Privacy Policy

Last Updated: January 22, 2026

This Privacy Policy explains how PostMortem ("PostMortem", "we", "us") collects, uses, and protects information in connection with our service that helps you securely prepare and deliver messages and information to your selected recipients. By using our services, you agree to the practices described here.

Information We Collect

  • Account Information: First name, last name, email address, phone number, password hash, and verification status when you create an account.
  • Message Boxes and Content: You can create message boxes containing text messages, emails, photos, videos, audio recordings, and optional credentials you want delivered later. Message box content is encrypted on your device using an encryption key generated for you. We do not store your encryption key—only you have access to it. If you lose your encryption key, your message content cannot be recovered.
  • Legacy Contacts: Names and email addresses of legacy contacts (recipients) you designate to receive your messages. We generate unique access keys for each contact which are required to authenticate and view released content.
  • Scheduling & Status Data: Check‑in interval, heartbeat timestamps, and computed delivery dates so we can determine when to deliver your message boxes.
  • Identifiers: User IDs (such as account IDs and assigned user identifiers) and device IDs (such as device advertising identifiers) to identify your account and devices.
  • Usage Data: Product interaction data including app launches, taps, clicks, scrolling information, and other information about how you interact with the app.
  • Device Information: Log data such as IP address, device type, browser details, and operating system needed to secure the service, detect abuse, and improve reliability.
  • Diagnostics: Crash data (crash logs), performance data (such as launch time and energy use), and other diagnostic data collected for measuring technical diagnostics and improving app stability.
  • Support & Feedback: Information you provide when you contact us for help or submit feedback.

How We Use Information

  • Provide, maintain, and improve the service.
  • Authenticate you, secure accounts, and prevent fraud and abuse.
  • Calculate check‑in deadlines and schedule deliveries according to your configuration.
  • Send transactional emails (verification, reminders, and delivery notifications).
  • Offer support and communicate about changes to the service.
  • Comply with legal obligations and enforce our terms.

Legal Bases

Where required (e.g., the EEA/UK), we process personal data based on: (i) performance of a contract (providing the service you requested), (ii) legitimate interests (security, analytics, improving our services), and (iii) consent where applicable (e.g., certain marketing communications).

Data Sharing

We do not sell personal data. We share limited information with trusted service providers that help us run PostMortem, such as cloud hosting, email delivery, analytics, and security providers. These processors are bound by contracts and may only process data as instructed by us. If required by law, we may disclose information to authorities following due process.

Note: Message box content is encrypted on your device before being stored. We do not have access to your encryption key and cannot decrypt your message content. Access keys are generated per legacy contact and are required for recipients to authenticate and view released content. We do not share access keys with third parties.

Security

  • All data in transit is protected using TLS encryption.
  • Message box content is encrypted on your device before being uploaded. Your encryption key is generated locally and never sent to our servers—we cannot access or decrypt your message content.
  • If you lose your encryption key, your message content cannot be recovered. You are responsible for securely storing your encryption key.
  • Access keys are unique per legacy contact and use cryptographic methods to ensure authenticity.
  • Recipients must provide their access key to authenticate and view released content.
  • Access controls, logging, and monitoring are used to protect infrastructure and detect unauthorized access.
  • Passwords are hashed using industry-standard methods and are never stored in plain text.

Retention

We retain account and configuration data for as long as your account is active. You can delete message boxes or your account at any time from within the app; deletions are reflected in active systems promptly and removed from backups within a reasonable period (typically 30–45 days).

Your Rights & Choices

  • Access, correction, and deletion of your data.
  • Export of your message box metadata and contacts upon request.
  • Objection or restriction to certain processing where applicable by law.
  • Withdrawal of consent where we rely on consent.

To exercise rights, contact us at help@trypostmortem.com.

International Transfers

If data is transferred across borders, we use appropriate safeguards such as Standard Contractual Clauses where required.

Children

PostMortem is not intended for children under 16 and we do not knowingly collect their data.

Changes to this Policy

We may update this policy from time to time. If material changes are made, we will notify you by email or within the app. Your continued use of the service after changes take effect constitutes acceptance.

Contact

Questions or requests regarding privacy can be sent to help@trypostmortem.com.

Return to Home