Privacy Policy

Genlocker, Inc. ("Genlocker," "we," "our," or "us") operates the website at genlocker.com and the Genlocker digital estate vault service (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use the Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

• Account information: Email address, name, and a master password (which we never store in recoverable form — see Section 3).
• Vault contents: Files and documents you upload. These are encrypted on your device before transmission and stored in ciphertext on our servers. We cannot read your vault contents.
• Beneficiary information: Names and email addresses of the beneficiaries you designate.
• Payment information: Billing details processed by our payment processor, Stripe. Genlocker does not store payment card numbers.
• Death certificate submissions: When a beneficiary initiates the vault unlock process, they submit a certified copy of a death certificate. This document is retained for audit and fraud-prevention purposes.
• Communications: Emails, support requests, and any other direct communication with us.

1.2 Information Collected Automatically

• Log data: IP address, browser type, operating system, pages visited, and timestamps of access events.
• Cookies and similar technologies: We use essential cookies required for authentication and session management. We do not use third-party advertising cookies. You may disable cookies in your browser, but this may impair the functionality of the Service.
• Usage analytics: Aggregate, anonymized analytics about how the Service is used (e.g., which features are most accessed). We use privacy-first analytics tools that do not identify individual users.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service;
• Verify your identity and authenticate your access;
• Process payments and manage your subscription;
• Verify death certificate submissions and execute vault unlock procedures;
• Send you transactional emails (account confirmations, security alerts, subscription receipts);
• Respond to your support requests and questions;
• Detect, investigate, and prevent fraudulent or unauthorized activity;
• Comply with applicable laws and regulations;
• Send you optional newsletter communications (only if you have opted in).

We do not sell your personal information. We do not use your information for advertising purposes.

3. Zero-Knowledge Architecture

Genlocker is designed so that the contents of your vault are encrypted on your device using a key derived from your master password before any data is transmitted to our servers. This means:

• We store only ciphertext — encrypted data we cannot decrypt;
• We do not store your master password in any recoverable form;
• Genlocker employees cannot read your vault documents;
• In the event of a data breach, attackers would obtain only ciphertext they cannot decrypt without your master password.

Certain metadata (file names, document categories, beneficiary designations) is stored in an encrypted but retrievable form necessary to operate the Service. Access to this metadata is strictly limited and access-controlled.

4. How We Share Your Information

We share your information only in the following circumstances:

• Service providers: We share information with trusted third-party vendors who help us operate the Service, including cloud hosting (AWS), payment processing (Stripe), email delivery, and analytics. These parties are contractually bound to protect your information and may not use it for their own purposes.
• Death certificate verification: When a beneficiary submits a death certificate, we may cross-reference submitted data against the Social Security Death Master File through a third-party verification API. Only the data necessary for the cross-reference (name, date of birth, date of death) is shared.
• Legal requirements: We may disclose information if required to do so by law or in response to a valid legal process (subpoena, court order, or equivalent), or to protect the rights, property, or safety of Genlocker, our users, or the public.
• Business transfers: If Genlocker is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you via email before your information becomes subject to a different privacy policy.
• With your consent: We may share your information for other purposes with your explicit consent.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Retention

We retain your account information and vault data for as long as your account is active or as needed to provide the Service. If you cancel your subscription, we retain your data for 90 days to allow export, after which it is permanently deleted.

Death certificate submissions and associated verification records are retained for 7 years for legal and fraud-prevention purposes.

Log data is retained for 12 months.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of your account and associated data. Because vault contents are zero-knowledge encrypted, deletion permanently destroys data we cannot recover.
• Portability: Export your vault documents at any time through the Service dashboard.
• Opt-out of marketing: Unsubscribe from newsletters at any time via the unsubscribe link in any marketing email.
• California residents (CCPA): You have the right to know what personal information we collect and how it is used, to request deletion, and to opt out of the sale of personal information (we do not sell personal information).

To exercise these rights, contact us at privacy@genlocker.com.

7. Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, multi-factor authentication, and regular security audits. For a full description of our security architecture, see our Security page.

No system is completely secure. While we take security seriously and implement strong controls, we cannot guarantee that unauthorized parties will never gain access. If you believe your account has been compromised, contact us immediately at security@genlocker.com.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us and we will delete it.

9. International Data Transfers

Genlocker is based in the United States and stores data on servers located in the United States. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with a new effective date, and by sending an email to the address associated with your account. Your continued use of the Service after a change constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@genlocker.com
• Mailing address: Genlocker, Inc., [Address to be added at incorporation]