Privacy Policy

Account Information

• Email address (used for account identification and check-in reminders)
• Your name (optional, for personalization)
• Password (cryptographically hashed and never stored in plain text)
• Recovery phrase (generated locally, never transmitted to our servers)

Message Data

• Encrypted message content (we cannot read your messages)
• Recipient email addresses (encrypted)
• Delivery settings and preferences
• Check-in history and timestamps
• File attachments (encrypted)

Technical Information

• IP address (for security and fraud prevention)
• Device type and browser information
• Log data (access times, error logs for debugging)

We use the information we collect to:

• Provide and maintain the LastingNote service
• Send check-in reminders via email or SMS
• Deliver your messages when deadlines are reached
• Authenticate your identity and secure your account
• Comply with legal obligations
• Prevent fraud and abuse

Zero-Knowledge Mode

In Zero-Knowledge mode, your messages are encrypted with keys that only you control. We cannot decrypt your messages even if compelled by law. Your Ultimate Human Verifier (UHV) is the only person who can authorize message delivery.

Convenience Mode

In Convenience mode, messages are encrypted with server-managed keys to ensure automatic delivery. The messages are server-side decrypted after deadline for automatic delivery to your recipients. This is the same type of security that most commercial applications use (WhatsApp, Telegram, etc.).

Security Measures

• Industry-standard encryption (ChaCha20-Poly1305)
• Secure password hashing (Argon2id)
• Regular security audits and updates
• Encrypted data transmission (HTTPS/TLS)
• No employee access to user data

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

• Service Providers: Email delivery (MailPace), SMS delivery (Twilio), cloud hosting (Supabase)
• Legal Requirements: When required by law, court order, or government request
• Safety & Security: To protect against fraud, abuse, or security threats
• Business Transfers: In case of merger, acquisition, or sale of assets (you will be notified)

Note: In Zero-Knowledge mode, encrypted message content cannot be shared because we do not have the ability to decrypt it.

• Active account data is retained while your account is active
• Messages are deleted after successful delivery to recipients
• Check-in history is retained for up to 12 months
• Deleted accounts are permanently removed within 30 days
• Backups may retain data for up to 90 days for disaster recovery

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and data
• Export your data (where technically feasible)
• Opt-out of marketing communications
• Withdraw consent for data processing

To exercise these rights, contact us at privacy@reply.lastingnote.me

We use minimal cookies and tracking technologies:

• Essential Cookies: Required for authentication and session management
• Analytics: We do not use third-party analytics or tracking
• Local Storage: Used for app functionality and encrypted session data

LastingNote is operated from the United States. If you are accessing our service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. By using LastingNote, you consent to this transfer.

For users in the European Union, we comply with GDPR requirements and provide appropriate safeguards for international data transfers.

LastingNote is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the service. Your continued use of LastingNote after changes become effective constitutes acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: privacy@reply.lastingnote.me
• Support: support@reply.lastingnote.me