Skip to content
Custodium Vault
Legal

Privacy Policy

Effective date: June 1, 2026. We are committed to protecting your personal information and the sensitive documents you entrust to us.

Custodium Vault ("we," "us," or "our") operates https://custodiumvault.com and provides a secure digital legacy management platform (the "Service"), powered by BePrepared. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read it carefully. If you disagree with its terms, please discontinue use of the Service.

1. Information We Collect

We collect information in three ways: directly from you, automatically through your use of the Service, and from trusted third parties.

Information You Provide Directly

  • Account & Identity — Your name, email address, password, and billing information when you create an account or subscribe to a plan.
  • Vault Content — Any documents, files, credentials, instructions, or personal data you upload or store inside your Custodium Vault (e.g., wills, healthcare directives, financial records, digital account details). This content belongs entirely to you.
  • Trusted Contacts & Deputies — Names and email addresses of individuals you choose to grant access to your vault, along with the access permissions you specify.
  • Communications — Messages you send us via contact forms, email, or support channels.

Information Collected Automatically

  • Usage Data — Pages visited, features used, session duration, clicks, and other interactions within the Service.
  • Device & Technical Data — IP address, browser type and version, operating system, device identifiers, and referring URLs.
  • Cookies & Similar Technologies — We use essential session cookies and optional analytics cookies. You can manage cookie preferences at any time. See our Cookie Policy for details.

Information from Third Parties

We may receive limited information from payment processors (e.g., Stripe) to confirm subscription status. We do not receive your full payment card number — that is handled entirely by our payment processor under PCI-DSS compliance.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and subscription
  • Provide, operate, and improve the Service — including storing, organizing, and retrieving your vault content
  • Authenticate your identity and enforce access controls, including the permissions you grant to trusted contacts
  • Process payments and send receipts, billing notices, and renewal reminders
  • Send transactional emails (e.g., account creation, password reset, emergency access notifications)
  • Respond to your support requests and inquiries
  • Send optional product updates and educational content (you may unsubscribe at any time)
  • Monitor for fraud, abuse, and security threats
  • Comply with applicable laws and legal obligations
  • Analyze aggregated, anonymized usage trends to improve product features (this data cannot identify you)

We will never use your vault content for advertising, marketing profiling, or to train AI models.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

With People You Authorize

When you grant a trusted contact or deputy access to your vault, they can view the specific documents and information you designate — nothing more. You control and can revoke these permissions at any time.

With Service Providers

We work with carefully selected vendors who process data on our behalf under strict contractual obligations, including:

  • Cloud infrastructure — Encrypted storage and hosting (servers located in the United States)
  • Payment processing — Secure billing handled by PCI-DSS-compliant processors
  • Email delivery — Transactional email services for account notifications
  • Analytics — Anonymized, aggregate usage metrics to improve the platform

These providers are prohibited from using your data for any purpose other than providing services to us.

For Legal Reasons

We may disclose information if required by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Custodium Vault, our users, or the public.

Business Transfers

If Custodium Vault is acquired, merged, or sells its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information is subject to a different privacy policy.

4. Data Security

Protecting your legacy documents is our highest priority. We employ industry-leading security measures including 256-bit AES encryption at rest, TLS 1.3 in transit, zero-knowledge architecture, SOC 2 Type II certification, and HIPAA-aligned practices.

For a full breakdown of our security controls, certifications, and infrastructure, please visit our dedicated Security page.

No method of transmission or storage is 100% secure. While we implement robust safeguards, we cannot guarantee absolute security. If you become aware of any security vulnerability, please contact us immediately at hello@custodiumvault.com.

5. Data Retention

We retain your personal information and vault content for as long as your account is active or as needed to provide the Service. When you delete your account:

  • Your vault content and personal data are permanently deleted from our production systems within 30 days.
  • Encrypted backups are purged within 90 days.
  • We may retain anonymized, aggregated data indefinitely for analytical purposes.
  • We may retain certain records longer if required by law (e.g., billing records for tax purposes are typically retained for 7 years).

You can export all your vault data at any time from your account settings before closing your account.

6. Your Rights & Choices

Regardless of where you live, you have meaningful control over your information:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Update or correct inaccurate information through your account settings or by contacting us.
  • Deletion — Request deletion of your account and all associated personal data.
  • Portability — Export your vault contents and account data in a structured, machine-readable format at any time.
  • Opt-out of marketing — Unsubscribe from promotional emails using the link in any email or by contacting us. You will still receive essential transactional messages.
  • Cookie preferences — Manage non-essential cookies via the cookie banner or your browser settings.

To exercise any of these rights, contact us at hello@custodiumvault.com. We will respond within 30 days. We will never discriminate against you for exercising your privacy rights.

7. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know — The categories and specific pieces of personal information we collect, use, disclose, and sell (we do not sell personal information).
  • Right to Delete — Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct — Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing — We do not sell or share personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information — We use sensitive personal information (such as health-related documents in your vault) only to provide the Service.

To submit a California privacy request, email us at hello@custodiumvault.com with the subject line "California Privacy Request." We will verify your identity before processing your request. You may also designate an authorized agent to submit requests on your behalf.

8. International Users

Custodium Vault is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the U.S., where data protection laws may differ from those in your country.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract performance — Processing necessary to provide you with the Service under our Terms of Service.
  • Legitimate interests — Security monitoring, fraud prevention, and service improvement (where these do not override your rights).
  • Legal obligation — Compliance with applicable laws.
  • Consent — For optional marketing communications and non-essential cookies.

EEA/UK users also have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child under 18, please contact us immediately and we will delete that information as soon as possible.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will:

  • Update the "Effective date" at the top of this page.
  • Send an email notification to registered account holders at least 30 days before the changes take effect.
  • Display a prominent notice on our website.

Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please reach out:

We take all privacy inquiries seriously and will respond within 30 days of receipt.