top of page

PRIVACY POLICY

Effective Date: 12/1/2025
My FinalKey, LLC

My FinalKey, LLC (“MyFinalKey,” “we,” “us,” or “our”) is committed to protecting the confidentiality, integrity, and security of the personal information entrusted to us. This Privacy Policy (“Policy”) describes how we collect, use, store, disclose, and safeguard information when you access the MyFinalKey mobile application, website, cloud services, and associated features (collectively, the “Services”).

By accessing or using the Services, you agree to the practices described herein. If you do not agree to this Policy, you must discontinue use of the Services.

 

1. INFORMATION WE COLLECT

We may collect the following categories of information:

 

1.1 Information You Provide Directly

  • Registration Information: Name, email address, phone number, authentication credentials.

  • Personal Planning Information: End-of-life wishes, planning documents, designated Successors and Keyholders, preferences regarding funeral, medical, legal, and digital matters.

  • Sensitive Uploaded Content: Wills, directives, identity documents, passwords or access credentials, insurance policies, account numbers, digital asset lists, and other materials you voluntarily store within the encrypted vault.

  • Payment Information: Processed exclusively by Apple App Store. FinalKey does not retain payment card details.

 

1.2 Information Collected Automatically

  • Device identifiers, IP address, operating system type/version, performance metrics, in-app behavior, crash logs, and related analytics.

 

1.3 Information from Third Parties

  • Identity verification partners

  • Death-event verification and certificate-validation services

  • Analytics providers

  • Cloud hosting platforms (AWS, Render.com)

  •  AWS S3: Encrypted document storage                                                                            

  •  HashiCorp Vault: Secure credential storage                                                                    

  •  OpenAI: AI-powered features (anonymized queries only) 

 

2. PURPOSES FOR WHICH WE USE INFORMATION

We use information only for legitimate, disclosed, and user-authorized purposes, including:

  • Delivering, maintaining, and improving the Services.

  • Securing and encrypting user content in storage and in transit.

  • Authenticating users and enforcing access controls.

  • Enabling successor and keyholder workflows following a verified end-of-life event.

  • Processing transactions and managing subscriptions.

  • Conducting analytics and operational performance analysis.

  • Preventing, detecting, and responding to fraud, security incidents, and misuse.

  • Complying with contractual, legal, regulatory, and law-enforcement obligations.

FinalKey does not sell personal data under any circumstance.

 

3. DATA SECURITY, ENCRYPTION & HIPAA-ALIGNED SAFEGUARDS

Although FinalKey is not a “covered entity” or “business associate” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we voluntarily implement administrative, physical, and technical safeguards that align with HIPAA-grade security principles. This does not constitute a representation of HIPAA applicability or certification.

 

3.1 Encryption Standards

  • Data in Transit: TLS 1.2+

  • Data at Rest: AES-256 or equivalent encryption

  • User-specific vault content is encrypted such that FinalKey personnel cannot access decrypted content (“zero-knowledge architecture,” where applicable).

 

3.2 Cloud Infrastructure Security

Amazon Web Services (AWS)

  • Virtual Private Cloud (VPC) isolation

  • Encrypted Amazon RDS databases

  • Role-based IAM access restrictions

  • RDS Proxy connection pooling

  • Automated backups and disaster recovery

Render.com

  • Encrypted data at rest and in transit

  • Isolated deployment environments

  • Automatic patching and continuous monitoring

  • Strict role-based and credential-scoped access

 

3.3 Access Controls

  • Multi-factor authentication (MFA) where required

  • Strict internal role-based permissions

  • Comprehensive logging of administrative activity

  • Rate limiting and intrusion detection mechanisms

 

3.4 Incident Response

We maintain an incident response protocol for detection, containment, investigation, remediation, and, where required, user notification.

 

4. HOW WE SHARE INFORMATION

We do not share information except in the limited circumstances described below:

 

4.1 At Your Direction

You may explicitly authorize FinalKey to share data with:

  • Successors

  • Keyholders

  • Legal, medical, or personal representatives

  • Family members or advisors you designate

Vault information is never decrypted or disclosed by FinalKey except as expressly authorized by the User or required by law.

 

4.2 Service Providers

We may share limited information with service providers who support the Services, including:

  • Cloud hosting (AWS, Render.com)

  • Analytics providers

  • Payment processors

  • Security and identity-verification partners

  • Customer support vendors

These providers are contractually restricted from using information other than to perform contracted functions.

 

4.3 Legal and Regulatory Requirements

We may disclose information when legally required to:

  • Comply with subpoenas, court orders, or regulatory inquiries

  • Protect the rights, property, or safety of FinalKey, users, or the public

  • Detect or prevent fraud or security breaches

Where permissible, we will challenge overly broad or improper requests.

 

5. DATA RETENTION AND DELETION

We retain personal information only for as long as necessary to:

  • Provide and support the Services

  • Maintain accurate logs and backups

  • Comply with legal and regulatory obligations

  • Support successor/keyholder transitions

Upon user-initiated deletion:

  • Encrypted vault contents are permanently and irreversibly destroyed.

  • Residual encrypted backups are purged in accordance with our backup retention schedule.

  • Minimal identifying metadata may be retained solely for legal, accounting, or security-related purposes.

 

6. INTERNATIONAL DATA TRANSFERS

Your information may be processed in the United States or other jurisdictions where our service providers operate. When legally required, FinalKey employs recognized data-transfer mechanisms, such as Standard Contractual Clauses, to safeguard personal information.

 

7. YOUR RIGHTS

Subject to applicable law, you may have the right to:

  • Access your personal information

  • Request corrections

  • Request deletion

  • Request portability

  • Restrict or object to certain processing

  • Opt out of non-essential tracking technologies

We may require verification of your identity prior to fulfilling requests.

 

8. CHILDREN’S PRIVACY

The Services are intended solely for individuals 18 years of age or older. We do not knowingly collect personal information from children. If such information is identified, it will be deleted promptly.

 

9. THIRD-PARTY WEBSITES AND LINKS

The Services may include links to external websites or applications. FinalKey is not responsible for the privacy practices or content of such third parties. Users are encouraged to review their respective privacy policies.

 

10. POLICY UPDATES

We may modify this Policy from time to time. Revised versions become effective upon posting within the Services. For material changes, we will provide additional notice as required.

Your continued use of the Services constitutes acceptance of the updated Policy.

 

11. CONTACT INFORMATION

For questions regarding this Policy or your privacy rights, please contact:

FinalKey, LLC
Email: support@myfinalkey.com
Address: Dallas, TX

bottom of page