FutureSense AI

Digital Heritage

Privacy Policy

Last Updated: January 13, 2026

Introduction

Digital Heritage is committed to protecting your privacy. This Privacy Policy explains how we handle your information for personal continuity and contingency planning, with special emphasis on our unique security model: client-side encryption that ensures we never have access to your sensitive data.

By using Digital Heritage, you agree to the terms of this Privacy Policy.

Critical Security Information

Your secrets are encrypted on YOUR device before they reach our servers.

  • We never see your passwords or files - Everything is AES-256-GCM encrypted before upload
  • We never see your encryption keys - Keys are derived locally using PBKDF2 key derivation
  • We only store encrypted data - We cannot provide your secrets, even if legally compelled
  • Only your contacts can decrypt - After verification, they use the master password you provided them

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address (from OAuth2 provider: Google, Microsoft)
  • Name (from your OAuth2 provider)
  • User ID (generated by Firebase Auth)
  • Profile picture (from your OAuth2 provider, optional)

1.2 Encrypted Secrets

You provide:

  • Encrypted secret data: Passwords, notes, files (PDF/text up to 2MB each, 5MB total storage per user)
  • Secret metadata: Title, type, creation date, which trusted contacts have access
  • IMPORTANT: ALL secret content (including files) is encrypted client-side before upload. We only store the encrypted version.

1.3 Trusted Contact Information

For each trusted contact (beneficiary), we store:

  • Email address
  • Name
  • Unique access code (6-character alphanumeric)
  • Relationship to user
  • Which secrets they can access

1.4 Check-In Data

  • Last check-in timestamp
  • Check-in frequency (daily/weekly/monthly/custom)
  • Check-in method (web/mobile)
  • Check-in history

1.5 Usage Data

  • Access logs (when you log in)
  • Secret creation/modification/deletion events
  • Trusted contact access attempts
  • IP address and device information for security purposes

2. How We Protect Your Data

2.1 Client-Side Encryption

Your secrets are encrypted BEFORE they leave your device using:

  • AES-256-GCM: Military-grade encryption standard
  • PBKDF2: Password-based key derivation (industry-standard iteration count)
  • Random IV & Salt: Unique initialization vector and salt for each secret
  • No key storage: Your master password is never stored or transmitted

2.2 Server-Side Security

  • Firebase Security Rules: Strict access control preventing unauthorized access
  • Encryption in Transit: All data transmitted over HTTPS/TLS 1.3
  • Encryption at Rest: Firebase encrypts all stored data
  • Authentication: OAuth2 via Google, Microsoft
  • Access Logging: All access attempts are logged

3. When We Share Information

We ONLY share your secrets with your designated trusted contacts (beneficiaries), and ONLY after:

We do not sell or monetize your personal data.

3.1 Trusted Contact Release Conditions

Your encrypted secrets are released to trusted contacts ONLY when:

  • You have missed check-ins for 30+ days, AND
  • Trusted contact verifies their identity with the correct access code, AND
  • The trusted contact's email has been verified

3.2 What Trusted Contacts Receive

Trusted contacts only receive:

  • Encrypted secret data: Still encrypted, they need the master password you provided them to decrypt both text secrets and files
  • Secret metadata: Title, type, creation date, file names
  • Your instructions: Any notes or decryption instructions you've provided for them

Important: You must provide your trusted contacts (beneficiaries) with your master password through a separate secure channel (e.g., written in a will, in a safe, or with a trusted executor).

3.3 Notifications

We may send notifications to:

  • You: Check-in reminders, account activity
  • Trusted contacts: When added, when check-ins are missed, when secrets are released

3.4 Legal Requirements

  • We may disclose account information if required by law
  • IMPORTANT: Even if compelled, we cannot provide your secrets because they are encrypted client-side and we don't have your decryption keys
  • We can only provide encrypted data, which is useless without the master password

4. Data Retention and Deletion

4.1 Your Rights

You have the right to:

  • Delete individual secrets: Immediate, permanent deletion
  • Delete trusted contacts (beneficiaries): Remove their access immediately
  • Delete your entire account: Removes all data permanently
  • Export your data: Download all your secrets (encrypted)

4.2 Automatic Deletion

Your account and all data will be automatically deleted if:

  • Your account is inactive for 2+ years AND you have no trusted contacts (beneficiaries)
  • Your secrets have been released to trusted contacts AND 1 year has passed

4.3 Backup and Retention

  • Firebase maintains automated backups for disaster recovery
  • Backups are deleted according to Firebase's retention policies (typically 30-90 days)
  • When you delete data, it's removed from live servers immediately

5. Third-Party Services

We use the following services:

  • Google Firebase: Authentication, database, storage, hosting
  • OAuth2 Providers: Google, Microsoft, Facebook for authentication
  • Email Service: For sending notifications (configurable, defaults to Firebase/Gmail)

These services have their own privacy policies. We only use services that meet our strict security standards.

6. Children's Privacy

Digital Heritage is not intended for children under 18. We do not knowingly collect information from children under 18. If we discover we have collected such information, we will delete it immediately.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Firebase stores data in secure data centers worldwide. We ensure that:

  • Adequate security measures are in place
  • Data is protected according to this Privacy Policy
  • EU users' data is protected under GDPR standards

8. California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights:

  • Right to Know: What categories of information we collect
  • Right to Delete: Request deletion of your information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)

9. GDPR Compliance (EU Users)

If you are an EU resident, you have the following rights under GDPR:

  • Right to Access: Request a copy of your data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Portability: Receive your data in a structured format
  • Right to Object: Object to processing of your data
  • Right to Restrict Processing: Limit how we use your data

To exercise these rights, contact us at the email address below.

10. Security Measures Summary

✅ Encryption

AES-256 client-side, HTTPS/TLS 1.3 in transit

✅ Authentication

OAuth2, Firebase Auth security rules

✅ Access Control

Trusted contact verification, access codes

✅ Logging

All access attempts logged and monitored

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or your personal information, please contact us:

Email: admin@futuresenseai.com

Website: https://vault.futuresenseai.com