted), profile image
  • Profile Data: Biographical information, life stories, personality traits, values, philosophy
  • Beneficiary Information: Names, email addresses, relationship information of designated beneficiaries
  • Executor Information: Names, email addresses of appointed executors
  • Digital Assets: Files, documents, images, videos, audio recordings uploaded to your vault
  • Memory Content: Personal memories, stories, dates, and associated media
  • Life Check Data: Confirmation responses, dates of last activity
  • Death Verification Data: Information provided by verification contacts regarding your status
  • Payment Information: Billing address, payment method details (processed securely by Stripe)
  • Communication Data: Messages, emails, and other communications with us

3.2 Information Collected Automatically

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, features used, time spent, access times
  • Log Data: Server logs, error reports, system events
  • Cookie Data: See our Cookie Policy for detailed information

3.3 Information from Third Parties

  • Payment Processors: Transaction confirmations and payment status from Stripe
  • Email Service: Delivery status and engagement metrics from Resend

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

4.1 Contractual Necessity (GDPR Art. 6(1)(b))

  • Account creation and management
  • Service delivery and digital legacy preservation
  • Payment processing
  • Beneficiary notification and access provision

4.2 Legitimate Interests (GDPR Art. 6(1)(f))

  • Service improvement and optimization
  • Security and fraud prevention
  • Technical operations and troubleshooting
  • Communication about service changes

4.3 Consent (GDPR Art. 6(1)(a))

  • Marketing communications (where required)
  • Non-essential cookies and analytics
  • Optional features requiring explicit consent

4.4 Legal Obligation (GDPR Art. 6(1)(c))

  • Tax and accounting requirements
  • Compliance with court orders or legal processes
  • Regulatory compliance

4.5 Vital Interests (GDPR Art. 6(1)(d))

  • Death verification processes
  • Emergency executor notifications

5. How We Use Your Information

We use your information for the following purposes:

5.1 Service Provision

  • Creating and managing your account
  • Storing and preserving your digital legacy
  • Processing life check verifications
  • Managing death confirmation processes
  • Providing beneficiary and executor access upon verified death
  • Delivering scheduled events and content releases

5.2 Communication

  • Sending life check verification emails
  • Notifying verification contacts when necessary
  • Providing service updates and important notices
  • Responding to your inquiries and support requests
  • Sending transactional emails related to your account

5.3 Service Improvement

  • Analyzing usage patterns to improve features
  • Identifying and fixing technical issues
  • Developing new functionality
  • Conducting security assessments

5.4 Legal and Security

  • Preventing fraud and abuse
  • Enforcing our Terms of Service
  • Complying with legal obligations
  • Protecting our rights and the rights of others

6. Data Sharing and Disclosure

6.1 We DO NOT Sell Your Personal Data

We do not and will never sell, rent, or trade your personal information to third parties for their marketing purposes.

6.2 Service Providers

We share data with trusted third-party service providers who assist us in operating our Service:

  • Stripe: Payment processing (PCI-DSS compliant)
  • Resend: Email delivery services
  • AWS S3: Secure file storage
  • Vercel: Application hosting and infrastructure

These providers are contractually bound to protect your data and use it only for specified purposes.

6.3 Beneficiaries and Executors

Upon verified death confirmation:

  • Your designated beneficiaries receive access to content you allocated to them
  • Your appointed executors receive administrative access to your account
  • Access is provided according to your pre-configured settings

6.4 Legal Requirements

We may disclose your information when required by law:

  • In response to valid legal process (subpoena, court order)
  • To protect our rights or property
  • To prevent fraud or security threats
  • To comply with regulatory requirements

6.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses: EU-approved data transfer mechanisms
  • Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
  • Service Provider Guarantees: Contractual obligations requiring equivalent protection

By using our Service, you acknowledge and consent to such transfers where necessary for service provision.

8. Data Retention

8.1 Active Accounts

We retain your data while your account is active and for as long as necessary to provide the Service.

8.2 After Account Closure

  • Deleted Accounts: Data deleted within 90 days unless legal obligations require retention
  • Inactive Accounts: May be deleted after extended periods of inactivity with prior notice

8.3 Post-Mortem Retention

  • Deceased User Data: Preserved according to beneficiary access settings indefinitely or until:
    • All beneficiaries have accessed their content
    • Executors request account closure
    • Subscription expires without executor renewal
  • Legal Requirements: Some data retained longer for legal, tax, or accounting purposes

8.4 Backup Data

Backup copies may persist for up to 90 days in our disaster recovery systems.

9. Your Rights Under GDPR

As a data subject, you have the following rights:

9.1 Right of Access (Art. 15)

Request confirmation of data processing and copies of your personal data.

9.2 Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete data.

9.3 Right to Erasure ("Right to be Forgotten") (Art. 17)

Request deletion of your data in certain circumstances.

