1. Data Controller Overview:MyStatement, Inc. operates as the Data Controller for the purposes of data protection laws, including the General Data Protection Regulation (GDPR). As the Data Controller, we are responsible for determining the purposes and means of processing your personal data, and for ensuring that your data is processed in a manner that is lawful, fair, and transparent. We are committed to upholding your privacy rights and protecting your personal information with the highest level of security.


2. Contact Information:For any inquiries, concerns, or requests related to the processing of your personal data or this Privacy Policy, please use the following contact details:
   1. Company Name:MyStatement, Inc.
   2. Website:mytestament.io. Our website serves as the primary platform through which you interact with our services, manage your account, and access your personal data.
   3. Business Address:1111B S Governors Ave STE 20950, Dover, DE 19904, USA. This is our registered business address where we conduct our operations and where official correspondence should be directed.
   4. Contact Form:For all inquiries and communication, please use our contact form. This is the primary channel for communication with us regarding any data protection inquiries, requests for access to or deletion of your personal data, or any other privacy-related concerns. Please ensure that your message includes relevant details to help us address your query effectively.


3. Phone Support:Please be advised that we do not offer customer support via telephone. All inquiries, requests, and concerns should be directed to us through our contact form. This policy helps us manage and respond to your queries efficiently and securely.


4. Data Protection Officer (DPO):While we are not legally required to appoint a Data Protection Officer under GDPR, we are committed to ensuring that data protection is a priority within our organization. If you have any specific concerns about how we handle your data, please contact us through our contact form.

We collect and process various categories of personal data to deliver, enhance, and personalize our services. Below is a comprehensive breakdown of the types of personal data we collect:

1. User Information:
   1. Name:During the registration process, we collect your full legal name. This information is essential for creating and managing your account, ensuring accurate identification, and personalizing communication. Your name also helps us address you appropriately in correspondence and notifications.
   2. Email Address: We require your email address for several purposes:
      Account Creation: To create and activate your user account. Service Notifications: To send you updates about your account, including confirmation emails, password resets, and other essential notifications related to our services. Correspondence: To communicate with you regarding any issues or requests related to your account or our services. Important Updates: To inform you of significant changes to our services, new features, or security updates that may affect you.


2. Heirs’ Information:
   1. Names of Heirs:We collect the names of the individuals you designate as heirs. This data is crucial for ensuring that your letters are delivered to the intended recipients after the event of your passing. Accurate names help us match the letters to the correct heirs efficiently.
   2. Email Addresses of Heirs:We collect the email addresses of your designated heirs to facilitate the delivery of your letters. This information is used solely for the purpose of sending your letters to the appropriate recipients upon verification of your passing. We do not use these email addresses for any other purpose.


3. Letter Content:You compose and upload letters that may include sensitive or private information. These letters are stored securely in our system. We use encryption and other security measures to protect the content from unauthorized access. The letters are managed according to your instructions and are only accessed or delivered as specified by you. This can encompass:
   1. Personal Messages:Emotional or personal content meant for your loved ones.
   2. Financial Details:Information related to your financial assets, accounts, or other economic considerations.
   3. Instructions for Heirs:Any specific instructions or guidelines you wish to provide to your heirs.


4. Technical and Interaction Data
   1. IP Address:We automatically log your IP address when you access our website. This data helps us:
      1. Detect and Prevent Unauthorized Access:Monitor for unusual activity and protect against potential security threats.
      2. Monitor Security:Track access patterns to ensure the integrity and security of our systems.
      3. Assist with Troubleshooting:Diagnose and resolve any issues that may arise during your use of our services.
   2. Device Information:We collect information about your device to ensure compatibility and optimize the functionality of our services. This includes:
      1. Device Type:Information about the type of device you are using (e.g., smartphone, tablet, desktop).
      2. Operating System:Details about the operating system your device runs (e.g., Windows, macOS, iOS, Android).
      3. Browser Version:Information about the version of the web browser you are using to access our site (e.g., Chrome, Firefox, Safari). This data helps us tailor our website's functionality and performance to your device and browser, ensuring a seamless user experience.
   3. Cookies:We use cookies, which are small text files stored on your device, for various purposes:
      1. User Preferences:To remember your preferences and settings, such as language choices and login details.
      2. Session Management:To keep track of your session while you are logged in, ensuring that you remain authenticated.
      3. Website Performance:To analyze how you interact with our website, helping us identify areas for improvement.
      4. Analytics:To collect data on website usage and performance, which assists us in understanding user behavior and enhancing our services.

