Legal · Privacy

Privacy Policy.

Last updated: 2026-04-25 · counsel-review draft

This summary is in plain language. The full policy as required by law follows. Where they conflict, the architectural commitments in our Trust Center govern.

What we collect

For the platform to function, GuardKin collects: account information (name, email, phone), financial information you provide (account types, institutions, balances), legal documents you upload, your designations of executors and beneficiaries, and your usage of the product (page views, feature interactions). Sensitive content (passwords, document text, specific beneficiary instructions, medical directive content) is encrypted client-side with keys we cannot access — see Architecture.

Why we collect it

To provide the service. To maintain security and prevent fraud. To comply with legal obligations. To improve the product through aggregated, de-identified analysis. To communicate with you about your account.

What we do not do

  • We do not sell your data, in any form, to anyone.
  • We do not use your data to train AI models without explicit consent.
  • We do not share your data with advertisers.
  • We do not maintain analytics that profile individual users.
  • We do not run third-party tracking pixels on this marketing site.

Who we share with

Subprocessors listed at /security/subprocessors. Legal authorities only when compelled by valid legal process, after counsel review, with notice to you unless legally prohibited. Business transfer (acquisition / merger) — your data rights transfer with the data; you will be notified.

Your rights

  • Access: see what we hold. Request via your in-product Privacy settings or email privacy@guardkin.com.
  • Delete: request deletion. Honored within 30 days. Cryptographic erasure preferred where possible.
  • Correct: update field-level information.
  • Port: export in standard formats (JSON, PDF, encrypted archive). Free, regardless of subscription status.
  • Opt out: sale / share / targeted advertising opt-out via Settings or Global Privacy Control header (we honor it automatically).
  • Appeal: if we deny a rights request, you can appeal — counsel reviews.

How long we keep it

Active account data: life of account + 7 years (financial-records retention). Estate documents: life + 10 years OR successor-triggered disposal. Audit logs: 7 years (1 year hot, 6 years cold). Application logs: 90 days. Backups: 35-day rolling + monthly archives for 1 year.

Children

We do not knowingly collect data from anyone under 13 (COPPA). Accounts require 18+. Beneficiary-side access for minors uses parent/guardian consent flow.

International transfers

EU/UK data: Standard Contractual Clauses with subprocessors. Data localization by firm contract: US-only by default; EU/UK residency available at Stage 3+.

Breach notification

If a breach affects your information, we will notify you per applicable law (GDPR within 72 hours; CCPA without unreasonable delay; FTC GLBA within 30 days for ≥500 affected). Notifications come from privacy@guardkin.com — verify the domain.

Contact

Privacy questions: privacy@guardkin.com. For how we use cookies on this site, see our Cookie Policy.

Privacy Policy · GuardKin