Important Limitation: Post-mortem data preservation for beneficiaries may conflict with erasure requests. We balance these rights according to legitimate interests.

9.4 Right to Restriction of Processing (Art. 18)

Request limitation of processing in specific situations.

9.5 Right to Data Portability (Art. 20)

Receive your data in a structured, commonly used format and transmit it to another controller.

9.6 Right to Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing.

9.7 Rights Related to Automated Decision-Making (Art. 22)

We do not use automated decision-making or profiling that produces legal effects.

9.8 Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time.

9.9 Right to Lodge a Complaint

You have the right to lodge a complaint with your national data protection authority.

To Exercise Your Rights: Contact us at privacy@eternitywave.com. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

10.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication
  • Secure Infrastructure: Regular security audits and updates
  • Backup Systems: Redundant backups with geographic distribution

10.2 Organizational Safeguards

  • Staff Training: Regular privacy and security training
  • Access Limitations: Strict need-to-know access policies
  • Incident Response: Documented breach notification procedures
  • Vendor Management: Security requirements for all service providers

10.3 Limitations

IMPORTANT: No security system is impenetrable. While we employ industry-standard measures, we cannot guarantee absolute security. You use the Service at your own risk.

11. Children's Privacy

Our Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

If we learn we have collected data from a child under 16 without parental consent, we will delete it promptly. If you believe we may have such information, contact us immediately.

Beneficiaries Under 16: If a beneficiary is under 16, access will be provided to their legal guardian until they reach the age of majority.

12. Death Verification and Post-Mortem Processing

12.1 Life Check System

  • We send periodic verification emails based on your configured schedule
  • Failure to respond triggers escalation to verification contacts
  • This processing is based on contractual necessity and vital interests

12.2 Death Confirmation Process

  • Verification contacts may confirm or deny your death
  • Multiple confirmations may be required for verification
  • You may be contacted before final confirmation
  • This is a critical service feature with significant consequences

12.3 Post-Mortem Rights

Upon death verification:

  • Your account transitions to post-mortem status
  • Beneficiaries receive their designated access
  • Executors gain administrative control
  • Your GDPR rights transfer to your estate/executors where applicable

12.4 False Death Reports

We take false death reports seriously. Safeguards include:

  • Multiple verification requirements
  • Contact attempts before final confirmation
  • Executor notification processes
  • Reversal procedures if reported in error

13. Cookies and Tracking Technologies

We use cookies and similar technologies. See our separate Cookie Policy for comprehensive information about:

  • Types of cookies we use
  • Cookie purposes and categories
  • Managing cookie preferences
  • Third-party cookies

14. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

15. Marketing Communications

15.1 Opt-In

We only send marketing emails where you have opted in or where legally permitted.

15.2 Opt-Out

Every marketing email includes an unsubscribe link. You can also opt out via account settings.

15.3 Transactional Emails

You cannot opt out of essential transactional emails (life checks, security alerts, etc.) while maintaining an active account.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we make material changes:

  • We will update the "Last Updated" date
  • We will notify you via email or prominent notice
  • Continued use after changes constitutes acceptance
  • You may close your account if you disagree with changes

17. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

Email: privacy@eternitywave.com Subject Line: "Privacy Inquiry" or "Data Rights Request"

Data Protection Officer (if appointed): dpo@eternitywave.com

18. Supervisory Authority

If you are located in the EEA and believe we have not addressed your concerns, you have the right to lodge a complaint with your national supervisory authority.

List of EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en

19. Special Provisions

19.1 AI Legacy Feature

If you use our AI Legacy feature:

  • We process your biographical data, communication style, values, and other information you provide
  • This data is used to train a personalized AI model representing you
  • Beneficiaries can interact with this AI after your verified death
  • The AI does not make decisions or take actions on your behalf
  • You control what data is used for AI training

19.2 Executor Access

Executors have administrative access to:

  • Manage beneficiary access
  • Update account settings
  • Process subscription payments
  • Close the account
  • But NOT decrypt password-protected content without the password

19.3 Encryption and Password Protection

  • Some content can be password-protected by you
  • We cannot recover lost encryption passwords
  • Encrypted content is inaccessible without the correct password
  • You are responsible for sharing passwords with beneficiaries securely

20. Disclaimer

THIS PRIVACY POLICY DESCRIBES OUR DATA PRACTICES BUT DOES NOT CREATE CONTRACTUAL RIGHTS. THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTIES. WE ARE NOT LIABLE FOR DATA LOSS, UNAUTHORIZED ACCESS, OR OTHER DAMAGES EXCEPT WHERE PROHIBITED BY LAW.

Your use of the Service is also governed by our Terms of Service, which include additional limitations of liability.

Acknowledgment: By using Eternity Wave, you acknowledge that you have read, understood, and agree to this Privacy Policy.