      You can manage cookie settings through your browser's privacy settings. However, blocking cookies may impact the functionality of certain features on our site.

We process your personal data for a range of specific purposes to deliver and enhance our services effectively. Below is a detailed explanation of each purpose:

1. Service Provision
   1. Core Service Fulfillment:
      1. Storage and Management of Letters:We process your letters by securely storing them in our system according to your specifications. This involves ensuring that your letters are properly organized and protected until they are needed.
      2. Delivery of Letters:Upon confirmation of your passing, we use the information provided to deliver your letters to the designated heirs. This includes verifying the authenticity of the event and ensuring that letters are sent accurately and timely to the recipients you have specified.
   2. Account Management:
      1. Registration:We collect and process your personal data to create and activate your user account. This involves verifying your information and setting up your account profile.
      2. User Authentication:To ensure secure access to your account, we process data to authenticate your identity during login and session management. This helps prevent unauthorized access to your account.
      3. Account Maintenance:We handle routine tasks such as updating your account information, managing settings, and addressing any issues related to account functionality.


2. Customer Support and Communication
   1. Support:
      1. Issue Resolution:We use your contact information to address any issues you may encounter while using our services. This includes troubleshooting technical problems, resolving account-related queries, and providing guidance on using our features.
      2. Assistance:Our customer support team uses your data to offer personalized assistance, answer questions, and provide help based on your specific needs and interactions with our services.
   2. Service Updates:
      1. Important Notifications:We process your contact details to inform you about significant changes to our services, such as updates, new features, or alterations in our terms and policies. This ensures you are aware of any modifications that may affect your use of our services.
      2. Maintenance Notices:To keep you informed about planned maintenance, system outages, or disruptions, we send notifications that are relevant to the availability and performance of our services.


3. Legal Compliance
   1. Compliance with Data Protection Laws:
      1. Regulatory Adherence:We process your data to comply with applicable data protection laws, including GDPR. This involves ensuring that our data handling practices meet legal standards and obligations.
      2. Legal Requests:We may use your data to respond to legal requests, such as court orders, subpoenas, or other legal processes. This ensures we fulfill our legal obligations and cooperate with law enforcement or regulatory authorities as required.
   2. Regulatory Requirements: We may process your data to prepare reports or documents required by regulatory bodies. This includes maintaining records of data processing activities and ensuring transparency in our data handling practices.


4. Security and Fraud Prevention
   1. Security Measures:
      1. Fraud Prevention:We use your data to detect and prevent fraudulent activities, such as unauthorized transactions or account misuse. This involves monitoring for suspicious behavior and implementing security measures to protect against potential threats.
      2. Unauthorized Access Prevention:To safeguard your personal data, we employ various security measures, including encryption, access controls, and regular security assessments, to prevent unauthorized access to our systems and data.
   2. Monitoring and Prevention:
      1. Service Integrity:We continuously monitor our systems to ensure the integrity and reliability of our services. This includes detecting and addressing potential vulnerabilities or security incidents that may impact the quality and security of our services.
      2. User Data Protection:We implement practices to protect user data from breaches or misuse, ensuring that our security measures are effective in maintaining the confidentiality and integrity of your information.


