Last Updated: December 8, 2024
Next of Kin Plan LLC ("we," "us," "our," "NOKP") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Next of Kin Plan platform ("Service," "Platform").
KEY PRINCIPLE: Your vault contents are yours. We never access, view, sell, or use your personal information for marketing purposes. We exist solely to help you organize and secure your family's critical information.
1. Information We Collect
A. Account Information
When you create an account, we collect:
• Full name
• Email address
• Phone number (optional)
• Billing address
• Payment information (processed securely through our payment processor)
• Password (encrypted and never stored in plain text)
B. Vault Content
You choose what to store in your eight vault areas:
• Financial Vault: Bank accounts, investment accounts, credit cards, debts
• Medical Vault: Healthcare providers, medications, insurance information
• Insurance Vault: Policy details, beneficiaries, agent contacts
• Property Vault: Real estate, vehicles, valuable possessions
• Household Bills Vault: Utilities, subscriptions, recurring payments
• Funeral Planning Vault: Wishes, arrangements, contacts
• Personal Messages Vault: Letters and messages to loved ones
• Legal Documents Vault: Wills, trusts, powers of attorney, uploaded documents
We never access your vault contents for any reason except:
• Technical support at your explicit request
• Legal compliance (court order or subpoena)
• Security investigations if we detect suspicious activity
C. Emergency Access Contacts
You designate family members or trusted individuals who may access your vaults in emergencies:
• Names
• Email addresses
• Phone numbers
• Relationship to you
• Access permissions you grant
D. Uploaded Documents
• PDF files, images, and documents you choose to upload (10MB maximum per file)
• Document metadata (file name, upload date, file size)
E. Technical Information
We automatically collect:
• IP address
• Browser type and version
• Device type (mobile, tablet, desktop)
• Operating system
• Pages visited within the Platform
• Time and date of access
• Referring website
• Session duration
F. Usage Analytics
We use analytics to improve the Platform:
• Which vault areas are most used
• Feature utilization
• Navigation patterns
• Error reports and technical issues
We use Google Analytics and similar tools. These services have their own privacy policies.
2. How We Use Your Information
A. Core Service Delivery
• Create and maintain your account
• Store and organize your vault information
• Enable emergency access for designated contacts
• Process payments and manage subscriptions
• Send transactional emails (receipts, password resets, account notifications)
B. Communication
• Respond to your support requests
• Send important service updates
• Notify you of changes to Terms or Privacy Policy
• Send educational content about estate readiness (you can opt out)
C. Platform Improvement
• Analyze usage patterns to improve features
• Fix bugs and technical issues
• Develop new vault areas or functionality
• Enhance security measures
D. Legal Compliance
• Comply with legal obligations
• Respond to law enforcement requests
• Protect against fraud or security threats
• Enforce our Terms of Service
What We DON'T Do:
• Sell your personal information to anyone
• Share your vault contents with third parties
• Use your information for advertising
• Access your vault contents without permission
• Contact your emergency contacts without your authorization
• Share data with professional partners (attorneys, advisors) unless you explicitly grant access
3. How We Store and Protect Your Information
A. Storage Infrastructure
We use industry-leading secure storage:
• Supabase PostgreSQL Database: All account data, vault information, and emergency contacts stored with encryption and Row Level Security (RLS)
• AWS S3 Secure Storage: All uploaded documents stored in encrypted buckets with access controls
• SSL/TLS Encryption: All data transmission encrypted in transit
• At-Rest Encryption: All stored data encrypted at rest
B. Security Measures
• Password encryption using bcrypt or similar algorithms
• Multi-layer authentication systems
• Regular security audits and penetration testing
• Automated backup systems
• Monitoring for suspicious activity
• Firewall protection and intrusion detection
C. Data Segregation
• Your vault contents are isolated from other users
• Emergency contacts can only access what you explicitly authorize
• Professional partners have zero access unless you grant it
• Staff cannot view your vault contents without your explicit permission for support
D. File Size and Type Restrictions
