Privacy Policy

Last updated: May 4, 2026

At My Lasts, we take your privacy seriously. This Privacy Policy explains how LEGACYVAULT TECHNOLOGIES LLC ("Company", "we", "us", or "our") collects, uses, discloses, and safeguards your information when you use the My Lasts platform, including the website at mylasts.com, the application at mylasts.com, and all related services (collectively, the "Service").

By using My Lasts, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the platform.

1. Information We Collect

1.1 Information You Provide

We collect information that you provide directly to us when you create an account, use the Service, or communicate with us:

Account information: Your name, email address, and authentication credentials.
Phone number: Provided during registration to enable the heartbeat verification SMS feature.
Profile information: Preferences, settings, and configurations you establish.
Legacy Content: Files, letters, videos, audio recordings, and messages you upload or create for your digital legacy.
Grantee information: Names, email addresses, and other details about people you designate as recipients of your Legacy Content.
Payment information: Billing details processed through our third-party payment providers. We do not store full credit card numbers on our servers.

1.2 Information Collected Automatically

When you use the Service, we may automatically collect:

Usage data: How you interact with the platform, features you use, and actions you take.
Device information: Browser type, operating system, device identifiers, and IP address.
Log data: Access times, pages viewed, and referring URLs.
Marketing site analytics and session replay: On our public marketing pages (mylasts.com and its public sections such as pricing, why, and legal), we use Microsoft Clarity to record session interactions (mouse movements, scrolls, clicks) and generate heatmaps. Clarity does not run inside the authenticated application where your Legacy Content and personal data reside. Sensitive content on the marketing site is masked by default through Clarity's strict masking configuration. See Section 8 for details on cookies and third-party analytics providers.

1.3 Information from Third Parties

We may receive information from third-party authentication providers (such as Google or Apple) if you choose to sign in using those services. We only receive the information you authorize those providers to share.

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve the Service:

Service delivery: Operating the digital legacy platform, storing your Legacy Content, and delivering it to your Grantees when activation conditions are met.
Heartbeat verification: Sending SMS and/or email notifications to verify your active status, processing your verification responses, and managing the heartbeat lifecycle.
Account management: Creating and managing your account, processing transactions, and authenticating your identity.
Communications: Sending you technical notices, security alerts, and support messages.
Improvement: Analyzing usage patterns to improve the Service, fix issues, and develop new features.
Legal compliance: Complying with applicable laws, regulations, and legal processes.

3. Phone Number and SMS Data

3.1 Collection

We collect your phone number during account registration. Providing your phone number and consenting to SMS messages is required to use the heartbeat verification feature.

3.2 Use

Your phone number is used exclusively for the following purposes:

Sending transactional SMS messages for heartbeat verification requests.
Confirming successful heartbeat verifications.
Alerting you when a verification is pending, has expired, or requires your attention.

We do not use your phone number for marketing, promotional, or advertising purposes. We do not send unsolicited messages.

3.3 SMS Data Sharing

We do not sell, rent, or share your phone number with third parties for their marketing use. Your phone number is shared only with our SMS delivery service provider, which processes it solely for the purpose of delivering messages on our behalf. Our SMS service provider is bound by data processing agreements that prohibit them from using your phone number for any purpose other than message delivery.

3.4 SMS Data Security

Your phone number is transmitted securely using encryption in transit (TLS) and stored in encrypted form at rest. Access to phone number data is restricted to authorized personnel and systems required to operate the SMS functionality.

3.5 SMS Data Retention

We retain your phone number for as long as your account is active. If you opt out of SMS by replying STOP, we retain a record of your opt-out preference to ensure we do not send you further messages. Upon account deletion, your phone number is permanently removed from our systems.

3.6 Opt-Out

You can opt out of SMS messages at any time by replying STOP to any message. You may also update or remove your phone number through your account settings. Removing your phone number will disable the SMS-based heartbeat verification feature.

4. Data Security

We implement appropriate technical and organizational security measures designed to protect the security of your personal information:

All Legacy Content and personal data are encrypted both in transit (TLS 1.2+) and at rest (AES-256).
Access to personal data is restricted on a need-to-know basis.
We conduct regular security reviews and monitoring.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

With your designated Grantees: When your digital legacy is activated according to the conditions you configured, your Legacy Content is delivered to your Grantees.
With service providers: Third-party vendors who assist us in operating the platform (hosting, SMS delivery, email, payment processing). These providers are contractually bound to use your data only for the services they provide to us.
Legal obligations: To comply with applicable laws, regulations, court orders, or lawful government requests.
Protection of rights: To protect our rights, privacy, safety, or property, and that of our users and the public.
Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete personal data.
Deletion: Request deletion of your personal data and account.
Restriction: Request that we restrict the processing of your personal data.
Portability: Request a portable copy of your data in a structured, commonly used format.
Opt-out of SMS: Reply STOP to any SMS message or update your preferences in account settings.

To exercise any of these rights, contact us at info@mylasts.com or through the settings in your account. We will respond to your request within 30 days.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

Account data: Retained while your account is active. Deleted upon account deletion request.
Legacy Content: Retained according to your settings and delivered to your Grantees upon legacy activation. After delivery, content is retained for a limited period to allow Grantees to access it, then permanently deleted.
SMS opt-out records: Retained indefinitely to honor your opt-out preference.
Usage logs: Retained for up to 12 months for analytics and security purposes.

We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

8. Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze usage of the Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Disabling cookies may affect the functionality of the Service.

8.1 Third-party analytics on the marketing site

On our public marketing pages only (mylasts.com and its public sections), we use the following third-party tools to understand how visitors discover and interact with the site:

Google Analytics 4 (Google LLC): Aggregated traffic and event analytics.
Meta Pixel (Meta Platforms, Inc.): Conversion measurement for advertising campaigns.
Microsoft Clarity (Microsoft Corporation): Session recordings and heatmaps to improve the public site's usability. Clarity records pointer movements, scrolls, and clicks on public pages. Text input fields and content marked as sensitive are masked by default through Clarity's strict masking configuration, so the recordings do not capture form field values. You can read Microsoft's privacy practices at privacy.microsoft.com/privacystatement.

These tools are not active inside the authenticated application where your Legacy Content, Grantee information, heartbeat data, and other personal data are stored and processed.

8.2 No cross-site advertising tracking

We do not use cookies for cross-site advertising or sell data collected through these tools to third parties for advertising purposes.

9. Children's Privacy

My Lasts is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us at info@mylasts.com, and we will take steps to delete such information.

10. International Data Transfers

If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and notify you through the Service or via email for material changes. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Privacy and legal inquiries: info@mylasts.com
General support: support@mylasts.com
Website: mylasts.com

By using My Lasts, you acknowledge that you have read and understood this Privacy Policy.