5. Analytics and Improvement
   1. Website Usage Analysis:
      1. Data Collection:If we integrate analytics tools such as Google Analytics in the future, we will use these tools to collect and analyze data on how you interact with our website. This includes tracking metrics such as page views, click-through rates, and user navigation patterns.
      2. User Behavior Insights:The data collected helps us understand user behavior and preferences, enabling us to make informed decisions about website improvements and feature enhancements.
   2. Performance Metrics:By analyzing performance metrics, we can identify areas for improvement, optimize the user experience, and ensure that our services meet your needs effectively. This includes making adjustments based on user feedback and usage trends.

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds. Each basis is outlined in detail below:

1. Consent:
   1. Definition:Consent refers to your explicit permission to collect, store, and process your personal data in accordance with the terms outlined in this Privacy Policy. By using our services, you provide consent for us to handle your personal data as described.
   2. Scope of Consent:Your consent encompasses the collection of personal information such as your name, email address, letters, and any details about your heirs. It also includes the processing of this data to deliver our services effectively.
   3. Withdrawal of Consent:You have the right to withdraw your consent at any time. This can be done by contacting us via the contact details provided in this Privacy Policy. However, please note that withdrawal of consent does not affect the legality of processing conducted based on your consent prior to its withdrawal. Additionally, withdrawing consent may impact your ability to use certain features of our services, as we will no longer be able to process your data for the purposes you originally consented to.


2. Performance of a Contract:
   1. Contractual Necessity:We process your personal data to fulfill our contractual obligations to you. This includes:
      1. Account Management:Creating and maintaining your user account, verifying your identity, and providing access to your account.
      2. Service Delivery:Storing and managing the letters you compose, ensuring they are delivered to the designated heirs upon your passing, and performing other tasks necessary to provide the services you have requested.
   2. Scope of Processing:This legal basis covers the processing required to execute the services you have engaged with, including tasks such as updating your account information, managing letter delivery, and responding to service-related requests.


3. Compliance:
   1. Legal Obligations:We process your personal data to meet various legal and regulatory requirements. This includes:
      1. Adherence to Laws:Complying with applicable data protection laws and regulations, such as GDPR, to ensure our data handling practices are lawful and transparent.
      2. Responding to Legal Claims:Processing data in response to legal claims, requests from regulatory authorities, or legal proceedings that require us to disclose certain information.
      3. Regulatory Obligations:Fulfilling obligations imposed by regulatory bodies, such as maintaining records of data processing activities or providing information in the context of audits or investigations.
   2. Scope of Compliance:This basis ensures that our data processing activities align with legal requirements and help us maintain compliance with relevant laws.


4. Legitimate Interests:
   1. Definition of Legitimate Interests:We process your personal data based on our legitimate interests, provided that these interests do not override your rights and freedoms. Legitimate interests refer to our need to process data to achieve certain business objectives or operational goals.
   2. Examples of Legitimate Interests:
      1. Service Improvement:Analyzing user data to improve the functionality, performance, and overall quality of our services. This includes identifying areas for enhancement and implementing changes based on user feedback and usage patterns.
      2. Website Security:Monitoring and protecting our website from security threats, including fraud prevention, unauthorized access, and data breaches. This involves using data to detect and respond to potential security incidents.
      3. Fraud Prevention:Implementing measures to prevent fraudulent activities and ensure the integrity of our services. This includes verifying transactions and user actions to detect and mitigate fraudulent behavior.
   3. Balancing Test:We ensure that our legitimate interests do not override your rights and freedoms. This involves conducting a balancing test to evaluate whether the processing is proportionate and if the data processing impacts your privacy or interests negatively.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Below is a detailed breakdown of our data retention practices.

1. Account and Letters
   1. Letters:
      1. Retention:We store your letters securely until the event of your passing is confirmed. Upon verification of this event, your letters are delivered to the designated heirs as per your instructions.
      2. Post-Delivery:After successful delivery to the heirs, we promptly delete the letters from our servers to ensure that your sensitive information is no longer accessible. This deletion process includes both electronic and backup copies of the letters.
   2. Account Information:
      1. Retention:We retain your account information for as long as you actively use our service. This includes data necessary for managing your account, providing customer support, and fulfilling our contractual obligations.
      2. Request for Deletion:If you wish to delete your account, you may submit a request by contacting us through our contact form. We will process your request promptly and ensure that all associated data is removed, except where retention is required for compliance with legal obligations or to address outstanding issues.