• Maximum file size: 10MB per file
• Accepted formats: PDF, JPG, PNG, DOCX, and other common document types
• Virus scanning on all uploads
• Automatic rejection of suspicious files
4. Emergency Access and Family Sharing
How It Works
You control who can access your vaults and what they can see:
• You designate emergency contacts
• You specify which vaults each contact can access
• You can modify or revoke access at any time
• Contacts receive access credentials you create
What Emergency Contacts Can See
• Only the vaults and information you explicitly grant them access to
• They cannot modify your vault contents (read-only access)
• They cannot see other areas you haven't shared with them
What We Do
• Provide the technical infrastructure for secure sharing
• Maintain audit logs of access (who viewed what and when)
• Send notifications when emergency access is used (if you enable this)
What We Don't Do
• Decide who should have access (you control this completely)
• Automatically grant access to anyone
• Notify emergency contacts without your authorization
• Mediate family disputes about access
5. Professional Partnerships (B2B Program)
How It Works
Estate attorneys, financial advisors, and other professionals may:
• Refer their clients to Next of Kin Plan
• Offer free 30-day pilot programs
• Provide Next of Kin Plan as a client benefit
• White-label the service under certain arrangements
What Professionals Can See
Nothing. Zero. Unless you explicitly grant access.
• Professionals cannot see your vault contents
• Professionals cannot see who signed up through their referral
• We do not share your usage data with professionals
• Your relationship with us is completely separate from your relationship with your attorney/advisor
Data We May Share with Professional Partners
The only information we may share (with your consent):
• That you signed up through their referral (for commission purposes)
• Aggregated, anonymized usage statistics
• Number of their clients using the service (no names or identifying information)
6. Information Sharing and Disclosure
We do NOT sell, rent, or trade your personal information. We only share information in these specific situations:
A. Service Providers
We work with third-party companies to operate the Platform:
• Payment processors (Stripe, PayPal) - to process payments
• Cloud infrastructure (AWS, Supabase) - to host and store data
• Email service providers (AWS SES, MailerLite) - to send transactional and marketing emails
• Analytics providers (Google Analytics) - to understand usage patterns
These providers:
• Are contractually obligated to protect your data
• Can only use your information to provide their specific service
• Cannot use your data for their own purposes
• Must comply with data protection regulations
B. Legal Requirements
We may disclose information when required by law:
• Valid court orders or subpoenas
• Law enforcement requests with proper legal authority
• Protection of our legal rights
• Prevention of fraud or security threats
• Protection of user safety
We will notify you of legal requests unless prohibited by law.
C. Business Transfers
If Next of Kin Plan is acquired, merged, or sold:
• Your information may be transferred to the new entity
• We will notify you before this happens
• You will be informed of any new privacy practices
• You can choose to delete your account before the transfer
D. With Your Consent
We may share information in other circumstances with your explicit permission.
7. Your Rights and Choices
A. Access Your Information
You can:
• View all your vault contents at any time
• Download your information
• Export your data in common formats
• Request a copy of all data we hold about you
B. Modify Your Information
You can:
• Update your account information
• Edit vault contents
• Add or remove emergency contacts
• Change access permissions
C. Delete Your Information
You can:
• Delete specific vault items
• Remove uploaded documents
• Close your account entirely
• Request complete data deletion
Upon account closure:
• You have 90 days to download your data
• After 90 days, all data is permanently deleted
• This cannot be undone
• Backup copies are deleted within 30 days after that
D. Marketing Communications
You can:
• Opt out of marketing emails (unsubscribe link in every email)
• Continue receiving critical transactional emails (receipts, password resets)
• Choose which types of educational content you receive
E. Cookie Preferences
You can:
• Disable cookies in your browser settings
• Clear existing cookies
• Use Do Not Track browser settings
Note: Disabling cookies may limit Platform functionality.
