DeadSwitch

Privacy Policy

Last updated: February 22, 2026

Overview

DeadSwitch ("we," "us," or "our") is built on a zero-knowledge architecture. We cannot read, access, or decrypt your vault contents. This privacy policy explains what limited data we do collect and how we use it.

What We Cannot Access

Your vault data is encrypted on your USB drive using AES-256-GCM-SIV with keys derived from your master password via Argon2id. We never have access to:

  • Your master password
  • Your vault contents (passwords, financial accounts, crypto wallets, documents, etc.)
  • Your video or audio messages
  • Your beneficiaries' emergency card secrets
  • The plaintext contents of any cloud backup (encrypted client-side before upload)

What We Collect

Account Information

When you register for the check-in service or purchase DeadSwitch, we collect your email address, display name, and a hashed version of your account password (hashed with scrypt; we never store your plaintext password). If you provide a phone number for SMS check-ins, we store that as well.

Beneficiary Information

If you register beneficiaries with our check-in server, we store their names, email addresses, and phone numbers so we can deliver release notifications if the dead man's switch triggers. We also store encrypted key shares (which we cannot decrypt without the beneficiary's emergency card secret).

Check-In Data

We track your check-in status (armed, warning, grace, triggered), check-in timestamps, and state transition history. This is necessary to operate the dead man's switch reliably.

Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVV, or full billing details. We receive and store your order tier, email, and shipping address (if applicable) from Stripe for order fulfillment.

Cloud Backup Metadata

If you use the cloud backup feature, we store metadata about your backups (file size, upload date, checksum) but not the backup contents. Backups are encrypted client-side before upload and stored on Cloudflare R2. We cannot decrypt them.

Website Analytics

We do not use third-party tracking scripts, cookies for advertising, or analytics platforms that profile visitors. Server logs may record IP addresses and user agents for security and abuse prevention purposes; these are retained for no more than 90 days.

How We Use Your Data

  • To operate the dead man's switch check-in system and send you check-in reminders via email and SMS
  • To deliver release notifications to your beneficiaries if the switch triggers
  • To process your purchase and fulfill your order
  • To provide cloud backup storage if you subscribe
  • To send you account-related communications (password resets, service changes)

We do not sell, rent, or share your personal information with third parties for marketing purposes. We will never monetize your data.

Third-Party Services

We use the following third-party services to operate DeadSwitch:

  • Stripe — Payment processing. Subject to Stripe's Privacy Policy.
  • Resend — Transactional email delivery (check-in reminders, release notifications).
  • Twilio — SMS delivery for check-in reminders.
  • Cloudflare R2 — Encrypted cloud backup storage. Cloudflare cannot decrypt your backups.

Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where retention is required by law (e.g., payment records for tax purposes). Cloud backups are deleted when your subscription ends or upon account deletion.

Data Security

All server communications use TLS encryption. Account passwords are hashed with scrypt. JWT tokens expire after 30 days. Our server infrastructure uses PostgreSQL with encrypted connections. The vault application itself uses military-grade encryption (AES-256-GCM-SIV, XChaCha20-Poly1305, Argon2id) that we have no ability to bypass.

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Delete your account and associated data
  • Export your data in a portable format
  • Withdraw consent for optional communications

To exercise any of these rights, contact us at privacy@dead-switch.com.

Children's Privacy

DeadSwitch is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email. The "last updated" date at the top of this page reflects the most recent revision.

Contact

If you have questions about this privacy policy or our data practices, contact us at privacy@dead-switch.com.