2. Technical and Interaction Data
   1. Cookies:
      1. Retention:The retention period for cookies varies depending on their purpose (e.g., session cookies versus persistent cookies). Session cookies are typically deleted when you close your browser, while persistent cookies remain until they expire or you delete them manually.
      2. Management:You have the option to manage and delete cookies through your browser settings.
   2. IP Address and Usage Data:
      1. Retention Period:We retain IP addresses and usage data for up to 12 months to support security and monitoring activities. This data is used for purposes such as detecting and preventing unauthorized access, ensuring the security of our services, and conducting performance analysis.
      2. Review and Deletion:The retention period for IP addresses and usage data is reviewed periodically to ensure it remains appropriate. If you wish to request deletion or review of your data, please contact us through our contact form. We will evaluate your request in accordance with applicable data protection laws and respond accordingly.

We are committed to protecting your personal data and do not sell or rent it to third parties. However, there are specific circumstances under which we may share or disclose your data. Below is a detailed explanation of these scenarios:

1. Third-Party Processors
   1. Service Providers:We utilize third-party service providers to help us deliver and manage our services efficiently. One of the primary service providers we use is Cloudflare.
   2. Cloudflare:
      1. Role: Cloudflare provides data storage and management services, including hosting and database functionalities.
      2. Data Processing Agreement (DPA): Cloudflare is engaged under a Data Processing Agreement (DPA), which is a legally binding contract ensuring that Cloudflare adheres to GDPR standards and processes your data only according to our instructions and for the purposes outlined in this Privacy Policy.
      3. Data Handling: Cloudflare handles your data in strict compliance with our guidelines and solely for the purposes of providing and maintaining our services. Cloudflare does not use your data for its own purposes or share it with other entities without our explicit consent.


2. Legal Compliance
   1. Legal Obligations:We may be required to disclose your personal data to comply with legal requirements. This includes:
      1. Court Orders: Responding to subpoenas, court orders, or other legal processes that compel us to provide your data.
      2. Legal Claims: Providing data in connection with legal claims or disputes where we are legally obligated to do so.
      3. Regulatory Requests: Disclosing data to regulatory bodies or authorities as required for compliance with regulatory obligations or investigations.
   2. Safeguards:We will only disclose data when necessary and will take reasonable steps to ensure that the disclosure is compliant with applicable data protection laws.


3. Business Transfers
   1. Corporate Transactions:In the event of significant corporate transactions such as mergers, acquisitions, or sales of assets, your personal data may be transferred as part of the transaction.
      1. Mergers and Acquisitions: If our company is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal data may be transferred to the new entity.
      2. Data Protection Assurance: Any new entity that acquires or merges with us will be required to honor this Privacy Policy or offer a comparable level of protection for your personal data. We will notify you of such changes and provide information about how your data will be handled by the new entity.


4. Other Disclosures
   1. Consent:Apart from the above scenarios, we may share your data with third parties only if you have explicitly consented to such sharing.
   2. Aggregate Data:We may share aggregated or anonymized data that does not personally identify you. Such data is used for purposes like improving our services and conducting research.

We are committed to implementing robust measures to protect your personal data. Below is a detailed overview of our data security practices:

1. Data Encryption
   1. Transmission Security:We use Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to encrypt all data transmitted between your device and our servers. This encryption ensures that data remains confidential and is protected from eavesdropping or interception during transmission.
   2. Encryption Protocols:Our SSL/TLS certificates are issued by reputable Certificate Authorities (CAs) and adhere to industry standards for encryption strength and security.


