Privacy Policy

1. Introduction

Perennitas Digital ("we," "our," or "us"), a service of Quills Consultancy LTD (UK Company Registration: 16468230), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital legacy preservation service at www.perennitas.digital.

We operate on a zero-knowledge principle, meaning we cannot access the contents of your encrypted capsules. Your privacy and the security of your digital legacy are our top priorities.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

• First and last name
• Email address
• Phone number (with country code)
• Password (stored securely using AWS Cognito)

2.2 Capsule Information

When you create digital capsules, we store:

• Capsule name and description
• Creation and unlock dates
• File metadata (name, size, upload date) - but NOT file contents
• Encrypted file keys (we cannot decrypt these)
• Heir keys for capsule access
• Capsule status (sealed/unsealed)

2.3 Payment Information

We use Stripe for payment processing. We store only:

• Stripe payment intent IDs
• Payment status
• Transaction timestamps

We do NOT store credit card numbers, CVV codes, or other sensitive payment details. All payment information is handled directly by Stripe in compliance with PCI DSS standards.

2.4 Technical Information

We automatically collect:

• Authentication tokens (JWT) stored in secure httpOnly cookies
• CSRF tokens for security
• Basic analytics via Vercel Analytics (page views, performance metrics)

3. How We Use Your Information

We use your information to:

• Create and manage your account
• Provide our digital legacy preservation service
• Process payments for capsule sealing
• Send service-related emails (account verification, payment confirmations)
• Enforce time-lock features and access controls
• Provide customer support
• Improve our service through analytics

4. Zero-Knowledge Architecture

Perennitas Digital operates on a zero-knowledge principle:

• All files are encrypted on your device before upload using AES-256-GCM encryption
• Encryption keys are derived from your master key, which we never store
• We cannot decrypt or access the contents of your capsules
• If you lose your encryption keys, we cannot recover your data
• Heir keys provide limited, time-based access without exposing your master key

5. Data Storage and Security

Your data is stored using industry-leading cloud services:

• User data: AWS Cognito (authentication) and DynamoDB (metadata)
• Encrypted files: AWS S3 with automatic transition to Glacier Deep Archive
• Location: EU-Central-1 (Frankfurt, Germany) region
• Retention: Designed for 50+ year preservation
• Security: All data encrypted at rest and in transit

6. Data Sharing and Disclosure

We do NOT sell, trade, or rent your personal information. We may share your information only:

• With your explicit consent
• To comply with legal obligations or court orders
• To protect our rights, privacy, safety, or property
• With service providers who assist in operating our service (AWS, Stripe, Vercel)

All third-party service providers are bound by confidentiality agreements and are only authorized to use your information as necessary to provide services to us.

7. Cookies

We use essential cookies to:

• Maintain your authentication session
• Protect against CSRF attacks
• Store temporary session data

We do not use tracking cookies or advertising cookies. All our cookies are strictly necessary for the operation of the service.

8. Your Rights

You have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct your personal information
• Deletion: Delete your account and associated metadata
• Portability: Export your capsule metadata
• Crypto-shredding: Permanently destroy capsules by deleting encryption keys

Note: Due to our zero-knowledge architecture, we cannot recover deleted encryption keys or decrypt capsule contents.

9. Children's Privacy

Our service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice via email.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at: