Privacy Policy

AEDRIN is a place for some of the most personal material a person can record — memories, values, grief, and messages meant for the people they love. We treat privacy, consent, and dignity as engineering requirements, not afterthoughts. This policy explains what we collect, why, who processes it, and the control you have.

We collect only what's necessary to provide the Service:

• Account information — your email, legal name, optional display name, optional date of birth, and optional profile photo.
• Your Content — the memories, reflections, life events, values, letters, and other material you write or record.
• Voice recordings — when you use voice capture, audio is sent for transcription and the resulting text becomes Your Content. Voice data is biometric in nature and is treated as sensitive (see §5).
• Heir & executor details — names, relationships, and email addresses you provide so we can configure and, when verified, grant legacy access.
• Verification documents — documentation submitted during the death-verification process, stored in a restricted location accessible only to operators and your executor.
• Limited technical data — basic logs needed for security, abuse prevention, and reliability.

• To operate core features: capture, journaling, life map, values, memoir, and legacy access.
• To generate AI prompts, summaries, insights, and the grounded legacy representation you configure.
• To send the notifications and reminders you have enabled.
• To secure the Service, prevent abuse, and meet legal obligations.

We do not sell your personal information, and we do not use Your Content to train third-party foundation models.

We rely on a small set of trusted providers, each acting on our instructions:

• Supabase — database, authentication, and file storage.
• OpenAI — AI generation and voice transcription. Content sent for processing is not used by OpenAI to train its models under its API data policy.
• Vercel — application hosting and delivery.
• Resend — transactional and reminder email delivery.

Some of what you record — religious or philosophical beliefs, health-related reflections, and voice recordings — may be considered sensitive. We process this data only to provide the Service to you and the people you have authorized.

The legacy representation is retrieval-grounded: it answers only from material the relevant person actually recorded and was shared with the specific heir. It never fabricates opinions, never claims to be a conscious being or the deceased, and never issues instructions about money, legal, medical, or estate matters.

• Row-level security in the database so you can access only your own data.
• Heirs can read only shareable material they have been explicitly permitted to access — never private entries.
• Verification documents are stored in a restricted location with limited access.
• Encryption in transit, signed time-limited URLs for media, and a Content Security Policy to harden the app.

No system is perfectly secure, so we encourage you to keep your own exported copies of material that matters most to you.

You are always in control of your data:

• Access & export — download a complete copy of your data (text and media) at any time.
• Correction — edit or delete individual entries whenever you like.
• Deletion — permanently delete your account and all associated content and files. This is irreversible.
• Sharing control — change or revoke heir permissions at any time while your account is active.

Depending on where you live, you may have additional rights under the GDPR, UK GDPR, or CCPA/CPRA, including the right to access, port, correct, or erase your data and to object to certain processing. To exercise any right, email privacy@aedrin.com.

We keep Your Content for as long as your account is active or as needed to provide the Service. When you delete your account, we remove your content and stored files. Some limited records may be retained where required by law or for legitimate security purposes.

AEDRIN is intended for adults (18+). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

Our providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards for international transfers.

If we make material changes, we will update the date above and, where appropriate, notify you. Continued use after changes take effect means you accept the updated policy.

Questions or requests? Email privacy@aedrin.com.