2. Secure Storage
   1. Data Storage:Personal data is stored on secure servers managed by Cloudflare, a trusted provider of cloud services. Cloudflare implements advanced security measures to protect stored data.
   2. Encryption:Data at rest is encrypted using strong encryption algorithms to prevent unauthorized access. Encryption keys are managed securely and rotated periodically.
   3. Access Controls:We implement strict access controls, including authentication and authorization mechanisms, to restrict access to personal data to authorized personnel only.


3. Restricted Access
   1. Access Limitation:Access to personal data is restricted to employees or contractors who require it to perform their job functions. Access is granted based on the principle of least privilege, ensuring that individuals only have access to the data necessary for their roles.
   2. Confidentiality Agreements:Employees and contractors with access to personal data are bound by confidentiality agreements that legally obligate them to protect your data.
   3. Training:All personnel with access to personal data undergo regular training on data protection principles, security practices, and the handling of sensitive information.


4. Security Audits
   1. Regular Audits:We conduct regular security audits and vulnerability assessments to identify potential security risks and ensure that our security measures are effective.
   2. Review and Updates:Security audits involve reviewing our security practices, configurations, and policies. Based on audit findings, we implement necessary updates and improvements to address identified vulnerabilities.


5. Data Breach Response
   1. Breach Notification:In the event of a data breach, we will notify affected individuals and relevant regulatory authorities within 72 hours of becoming aware of the breach, in accordance with GDPR requirements.
   2. Breach Details:The notification will include details of the breach, such as the nature of the data affected, the potential impact on individuals, and the steps we are taking to mitigate the breach and prevent future occurrences.
   3. Mitigation Measures:We will also provide information on the measures taken to address the breach, including any remedial actions and additional safeguards implemented to protect data.

We may transfer your personal data outside the European Economic Area (EEA) under the following conditions:

1. Adequate Protection
   1. Adequacy Decisions:We transfer data to countries that the European Commission has recognized as providing an adequate level of data protection. This ensures that your data is protected in accordance with GDPR standards.
   2. Compliance:We regularly review and update our practices to ensure compliance with adequacy decisions and data protection requirements.


2. Standard Contractual Clauses (SCCs)
   1. Non-EU Transfers:For transfers to countries that do not have adequacy decisions, we use Standard Contractual Clauses (SCCs) or other legal mechanisms approved by the European Commission. SCCs are contractual agreements that ensure data protection and safeguard your rights when your data is transferred internationally.
   2. Implementation:SCCs are integrated into our agreements with third-party processors and partners involved in data transfers.


3. Data Processing Agreements
   1. Agreements with Processors:We have Data Processing Agreements (DPAs) with third-party processors, including Cloudflare, to ensure they comply with GDPR requirements when handling your data.
   2. Contractual Obligations:These agreements outline the responsibilities of the processors, including data protection measures, processing instructions, and compliance with GDPR standards.

We use cookies to enhance your experience on our website. Below is a detailed description of our use of cookies:

1. Types of Cookies
   1. Essential Cookies:
      1. Functionality:These cookies are necessary for the functioning of our website. They enable core functionalities such as remembering your login details, preferences, and settings.
      2. Examples:Session cookies, authentication cookies.
   2. Performance Cookies:
      1. Purpose:These cookies collect information about how you use our site, such as which pages you visit most often and if you encounter any errors. The data collected helps us improve the performance and functionality of the website.
      2. Examples:Cookies that track page load times and error messages.
   3. Analytics Cookies:
      1. Purpose:Analytics cookies help us understand user behavior and interactions with our site. They provide insights into how users navigate through the site, which helps us identify areas for improvement and optimize user experience.
      2. Examples:Cookies used by Google Analytics or similar analytics tools.


2. Cookie Management
   1. Browser Settings:
      1. Control:You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies, including those from specific sites. Instructions for managing cookies vary by browser. while persistent cookies remain until they expire or you delete them manually.
      2. Impact:Please note that blocking cookies may affect the functionality of our website, including features such as personalized settings and user login.


