Privacy

Your data, protected.

How we collect, use, and safeguard your personal information.

Last updated: January 2026

1. Introduction

Trustbourne ("we", "us", "our") operates a digital dead man's switch service that securely stores sensitive files and automatically releases them to trusted contacts when a user becomes unresponsive.

This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection laws.

Data Controller: Trustbourne, a division of Kiwazo CommV Registered in: Belgium (KBO/BCE: BE-0671852484) Contact: privacy@trustbourne.com

2. Data We Collect

2.1 Website Visitors & Newsletter

If you sign up for our newsletter or waitlist, we collect your email address only. We use this to send updates about Trustbourne. You can unsubscribe anytime via the link in each email.

2.2 Account Data

  • Email address — Account identification and communications
  • Full name — Personalization and contact identification
  • Password (hashed) — Authentication (we never store your actual password)
  • Phone number — Check-in notifications (optional)
  • WhatsApp number — Check-in notifications (optional)

2.2 Payment Data

Payment card details are processed and stored exclusively by Mollie. We never see or store your full card number. We only receive the last 4 digits, card brand, expiry, and transaction confirmations.

2.3 Security Data

  • Two-factor authentication secrets — Encrypted at rest
  • Session tokens — For authenticated access (30 days max)
  • Browser ID — Device recognition for security (cookie, 10 years)
  • IP address — Security monitoring and abuse prevention

2.4 Vault & File Data

Your files are encrypted on your device before they are uploaded to our servers. Our servers never receive or store unencrypted file content. We store:

  • File names and sizes (for your convenience)
  • Encrypted file content
  • Folder structure

In Seamless mode, we store an encrypted release key that allows automatic vault release to your contacts. In Maximum Privacy (zero-knowledge) mode, we cannot decrypt your files under any circumstances.

2.5 Contact Data

For your trusted contacts, we collect: name, email, phone number (optional), WhatsApp number (optional), and verification status.

2.6 Audit Data

We log security-relevant events for audit trail, abuse prevention, and debugging: authentication events, account changes, vault operations, contact management, check-in responses, and escalation events.

3. How We Use Your Data

We use your data to:

  • Store and encrypt your files
  • Manage your trusted contacts
  • Send check-in reminders via your preferred channels
  • Release your vault to contacts when triggered
  • Authenticate your access
  • Process payments and manage subscriptions
  • Detect and prevent unauthorized access
  • Debug issues and improve the service

We do NOT use your data for advertising, profiling, or sale to third parties.

4. Data Storage & Security

All data is stored in the European Union. We do not use US cloud providers (no AWS, Google Cloud, or Azure).

Marketing site providers:

  • Buttondown — Newsletter management (US, GDPR compliant)
  • Simple Analytics — Privacy-focused analytics (EU, no cookies, no personal data)

Application providers:

  • Hexabyte — Infrastructure hosting (EU)
  • Scaleway — File storage and email (EU)
  • Infobip — SMS and WhatsApp messaging (EU)
  • Mollie — Payment processing (EU)

All providers are GDPR-compliant and bound by data processing agreements.

5. Data Sharing

We share data only with the service providers listed above, and with your designated contacts when your vault is released. We may also disclose data if required by law or valid legal process.

6. Your Rights

Under GDPR (EU) and UK GDPR, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion ("right to be forgotten")
  • Restriction — Limit how we process your data
  • Portability — Receive your data in a machine-readable format
  • Objection — Object to processing based on legitimate interest

To exercise your rights, contact privacy@trustbourne.com or use the data export/deletion features in your account settings. We respond within 30 days.

7. Data Retention

  • Account data — Account lifetime + 1 year
  • Session data — 30 days from last use
  • Audit logs — Account lifetime + 1 year
  • Vault contents — Until deleted or released
  • Payment records — 7 years (legal requirement)

After account deletion, we retain data for 1 year for recovery, fraud prevention, and legal compliance. After that, all personal data is permanently deleted.

8. Cookies

Marketing site (trustbourne.com): We don't use cookies. Simple Analytics doesn't need them.

Application (app.trustbourne.com): We use only essential cookies required for the service to function:

  • session — Authentication (30 days)
  • browser_id — Device recognition for security (10 years)
  • csrf_token — Security protection (session)

We do not use advertising, analytics, or third-party tracking cookies.

9. Children's Privacy

Trustbourne is not intended for users under 18 years of age. We do not knowingly collect data from minors.

10. Changes to This Policy

We will notify you of material changes via email at least 30 days before they take effect. Continued use after changes constitutes acceptance.

11. Contact & Complaints

Data Protection Contact: privacy@trustbourne.com

Supervisory Authorities: You have the right to lodge a complaint with a data protection authority:

Questions about this policy? Contact us at privacy@trustbourne.com

Ready to get started?

Join the waitlist for early access.

We'll notify you when we launch.