8. Cookies and Tracking Technologies
What We Use
• Essential Cookies: Required for the Platform to function (login, session management)
• Analytics Cookies: Help us understand how users interact with the Platform
• Preference Cookies: Remember your settings and choices
Third-Party Cookies
• Google Analytics tracks usage patterns
• Payment processors may use cookies during checkout
Your Control
• Most browsers allow you to refuse cookies
• You can delete cookies at any time
• Browser "Help" sections explain how to manage cookies
9. Data Retention
How Long We Keep Your Data
Active Accounts:
• Account information: As long as your account is active
• Vault contents: As long as your account is active
• Uploaded documents: As long as your account is active
• Transaction records: 7 years (legal requirement)
Closed Accounts:
• 90-day grace period to download data
• Complete deletion after 90 days
• Backup copies deleted within 30 days after that
• Transaction records retained for legal compliance (7 years)
Legal Holds: If we receive a legal request or have ongoing legal obligations, we may retain data longer as required.
10. Children's Privacy
Next of Kin Plan is not intended for children under 18.
• We do not knowingly collect information from children under 13
• Our Service requires users to be 18 or older
• If we learn we've collected information from a child under 13, we'll delete it immediately
• Parents who discover their child has provided information should contact us
11. International Data Transfers
Data Storage Location
Your information is stored in the United States on servers operated by:
• AWS (Amazon Web Services)
• Supabase (US-based infrastructure)
If You're Outside the US
By using Next of Kin Plan, you agree to the transfer and storage of your information in the United States. US data protection laws may differ from your country's laws.
12. California Privacy Rights (CCPA)
If you're a California resident, you have additional rights:
Right to Know
• What personal information we collect
• How we use your information
• Who we share information with
• Request a copy of your information
Right to Delete
• Request deletion of your personal information
• Subject to certain exceptions (legal obligations)
Right to Opt Out
• We don't sell personal information, so no opt-out needed
Right to Non-Discrimination
• We won't discriminate against you for exercising your rights
To exercise these rights, contact us at privacy@nextofkinplan.com
13. European Privacy Rights (GDPR)
If you're in the European Economic Area, you have rights under GDPR:
Legal Basis for Processing
We process your data based on:
• Contract: To provide the Service you've subscribed to
• Legitimate Interest: To improve the Platform and prevent fraud
• Consent: For marketing communications (you can withdraw anytime)
Your Rights
• Access: Get a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Request deletion ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Transfer your data to another service
• Object: Object to processing based on legitimate interest
• Withdraw Consent: For consent-based processing
Data Protection Officer
Contact our DPO at: support@nextofkinplan.com
Supervisory Authority
You have the right to complain to your local data protection authority.
14. Security Breach Notification
In the event of a data breach that affects your personal information:
• We'll notify you within 72 hours
• Notification will include what happened, what data was affected, and what we're doing
• We'll provide guidance on protecting yourself
• We'll report to relevant authorities as required by law
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
We'll notify you of changes by:
• Email to your registered address
• Prominent notice on the Platform
• At least 30 days before changes take effect
Material changes will require your consent:
• Continued use of the Service constitutes acceptance
• If you don't agree, close your account before changes take effect
Version History:
• Current Version: December 8, 2024
16. Do Not Track
We support Do Not Track (DNT) browser settings:
• Enable DNT in your browser preferences
• We'll honor your DNT signal
• Note: Some features may not work with DNT enabled
17. Third-Party Links
The Platform may contain links to:
• Legal document providers (e.g., eforms.com)
• Financial institutions
• Insurance companies
• Other relevant services
We are not responsible for:
• Their privacy practices
• Their content or services
• Data they collect from you
Always review third-party privacy policies before providing information.
18. Contact Us
For Privacy Questions or Concerns:
Email: support @nextofkinplan.com
Support: support@nextofkinplan.com
Website: www.nextofkinplan.com
To Exercise Your Privacy Rights:
Email: support@nextofkinplan.com
Subject Line: "Privacy Rights Request"
We'll respond within 30 days (45 days for complex requests).
By using Next of Kin Plan, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.