3. Consent
   1. Default Settings:By continuing to use our site, you consent to our use of cookies as described in this policy.
   2. Withdrawal of Consent:You may withdraw your consent at any time by adjusting your browser settings to block cookies or by contacting us directly for assistance. Please be aware that some functionality of our website may be limited if cookies are disabled.

Under the General Data Protection Regulation (GDPR), you have several important rights regarding your personal data. Here is a detailed explanation of each right and how you can exercise it:

1. Right to Access
   1. Access Requests:You have the right to obtain confirmation from us about whether we are processing your personal data. If so, you can request access to your personal data and information on how and why it is being processed. This includes details about the categories of data processed, the recipients or categories of recipients, and the retention period.
   2. Response Time:We will respond to your access request within one month of receiving it. If the request is complex or numerous, we may extend the response period by up to two additional months, and we will notify you of any such extension within one month of receiving your request.


2. Right to Rectification
   1. Correction Requests:If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. This ensures that your data is accurate and up to date.
   2. Action Taken:We will make the necessary corrections to your data as soon as possible and notify you once the updates have been made.


3. Right to Erasure
   1. Deletion Requests:You have the right to request the deletion of your personal data under certain conditions. These conditions include when the data is no longer necessary for the purposes for which it was collected, if you withdraw your consent, or if you object to processing and there are no overriding legitimate grounds.
   2. Assessment:We will assess your request and proceed with the deletion unless we are required to retain the data for legal reasons or for the establishment, exercise, or defense of legal claims. If we cannot fulfill your request, we will inform you of the reasons why.


4. Right to Restrict Processing
   1. Restriction Requests:You have the right to request the restriction of processing of your personal data if you contest its accuracy, if you object to processing based on legitimate interests, or if processing is unlawful and you prefer restriction over erasure.
   2. Processing Limits:When processing is restricted, we will only store your data, and processing will be limited to certain circumstances, such as with your consent or for legal claims.


5. Right to Data Portability
   1. Data Portability Requests:You have the right to receive your personal data in a structured, commonly used, and machine-readable format. This allows you to transfer your data to another data controller if technically feasible.
   2. Format and Transfer:We will provide your data in a format that facilitates transfer to another service provider or data controller upon your request.


6. Right to Object
   1. Objection Requests:You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes. If you object to processing based on legitimate interests, we will cease processing your data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms.
   2. Direct Marketing:If you object to processing for direct marketing purposes, we will stop processing your data for those purposes immediately.


7. Right to Withdraw Consent
   1. Consent Withdrawal:If we process your data based on your consent, you have the right to withdraw your consent at any time. This can be done by contacting us using the details provided below.
   2. Impact of Withdrawal:Withdrawal of consent will not affect the lawfulness of processing based on consent before the withdrawal.


8. Right to Lodge a Complaint
   1. Complaints:If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the EU, this would typically be the Data Protection Authority in your country of residence.
   2. Contact:Details of the relevant supervisory authority can be found on the European Data Protection Board (EDPB) website.
   
   

   To exercise any of your rights or for further information, please contact us using our contact form.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. Here’s how we handle updates:

1. Notification of Changes
   1. Updates:Significant changes to this Privacy Policy will be communicated via email to the address associated with your account or through a prominent notice on our website.
   2. Opportunity to Review:You will be given the opportunity to review and accept the updated Privacy Policy. Continued use of our services after such changes signifies your acceptance of the updated terms.


2. Review Frequency:We will review and update this Privacy Policy regularly to ensure that it accurately reflects our data practices and complies with applicable laws.

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us using the following information:

1. Contact Details:
   1. Web site:through our contact form
   2. Address:1111B S Governors Ave STE 20950, Dover, DE 19904 US


2. Communication:We do not offer customer support via phone. For all inquiries, please contact us through our contact form. We aim to respond to your queries promptly and assist with any issues related to your data or this Privacy Policy.