Privacy Policy

    Summary: We store almost nothing about you. Your login credentials and browser sessions live only on your computer. Our servers store only your check-in timestamp, timer settings, and notification preferences — nothing else. We never see your passwords, emails, photos, or account data.
  

1. Who We Are

Delete After I Die is a digital privacy automation tool operated by Compass Direct LLC, a California limited liability company ("Company," "we," "us," "our"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our desktop application, mobile check-in application, website at deleteafteridie.com, or any related services (collectively, the "Service").

2. Notice at Collection (California CCPA/CPRA)

At or before the point of collection, California residents are entitled to know what personal information is being collected. We collect the following categories:

Category	What We Collect	Why	Sold or Shared?
Identifiers	Email address, hashed user ID	Account creation, notifications	No
Commercial information	Purchase record (via Stripe)	License verification	No
Internet/network activity	Check-in timestamps, timer config, IP address at registration	Service operation	No
Geolocation	None	—	No
Credentials / account data	None — stored locally on your device only	—	No
Sensitive personal information	None collected by our servers	—	No

We do not sell or share your personal information with third parties for cross-context behavioral advertising.

3. What We Collect and How

3.1 Information You Provide

Email address — collected at registration or email capture for account creation, license delivery, and notifications.
Payment information — processed entirely by Stripe. We never see or store your credit card number, bank details, or billing address. Stripe provides us only a transaction confirmation and customer ID.
Notification preferences — push, email, and SMS settings you configure in the app.
Trusted contact email — if you choose to configure a trusted contact, their email address is stored on our relay server to enable notifications.

3.2 Information Collected Automatically

Check-in timestamps — the date and time of each heartbeat received from your mobile check-in app.
Timer configuration — your selected check-in interval and grace period settings.
Platform health registry data — anonymized status of supported platform integrations.
Basic server logs — IP address, user agent, and request timestamps for security and abuse prevention, retained for up to 90 days.
Assent records — timestamp, IP address, and version number of Terms of Service accepted at checkout, retained for the duration of your account plus 3 years.

3.3 What We Explicitly Do NOT Collect

Your passwords or login credentials for any third-party platform
Your browser session tokens or cookies
The content of your emails, files, photos, or messages
The specific accounts or files you configure for deletion
Any data from third-party platforms accessed during deletion routines

All third-party account credentials and session data are stored exclusively on your local device using your operating system's built-in security (macOS Keychain / Windows Data Protection API). They never leave your machine.

4. How We Use Your Information

To create and manage your account
To deliver license keys and purchase confirmations
To operate the check-in timer and send escalating notifications
To notify your trusted contact if configured
To provide customer support
To detect and prevent fraud and abuse
To maintain records of Terms of Service assent for legal compliance
To comply with applicable law and respond to lawful requests

We do not use your information for advertising, behavioral profiling, or any purpose unrelated to operating the Service.

5. Data Retention

Data Type	Retention Period
Email address	Duration of account + 1 year after deletion request
Check-in timestamps	Rolling 90-day window; older records deleted automatically
Timer configuration	Duration of account
Trusted contact email	Duration of account or until removed by user
Purchase/license records	7 years (tax and legal compliance)
Terms of Service assent records	Duration of account + 3 years
Server access logs	90 days

6. Subprocessors and Third-Party Services

We use the following third-party service providers to operate the Service:

Provider	Purpose	Data Shared
Stripe	Payment processing	Email, transaction data
Railway / Fly.io	Cloud relay server hosting	All server-side data described above
Supabase	Database	All server-side data described above
Brevo / Resend	Transactional email	Email address
Twilio	SMS notifications (opt-in only)	Phone number (if provided)
Sentry	Error monitoring	Anonymized crash reports, no user content

All subprocessors are contractually required to protect your data and are prohibited from using it for any purpose other than providing services to us.

7. Data Security

We implement commercially reasonable security measures including encrypted data transmission (HTTPS/TLS), hashed user identifiers, and access controls on our relay servers. However, no system is 100% secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

Security contact: brad@bradyeager.com (Subject: "Security Issue")

8. Your Rights

8.1 California Residents (CCPA/CPRA)

California residents have the right to:

Know what personal information we collect, use, disclose, and sell
Delete personal information we hold about you (subject to exceptions)
Correct inaccurate personal information
Opt out of sale or sharing of personal information (we do not sell or share)
Non-discrimination for exercising your rights
Limit use of sensitive personal information (we do not collect sensitive personal information on our servers)

To exercise your rights, contact: brad@bradyeager.com (Subject: "Privacy Rights Request"). We will respond within 45 days as required by law.

8.2 All Users

Access: Request a copy of the personal information we hold about you
Deletion: Request deletion of your account and associated data
Correction: Request correction of inaccurate information
Portability: Request your data in a portable format

9. Cookies and Tracking

Our website (deleteafteridie.com) uses only essential cookies required for basic site functionality (session management and security). We do not use advertising cookies, tracking pixels, or third-party analytics that share your data with advertisers. We do not engage in cross-site tracking.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected information from a minor, we will delete it promptly. If you believe a minor has provided us personal information, contact brad@bradyeager.com.

11. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction. By using the Service, you consent to this transfer.

For users in the European Economic Area, United Kingdom, or Switzerland: our legal basis for processing your personal data is performance of a contract (to provide the Service) and our legitimate interests (security and fraud prevention). You have additional rights under the GDPR as described in our Terms of Service Section 20.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of the Service after any update constitutes acceptance of the revised policy.

13. Contact

Compass Direct LLC
Operating as: Delete After I Die
Email: brad@bradyeager.com
Privacy Rights Requests: brad@bradyeager.com (Subject: "Privacy Rights Request")
Security Issues: brad@bradyeager.com (Subject: "Security Issue")