Your data

Privacy Policy

Last updated: 1 May 2026

Your right to delete your data

You can permanently delete your Jottam account and all associated data at any time from your profile menu → Delete account. This removes every vault, jot, file, and beneficiary record we hold for you, instantly and irreversibly. No residual copies are retained after deletion.

End-to-end encrypted by design

All files and notes you store in Jottam are encrypted on your device using AES-256-GCM before they are uploaded. We never have access to the content of your vaults or jots; only you and your designated beneficiaries can decrypt them.

1. Who we are

Jottam ("we", "us", or "our") is a secure digital vault and digital legacy management service. This Privacy Policy explains what information we collect, how we use it, and the rights you have over your data.

2. What data we collect

Account information

When you sign in via Google or Facebook we receive your name, email address, and provider identifier from that OAuth provider. We store your name and email to identify your account.

Encrypted vault content

Files, notes, and document metadata you upload are stored exclusively in their encrypted form. The encryption keys are derived from your master password, which we never store or transmit in plaintext. We cannot read your vault content.

Beneficiary information

If you add beneficiaries, we store the contact details you provide (name, email, phone) so we can notify them at the time you configure. This information is also stored in encrypted form where applicable.

Usage activity

We record the timestamp of your most recent authenticated action. This is used solely to evaluate inactivity-based vault triggers you configure yourself.

3. How we use your data

  • To authenticate you and maintain your session.
  • To store and serve your encrypted files and vault configuration.
  • To evaluate trigger conditions you have set and notify beneficiaries accordingly.
  • To send transactional emails (welcome, access notifications) that you have implicitly requested.
  • To maintain the security and integrity of the service.

We do not use your data for advertising, profiling, or any purpose beyond operating the service. We do not sell or share your personal data with third parties for their own purposes.

4. Data retention

Your data is retained for as long as your account exists. When you delete your account, all associated records are permanently removed from our systems, including encrypted files, vault metadata, beneficiary records, and vault keys. This deletion is immediate and cannot be reversed.

5. Your rights

  • Access – You can view all account and vault data through the Jottam application at any time.
  • Correction – You can update your profile details via the account details page.
  • Deletion – You can delete your account and all data permanently from Profile → Delete account. This removes every piece of data we hold about you.
  • Portability – Your files can be downloaded and decrypted at any time using your master password and Emergency Kit.

6. Cookies and session data

We use strictly necessary HTTP-only cookies to maintain your authenticated session and store your encrypted master key material for the duration of your session. These cookies are not used for tracking or analytics. They are cleared when you log out or delete your account.

7. Third-party services

We rely on the following third-party infrastructure providers:

  • Convex – Backend database and application metadata.
  • MinIO – Encrypted file blob storage.
  • Netlify – Hosting and edge functions.
  • Google / Facebook – OAuth sign-in (your login provider).

Each provider has their own privacy policy. We do not share your unencrypted vault content with any of them.

8. Security

Jottam is built with security as its primary design constraint. Files are encrypted client-side with AES-256-GCM before transmission. Keys are derived using Argon2 and never leave your device in plaintext. All data is served over HTTPS. Despite these measures, no system can guarantee absolute security and you should protect your master password and Emergency Kit carefully.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of Jottam after changes take effect constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or requests, please reach out to us at [email protected].